The default configuration of the /etc/named.conf file provides a caching-only nameserver. The file has four main sections described as follows.
1. options
– Defines global server configuration options
2. logging
– Enables logging
– /var/named/data/named.run
3. zone
– Specifies authoritative servers for the root domain
– /var/named/named.ca
4. include
– Specifies files to include
– /etc/named.rfc1912.zones
1. Options
The options statement defines global server configuration options and sets defaults for other statements. The following options are defined in the default /etc/named.conf file:
listen-on: Instructs named to listen on port 53 on the local system for both IPv4 and IPv6 queries
directory: Specifies the default working directory for the named service
dump-file: Specifies the location where BIND dumps the database (cache) in the event of a crash
statistics-file: Specifies the location to which data is written when the command rndc stats is issued
memstatistics-file: Specifies the location to which BIND memory usage statistics are written
allow-query: Specifies which IP addresses (localhost by default) are allowed to query the server
recursion: Instructs the nameserver to perform recursive queries. Recursive queries cause a nameserver to query another nameserver if necessary to respond with an answer.
dnssec-enable: Specifies that a secure DNS service is being used
dnssec-validation: Instructs the nameserver to validate replies from DNSSEC- enabled (signed) zones
dnssec-lookaside: Enables DNSSEC Lookaside Validation (DLV) by using /etc/named.iscdlv.key
2. logging
The logging statement turns on logging and causes messages to be written to the data/named.run file. The severity parameter controls the logging level. A severity value of dynamic means assume the global level defined by either the command-line parameter -d or by running the rndc trace command. The default logging statement follows:
logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
3. zone
The default zone section specifies the initial set of root servers by using a hint zone, whose name is a period (.). This zone specifies that the nameserver must look in /var/named/named.ca for IP addresses of authoritative servers for the root domain when the nameserver starts or does not know which nameserver to query. The default zone section follows:
zone “.” IN {
type hint;
file “named.ca”;
};
Zone options include the following:
1. type: Specifies the zone type, such as master, delegation-only, forward, hint, or slave. Type master designates the nameserver as authoritative for this zone. A zone is set as master if the zone file resides on this system.
2. file: Specifies the name of the zone file, which is stored in the working directory defined by the directory option
3. allow-update: Specifies which hosts are allowed to dynamically update information in their zone
4. include
The include statement allows files to be included. This can be done for readability, ease of maintenance, or so that potentially sensitive data can be placed in a separate file with restricted permissions. This include statement includes the /etc/named.rfc1912.zones file as though it were present in this file.