options { // turns on IPv6 for port 53, IPv4 is on by default for all ifaces listen-on-v6 {any;}; // Put files that named is allowed to write in the data/ directory: directory "$NAMED_VAR_DIR"; // the default dump-file "${NAMED_DATA_DIR}cache_dump.db"; statistics-file "${NAMED_DATA_DIR}named_stats.txt"; memstatistics-file "${NAMED_DATA_DIR}named_mem_stats.txt"; // Any host is permitted to issue recursive queries allow-recursion { any; }; tkey-gssapi-keytab "$NAMED_KEYTAB"; pid-file "$NAMED_PID"; dnssec-enable yes; dnssec-validation yes; /* Path to ISC DLV key */ bindkeys-file "$BINDKEYS_FILE"; managed-keys-directory "$MANAGED_KEYS_DIR"; /* crypto policy snippet on platforms with system-wide policy. */ $INCLUDE_CRYPTO_POLICY }; /* If you want to enable debugging, eg. using the 'rndc trace' command, * By default, SELinux policy does not allow named to modify the /var/named directory, * so put the default debug log file in data/ : */ logging { channel default_debug { file "${NAMED_DATA_DIR}named.run"; severity dynamic; print-time yes; }; }; ${NAMED_ZONE_COMMENT}zone "." IN { ${NAMED_ZONE_COMMENT} type hint; ${NAMED_ZONE_COMMENT} file "named.ca"; ${NAMED_ZONE_COMMENT}}; include "$RFC1912_ZONES"; include "$ROOT_KEY"; /* WARNING: This part of the config file is IPA-managed. * Modifications may break IPA setup or upgrades. */ dyndb "ipa" "$BIND_LDAP_SO" { uri "ldapi://%2fvar%2frun%2fslapd-$SERVER_ID.socket"; base "cn=dns, $SUFFIX"; server_id "$FQDN"; auth_method "sasl"; sasl_mech "GSSAPI"; sasl_user "DNS/$FQDN"; }; /* End of IPA-managed part. */