freeipa/install/share/bind.named.conf.template

options {
	// turns on IPv6 for port 53, IPv4 is on by default for all ifaces
	listen-on-v6 {any;};

	// Put files that named is allowed to write in the data/ directory:
	directory "$NAMED_VAR_DIR"; // the default
	dump-file		"data/cache_dump.db";
	statistics-file		"data/named_stats.txt";
	memstatistics-file	"data/named_mem_stats.txt";

	// Any host is permitted to issue recursive queries
	allow-recursion { any; };

	tkey-gssapi-keytab "$NAMED_KEYTAB";
	pid-file "$NAMED_PID";

	dnssec-enable yes;
	dnssec-validation yes;

	/* Path to ISC DLV key */
	bindkeys-file "$BINDKEYS_FILE";

	managed-keys-directory "$MANAGED_KEYS_DIR";
};

/* If you want to enable debugging, eg. using the 'rndc trace' command,
 * By default, SELinux policy does not allow named to modify the /var/named directory,
 * so put the default debug log file in data/ :
 */
logging {
	channel default_debug {
		file "data/named.run";
		severity dynamic;
		print-time yes;
	};
};

zone "." IN {
	type hint;
	file "named.ca";
};

include "$RFC1912_ZONES";
include "$ROOT_KEY";

/* WARNING: This part of the config file is IPA-managed.
 * Modifications may break IPA setup or upgrades.
 */
dyndb "ipa" "$BIND_LDAP_SO" {
	uri "ldapi://%2fvar%2frun%2fslapd-$SERVER_ID.socket";
	base "cn=dns, $SUFFIX";
	server_id "$FQDN";
	auth_method "sasl";
	sasl_mech "GSSAPI";
	sasl_user "DNS/$FQDN";
};
/* End of IPA-managed part. */