The default configuration of the /etc/named.conf file provides a caching-only nameserver. The file has four main sections described as follows.

 

1. options

– Defines global server configuration options

 

2. logging

– Enables logging

– /var/named/data/named.run

 

3. zone

– Specifies authoritative servers for the root domain

– /var/named/named.ca

 

4. include

– Specifies files to include

– /etc/named.rfc1912.zones

 

1. Options

 

The options statement defines global server configuration options and sets defaults for other statements. The following options are defined in the default /etc/named.conf file:

listen-on: Instructs named to listen on port 53 on the local system for both IPv4 and IPv6 queries

directory: Specifies the default working directory for the named service

dump-file: Specifies the location where BIND dumps the database (cache) in the event of a crash

statistics-file: Specifies the location to which data is written when the command rndc stats is issued

memstatistics-file: Specifies the location to which BIND memory usage statistics are written

allow-query: Specifies which IP addresses (localhost by default) are allowed to query the server

recursion: Instructs the nameserver to perform recursive queries. Recursive queries cause a nameserver to query another nameserver if necessary to respond with an answer.

dnssec-enable: Specifies that a secure DNS service is being used

dnssec-validation: Instructs the nameserver to validate replies from DNSSEC- enabled (signed) zones

dnssec-lookaside: Enables DNSSEC Lookaside Validation (DLV) by using /etc/named.iscdlv.key

 

2. logging

 

The logging statement turns on logging and causes messages to be written to the data/named.run file. The severity parameter controls the logging level. A severity value of dynamic means assume the global level defined by either the command-line parameter -d or by running the rndc trace command. The default logging statement follows:

 

3. zone

 

The default zone section specifies the initial set of root servers by using a hint zone, whose name is a period (.). This zone specifies that the nameserver must look in /var/named/named.ca for IP addresses of authoritative servers for the root domain when the nameserver starts or does not know which nameserver to query. The default zone section follows:

 

Zone options include the following:

1. type: Specifies the zone type, such as master, delegation-only, forward, hint, or slave. Type master designates the nameserver as authoritative for this zone. A zone is set as master if the zone file resides on this system.

2. file: Specifies the name of the zone file, which is stored in the working directory defined by the directory option

3. allow-update: Specifies which hosts are allowed to dynamically update information in their zone

 

4. include

 

The include statement allows files to be included. This can be done for readability, ease of maintenance, or so that potentially sensitive data can be placed in a separate file with restricted permissions. This include statement includes the /etc/named.rfc1912.zones file as though it were present in this file.

 

這篇文章有幫助嗎? 0 Users Found This Useful (0 Votes)