# Use the default loggin but don't log events concerning lame servers.
logging {
category lame-servers {null;};
category cname {null;};
};
options {
directory "/var/named"; # where the zone files reside
pid-file "/var/named/pid-named";
};
# controls allow an administrator to send commands to named
controls {
# inet * port 52 allow {any;}; # a really bad idea
unix "/var/run/rndc" perm 0600 owner 0 group 0; # local root only
};
# ZONES follow
# The local root cache. Any server needs this zone to get started.
zone "." {
type hint;
file "root.cache";
};
# The local reverse lookup. Any 127.0.0 address
zone "0.0.127.in-addr.arpa" {
type master;
file "local-rev.db";
allow-update { none };
};
options {
directory "/var/named";
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};
include "/etc/named/rndc.key";
zone "." {
type hint;
file "root.hints";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "local.rev";
};
The include file /etc/named/rndc.key contains:
key "rndc_key" {
algorithm hmac-md5;
secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
};