BIND Named

Configuration example

With a forwarded domain, a master, a slave, a reverse.

/etc/named.conf

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
  listen-on-v6 port 53 { ::1; };
  directory       "/var/named";
  dump-file       "/var/named/data/cache_dump.db";
  statistics-file "/var/named/data/named_stats.txt";
  memstatistics-file "/var/named/data/named_mem_stats.txt";
  check-names master ignore;
  allow-query {
    10.123.42.0/24;
    10.123.5.0/23;
    10.123.80.0/22;
    localhost;
  };
  recursion yes;
  dnssec-enable yes;
  dnssec-validation yes;
  dnssec-lookaside auto;
  edns-udp-size 512 ;

  /* Path to ISC DLV key */
  bindkeys-file "/etc/named.iscdlv.key";

  managed-keys-directory "/var/named/dynamic";
  allow-recursion {
    10.123.42.0/24;
    10.123.5.0/23;
    10.123.80.0/22;
    localhost;
  };
};

logging {
  channel default_debug {
    file "/var/log/named/named.log";
    severity dynamic;
  };
};

zone "." IN {
  type hint;
  file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

zone "my.forward.domain.com" {
  type forward;
  forwarders { 10.123.12.123; 10.123.12.321; };
};

zone "my.master.domain.fr" {
  type master;
  file "/var/named/my.other.domain.fr.zone";
  notify yes;
  also-notify {
    10.123.111.222;
  };
};

zone "my.slave.domain.io" {
  type slave;
  file "/var/named/slaves/my.slave.domain.io.zone";
  masters {
    10.123.111.222;
  };
};

zone "321.321.10.in-addr.arpa" IN {
  type master;
  file "/var/named/321.321.10.rev";
  notify yes;
  also-notify {
    10.123.111.222;
  };
};

Updating a zone

On the master server, edit the related domain file /var/named/to.be.edited.com.zone. Add or remove DNS entry. Increment serial.

$ORIGIN .
$TTL 86400      ; 1 day
to.be.edited.com. IN SOA  to.be.edited.com. root.to.be.edited.com. (
126        ; serial
3600       ; refresh (1 hour)
60         ; retry (1 minute)
604800     ; expire (1 week)
86400      ; minimum (1 day)
)
NS      ns1.to.be.edited.com.
NS      ns2.to.be.edited.com.
A       10.123.111.222
$ORIGIN to.be.edited.com.
#kibana                 CNAME   kibana_vip.to.be.edited.com
equador-scan            A       10.123.111.202
A       10.123.111.201
equador1                A       10.123.111.88
...

Use named-checkzone to.be.edited.com /var/named/to.be.edited.com.zone.

Reload service service named reload.