named.conf

The named.conf file is the primary configuration file for BIND (Berkeley Internet Name Domain), the most commonly used DNS server software on the Internet. This file controls the behavior of the named DNS server, specifying the zones it manages, how it should handle queries, and other critical parameters.

Here's a detailed explanation of the named.conf file, including its structure, common options, and examples.

Structure of named.conf

The named.conf file is structured in a hierarchical format, with various blocks and statements that configure the DNS server.

Main Components

1. Options Block

   • Configures global server options.

2. Logging Block

   • Defines logging categories and channels.

3. Zone Definitions

   • Specifies the DNS zones that the server will manage.

4. ACLs (Access Control Lists)

   • Controls access to the server based on IP addresses.

5. Views

   • Allows different configurations for different sets of clients.

Basic Structure

options {
    // Global server options
};

logging {
    // Logging configuration
};

acl "trusted" {
    // List of trusted IP addresses
};

view "internal" {
    // View-specific configuration
};

zone "example.com" {
    type master;
    file "/etc/bind/db.example.com";
};

zone "1.168.192.in-addr.arpa" {
    type master;
    file "/etc/bind/db.192.168.1";
};

Key Sections and Examples

Options Block

The options block defines global server settings.

options {
    directory "/var/cache/bind";     // Directory for zone files
    recursion yes;                   // Enable recursion
    allow-query { trusted; };        // Allow queries from trusted clients
    forwarders { 8.8.8.8; 8.8.4.4; };// Forwarding DNS servers
};

Logging Block

The logging block specifies how and where to log server messages.

logging {
    channel default_debug {
        file "data/named.run";
        severity dynamic;
    };

    category default { default_debug; };
};

Access Control Lists (ACLs)

ACLs define sets of IP addresses that can be referenced elsewhere in the configuration.

acl "trusted" {
    192.168.1.0/24;
    localhost;
    localnets;
};

Zone Definitions

Zones specify the DNS records managed by the server.

zone "example.com" {
    type master;
    file "/etc/bind/db.example.com";
};

zone "1.168.192.in-addr.arpa" {
    type master;
    file "/etc/bind/db.192.168.1";
};

• type: Specifies the type of zone (master, slave, stub, etc.).

• file: Path to the zone file.

Views

Views allow different responses to DNS queries based on the client's IP address.

view "internal" {
    match-clients { trusted; };
    zone "example.com" {
        type master;
        file "/etc/bind/db.example.com.internal";
    };
};

view "external" {
    match-clients { any; };
    zone "example.com" {
        type master;
        file "/etc/bind/db.example.com.external";
    };
};

Example named.conf File

Here is a more complete example of a named.conf file:

acl "trusted" {
    192.168.1.0/24;
    localhost;
    localnets;
};

options {
    directory "/var/cache/bind";
    recursion yes;
    allow-query { trusted; };
    forwarders { 8.8.8.8; 8.8.4.4; };
    dnssec-enable yes;
    dnssec-validation yes;
    auth-nxdomain no;
    listen-on { 192.168.1.1; };
};

logging {
    channel default_log {
        file "/var/log/named/named.log" versions 3 size 5m;
        severity info;
        print-time yes;
    };

    category default { default_log; };
};

zone "." {
    type hint;
    file "/etc/bind/db.root";
};

zone "example.com" {
    type master;
    file "/etc/bind/db.example.com";
    allow-transfer { 192.168.1.2; }; // Allow zone transfers to secondary server
};

zone "1.168.192.in-addr.arpa" {
    type master;
    file "/etc/bind/db.192.168.1";
};

Conclusion

The named.conf file is a powerful and flexible configuration file for the BIND DNS server. It allows administrators to define server behavior, manage DNS zones, set access controls, and configure logging. Understanding its structure and options is crucial for effective DNS server management.