Skip to end of metadata
Go to start of metadata

Symptom:

Below is a template configuration file (named.conf) for a DNSSEC validating, caching only DNS Server. Please adjust the IP Addresses used in the ACL to match your client networks and your administrative machines.

Solution

acl mynetworks { 192.0.2.0/24; localhost; };

logging {
    channel syslog { syslog daemon; severity info; };
    channel security { file "security.log" versions 10 size 50M; print-time yes; };
    channel query_log {
      file "query.log" versions 10 size 50M; severity debug; print-time yes;
    };
    category general       { syslog; };
    category security      { security; };
    category queries       { query_log; };
    category dnssec        { security; };
    category default       { syslog; };
    category resolver      { syslog; };
    category client        { syslog; };
    category query-errors  { query_log; };
    category edns-disabled { syslog; };
};

acl myadmins { 192.0.2.100; 192.0.2.101; };

statistics-channels {
    inet * port 8053 allow { myadmins; };
};

managed-keys {
    "." initial-key 257 3 8
    "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
     FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
     bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
     X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
     W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
     Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
     QxA+Uk1ihz0=";
};

options {
    directory "/var/named";
    recursion yes;
    allow-recursion { mynetworks; };
    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;
    querylog no;
    recursive-clients 2000;
    tcp-clients 200;
#    max-cache-size 2147483648; // 2GB (adjust and un-comment)
};