named.conf

 

include "/etc/acl.conf";

options
{
        // Those options should be used carefully because they disable port
        // randomization
        // query-source    port 53;
        // query-source-v6 port 53;

    listen-on port 53 { IP; };   //监听服务IP,可多个
//    forwarders { IP };
        recursive-clients 16000;    //服务器同时为用户执行的递归查询的最大数量
        version "DNS";
        //blackhole { IP1; IP2; ...;};    //服务器将不会接收来自这个列表的查询请求,或者解析这些地址
//        allow-notify {IP; } ;    //允许更新通知的地址列表,只是接收该列表的更新通知(辅助服务器)
        allow-recursion { IP; };    //设定哪台主机可以进行递归查询。缺省是允许所有主机进行递归查询
        allow-query-cache { IP; };    //允许查询缓存的主机
        // Disable lookups for any cached data and root hints
        allow-transfer { IP; };  //legal slave ip;设定哪台主机允许和本地服务器进行域传输
        notify yes;    //发送notify(通告)信息
    also-notify { IP; };    //同时对该列表中的主机发送notify信息,默认此信息只会发给列在域NS记录上的服务器
        allow-query { any; };       //设定哪个主机可以进行普通的查询,默认的是允许所有主机进行查询。
//        rrset-order { order random; };    //允许对在多记录响应下的记录顺序的设定,bind9不支持,BIND9目前只支持"random-cyclic"排序
        transfers-in 1000;    //可以同时运行的进入的域传输的最大值。默认值为10
//        listen-on-v6 { 2001::/16; };   //to avoid IPv4 ACL failure
       
        // Put files that named is allowed to write in the data/ directory:
        directory "/var/named"; // the default
        dump-file               "data/cache_dump.db";
        statistics-file         "data/named_stats.txt";
        memstatistics-file      "data/named_mem_stats.txt";

};

logging
{
/*      If you want to enable debugging, eg. using the 'rndc trace' command,
 *      named will try to write the 'named.run' file in the $directory (/var/named).
 *      By default, SELinux policy does not allow named to modify the /var/named directory,
 *      so put the default debug log file in data/ :
 */    
        /*channel default_debug {
                file "data/named.run";
                severity dynamic;
        }; */
        category lame-servers { null; };    // don't log these at all
        category resolver { null; };
        category edns-disabled { null; };
        category security { null; };
        category update-security { null; };
        channel "querylog" {  syslog local1; print-time yes; };    //指定了应该向哪里发送日志数据
        category queries { querylog; };        //规定了哪些数据需要记录

};



view "edu"
{
/* This view will contain zones you want to serve only to "internal" clients
   that connect via your directly attached LAN interfaces - "localnets" .
 */
        match-clients           { edu; };
        # all views must contain the root hints zone:
        zone "." IN {
                type hint;
                file "/var/named/named.root";
        };      
        /* these are zones that contain definitions for all the localhost
         * names and addresses, as recommended in RFC1912 - these names should
         * ONLY be served to localhost clients:
         */
        include "/etc/named.rfc1912.zones";

        zone "abc.cn" {
                type master;
                file "[email protected]";
                allow-transfer { IP; };  //legal slave ip
        };   
};

view "cu"
{
/* This view will contain zones you want to serve only to "internal" clients
   that connect via your directly attached LAN interfaces - "localnets" .
 */
        match-clients           { cu; };
        # all views must contain the root hints zone:
        zone "." IN {
                type hint;
                file "/var/named/named.root";
        };
        /* these are zones that contain definitions for all the localhost
         * names and addresses, as recommended in RFC1912 - these names should
         * ONLY be served to localhost clients:
         */
        include "/etc/named.rfc1912.zones";

        zone "abc.cn" {
                type master;
                file "[email protected]";

                allow-transfer { IP; };  //legal slave ip
        };
};

view "other"
{
/* This view will contain zones you want to serve only to "internal" clients
   that connect via your directly attached LAN interfaces - "localnets" .
 */
        match-clients           { any; };
        # all views must contain the root hints zone:
        zone "." IN {
                type hint;
                file "/var/named/named.root";
        };
        /* these are zones that contain definitions for all the localhost
         * names and addresses, as recommended in RFC1912 - these names should
         * ONLY be served to localhost clients:
         */
        include "/etc/named.rfc1912.zones";

        zone "abc.cn" {
                type master;
                file "[email protected]";

                allow-transfer { IP; };  //legal slave ip
        };

};