Fedora Linux

 dump-file '/var/named/data/cache_dump.db';
 statistics-file '/var/named/data/named_stats.txt';
 /*

 * If there is a firewall between you and nameservers you want to talk to, you might need to uncomment the query-source

 * directive below. Previous versions of BIND always asked questions using port 53, but BIND 8.1 uses an unprivileged port by default.

 */
 // query-source address * port 53;
};
//
// a caching-only nameserver config
//
controls {
 inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone '.' IN {
 type hint;
 file 'named.ca';
};
zone 'localdomain' IN {
 type master;
 file 'localdomain.zone';
 allow-update { none; };
};
zone 'localhost' IN {
 type master;
 file 'localhost.zone';
 allow-update { none; };
};
zone '0.0.127.in-addr.arpa' IN {
 type master;
 file 'named.local';
 allow-update { none; };
};
zone '0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa' IN {
 type master;
 file 'named.ip6.local';
 allow-update { none; };
};
zone '255.in-addr.arpa' IN {
 type master;
 file 'named.broadcast';
 allow-update { none; };
};
zone '0.in-addr.arpa' IN {
 type master;
 file 'named.zero';
 allow-update { none; };
};
include '/etc/rndc.key';

The options section sets up the basic file and directory locations for the server. controls limits which machines can control named (in this case, only programs running on the localhost, and only if they have the correct security key); and the include line at the end accesses that encryption key from another file and causes named to act as though it's included in this file.

The rest of this file consists of zone sections. The first zone section is for the entire Internet and refers to the file /var/named/named.ca , which contains the names and addresses of the master domain name servers, called the root servers . The extension .ca stands for cache. 

If you have the package bind-chroot installed, then prepend the directory /var/named/chroot/ to pathnames throughout this chapter. For example, /var/named would become /var/named/chroot/var/named, and /etc/named.conf would become /var/named/chroot/etc/named.conf.

bind-chroot is a package intended to increase the security of the nameserver. It is considered obsolete, since SELinux now provides similar protection.

The remaining zone sections are used to resolve standard requests, such as the address of localhost and localhost.localdomain (always 127.0.0.1), and the reverse of those requests.

To create a new zone, add it to the end of this file (you can copy an existing zone entry and then modify it):

zone ' fedorabook.com ' IN {
 type master;
 file ' fedorabook.com.db ';
 allow-update { none; };
};

This specifies the name of the zone (exactly the same as the name of the domain) and the file in which this zone's information can be found. You can enter any filename you want, but names based on the domain and ending with .db or hosts such as fedorabook.com.db or fedorabookhosts are traditional.

Next, create the file for the zone. This is a standard text file with a very exact syntax.

The file starts with the default TTL for the zone:

$TTL 3D

The value here represents three days. You can use any combination of numbers suffixed with W , D , H , M , or S (representing units of weeks, days, hours, minutes, and seconds) concatenated together, or you can specify