Red Hat LINUX 7.2 Reference Manual page 227

Section 14.2:BIND Configuration Files
Figure 14–3 Example of acl statements in use
acl black-hats {
10.0.2.0/24;
192.168.0.0/24;
};
acl red-hats {
10.0.1.0/24;
};
options {
blackhole { black-hats; };
allow-query { red-hats; };
allow-recursion { red-hats; };
}
This named.conf contains two access control lists (black-hats and red-hats.
• controls — Configures various security requirements necessary to use the rndc command to
administer the named service.
See /etc/named.conf in Section 14.3.1 to see how the controls statement should look,
including various options that may only be used with it.
• include " <file-name> " — Includes the specified file within the current configuration file,
allowing sensitive configuration data (such as keys) to be placed in a separate file with permis-
sions that prevent non-privileged users from reading it.
• key " <key-name> " — Defines a particular key by name. Keys are used to authenticate vari-
ous actions, such as secure updates or the use of the rndc command. Two options are used with
key:
– algorithm <algorithm-name> — The type of algorithm used, such as dsa or hmac-
md5.
– secret " <key-value> " — The encrypted key.
See Figure 14–22, Sample key statement in /etc/named.conf for an example of a key state-
ment.
• logging — Allows for the use of multiple types of logs, called channels. By using the chan-
nel option within the logging statement, a customized type of log, with its own file name
(file), size limit (size), versioning (version), and level of importance (severity), can
be constructed. Once a customized channel has been defined, a category option is used the
categorize the channel and begin logging when named is restarted.
227