What You Must Know After Having Read Basics of Linux Domain Name Server Configuration(RHEL 6 Server) the

he configuration file varies in few aspects with version of BIND in use. converting your existing BIND 4.x configuration file to be compliant with BIND 8.x is easy! In the documentation directory provided as part of BIND (for example, ``/usr/doc/bind8.1.2/'' for BIND version 8.1.2), there exists a file called ``named-bootconf.pl'', which is an executable Perl program. Assuming you have Perl installed on your system, you can use this program to convert your configuration file. To do so, type the following commands (as root). The configuration file consists of a collection of statements with nested options surrounded by opening and closing curly brackets (that is, { and }). Note that when editing the file, you have to be careful not to make any syntax error, otherwise the named service will not start. If you have installed the bind-chroot package, the BIND service will run in the /var/named/chroot environment. In that case, the initialization script will mount the above configuration files using the mount --bind command, so that you can manage the configuration outside this environment. One has to define hosts to the nameserver who will then have permission to access it. The following types of statements are commonly used in /etc/named.conf: The acl (Access Control List) statement allows you to define groups of hosts, so that they can be permitted or denied access to the nameserver. It takes the following form:
acl acl-name { match-element; ... };

acl

The acl-name statement name is the name of the access control list, and the matchelement option is usually an individual IP address (such as 10.0.1.1) or a CIDR network notation (for example, 10.0.1.0/24) Predefined ACLs: any Matches every IP address. localhost Matches any IP address that is in use by the local system. localnets Matches any IP address on any network to which the local system is connected. none Does not match any IP address. The include statement allows you to include files in the /etc/named.conf, so that potentially sensitive data can be placed in a separate file with restricted permissions. It takes the following form:
include "file-name"

The file-name statement name is an absolute path to a file. Using ACLs with options: acl black-hats {
10.0.2.0/24; 192.168.0.0/24; 1234:5678::9abc/24; }; acl red-hats { 10.0.1.0/24; }; options { blackhole { black-hats; }; allow-query { red-hats; }; allow-query-cache { red-hats; };

};

Few common options are:

To prevent distributed denial of service (DDoS) attacks, it is recommended that you use the allow-query-cache option to restrict recursive DNS services for a particular subset of clients only.
Look at the loopback mentioned there too: listen-on port }; zone zone-name [zone-class] { option; ... }; 53 { 127.0.0.1;

The zone-name attribute is particularly important, as it is the default value assigned for the $ORIGIN directive used within the corresponding zone file located in the /var/named/ directory. The named daemon appends the name of the zone to any non-fully qualified domain name listed in the zone file. For example, if a zone statement defines the namespace for example.com, use example.com as the zone-name so that it is placed at the end of hostnames within the example.com zone file. Changes made to /etc/named.conf are often these zone changes because these override the global options. The /etc/sysconfig/network file is used to specify information about the desired network configuration.