


// Base named.conf file
options {
    directory "/var";
    version "not currently available";
};
logging {
    channel example_log {
        file "log/named/example.log" versions 3 size 250k;
        severity info;
    };
    category default { example_log; };
};
$TTL 2d
$ORIGIN example.com.
@ IN SOA ns1.example.com. hostmaster.example.com. (
 2003080800 ; serial
 12h ; refresh
 15m ; retry
 4d ; expiry
 2h ; minimum
 )
 IN NS ns1.example.com.
 IN MX 10 mail.example.com.
ns1 IN A 192.168.254.2
mail IN A 192.168.254.4
www IN A 192.168.254.7
zone "example.com" {
    type primary;
    file "example.com";
    notify yes;
    allow-transfer { 192.168.4.14; 192.168.5.53; };
};
zone "example.com" {
    type secondary;
    file "example.com.saved";
    primaries { 192.168.254.2; };
};
acl corpnets { 192.168.4.0/24; 192.168.7.0/24; };
options {
    recursion yes;
    allow-query { corpnets; };
    empty-zones-enable yes;
};
options {
    forwarders { 192.168.250.3; 192.168.230.27; };
    forward only;
};
example.com.  IN  MX  10  mail.example.com.
example.com.  IN  MX  10  mail2.example.com.
example.com.  IN  MX  20  mail.backup.org.
$ORIGIN 2.1.10.in-addr.arpa
3  IN  PTR  foo.example.com.
$GENERATE 1-127 HOST-$ A 1.2.3.$
$GENERATE 1-127 HOST-$ MX "0 ."
controls {
    inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};
key rndc_key {
    algorithm "hmac-sha256";
    secret "base64-encoded-secret";
};
plugin query "library.so" {
    parameters for plugin initialization;
};
zone "dnssec.example" {
    type primary;
    file "dnssec.example.db";
    dnssec-policy default;
};
dnssec-policy "custom" {
    dnskey-ttl 600;
    keys {
        ksk lifetime P1Y algorithm ecdsap384sha384;
        zsk lifetime 60d algorithm ecdsap384sha384;
    };
    nsec3param iterations 0 optout no salt-length 0;
};
trust-anchors {
    "." initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
                         FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
                         bfDaUeVPiVshTKysbHOUBhHjhOT4bXfFBjVGHpJdK2VVtCl1TnmmAXI/
                         tDg+IpRL";
};
zone "example.com" {
    type primary;
    file "example.com";
    allow-update { key update-key; };
    update-policy {
        grant update-key name *.example.com. A AAAA;
    };
};
// Internal server configuration
acl internals { 172.16.72.0/24; 192.168.1.0/24; };
options {
    forward only;
    forwarders { bastion-ips-here; };
    allow-query { internals; externals; };
    allow-recursion { internals; };
};
host  IN  AAAA  2001:db8::1234
1.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
      IN  PTR   host.example.com.
dlz example {
    database "dlopen driver.so args";
    search yes;
};
catalog-zones {
    zone "catalog.example"
    default-primaries { 10.53.0.1; }
    zone-directory "catzones"
    min-update-interval 10;
};
catalog.example.  IN  SOA  . . 2016022901 900 600 86400 1
catalog.example.  IN  NS   invalid.
version.catalog.example.  IN  TXT  "2"
uniquelabel.zones.catalog.example.  IN  PTR  domain.example.
primaries.ext.uniquelabel.zones.catalog.example.  IN  A  192.0.2.1
acl bogusnets {
    0.0.0.0/8; 192.0.2.0/24; 224.0.0.0/3;
    10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16;
};
acl our-nets { 203.0.113.0/24; 198.51.100.0/24; };
options {
    allow-query { our-nets; };
    allow-recursion { our-nets; };
    blackhole { bogusnets; };
};
key "host1-host2." {
    algorithm hmac-sha256;
    secret "DAopyf1mhCbFVZw7pgmNPBoLUq8wEUT7UuPoLENP2HY=";
};
server 10.1.2.3 {
    keys { host1-host2.; };
};
/usr/local/sbin/named -u 202 -t /var/named
zone "example.com" {
    allow-update { key update-key; };
    update-policy {
        grant update-key subdomain example.com. A AAAA PTR;
        deny update-key name example.com. SOA NS;
    };
};