Which named configuration

eaperezh

In AAPANEL 6.6.7/8/9 which named.conf is being used?
I see
/usr/sbin/named -u named -c /etc/named.conf -t /var/named/chroot
is running but this default config allows recursion and provides whole DNS responses,
So which named.conf is supposed to be running?
`
[root@ns367197 data]# find / -name named.conf
/etc/named.conf
/var/named/chroot/etc/named.conf
/usr/lib/tmpfiles.d/named.conf
/usr/share/doc/bind-9.11.4/sample/etc/named.conf
[root@ns367197 data]#

Also, Can I suggest this as default for all named.conf if authoritative server?

options {
...
allow-query { any; }; #Or the Specific IP Address that will listen to DNS traffice
allow-transfer { none; };
recursion no; # this will mitigate amplification among saving CPU resources
minimal-responses yes; #this will mitigate DNS exhaustion attacks
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

And, I need some opinions on this, shall an enhancement be done for AAPANEL regarding DNS rate limits? this will be a security enhancement. Example for a 25/sec queries from same host:
rate-limit {
responses-per-second 5;
window 5;
};
If we are running a DNS in a VPS and we are not paying DDOS, this can help mitigate, but not solve, a DNS attack.
plezse comment.

aaPanel_Jose

eaperezh
Your optimization suggestions are very good, we will first record and arrange the time to do the default configuration optimization according to the actual situation, thank you

eaperezh

thanks but the question remains. which named.conf is used and why the others?

aaPanel_Jose

eaperezh
This is the main configuration file of the named server
/var/named/chroot/etc/named.conf

This is caused by the installation of bind-chroot