options {
	// turns on IPv6 for port 53, IPv4 is on by default for all ifaces
	listen-on-v6 {any;};

	// Put files that named is allowed to write in the data/ directory:
	directory "/var/named"; // the default
	dump-file		"data/cache_dump.db";
	statistics-file		"data/named_stats.txt";
	memstatistics-file	"data/named_mem_stats.txt";

	// Any host is permitted to issue recursive queries
	allow-recursion { any; };

	tkey-gssapi-keytab "/etc/named.keytab";
	pid-file "/run/named/named.pid";

	dnssec-enable yes;
	dnssec-validation yes;

	/* Path to ISC DLV key */
	bindkeys-file "/etc/named.iscdlv.key";

	managed-keys-directory "/var/named/dynamic";
};

/* If you want to enable debugging, eg. using the 'rndc trace' command,
 * By default, SELinux policy does not allow named to modify the /var/named directory,
 * so put the default debug log file in data/ :
 */
logging {
	channel default_debug {
		file "data/named.run";
		severity dynamic;
		print-time yes;
	};
};

zone "." IN {
	type hint;
	file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

/* WARNING: This part of the config file is IPA-managed.
 * Modifications may break IPA setup or upgrades.
 */
dyndb "ipa" "/usr/lib64/bind/ldap.so" {
	uri "ldapi://%2fvar%2frun%2fslapd-OOO-TEST.socket";
	base "cn=dns, dc=ooo,dc=test";
	server_id "ipa.ooo.test";
	auth_method "sasl";
	sasl_mech "GSSAPI";
	sasl_user "DNS/ipa.ooo.test";
};
/* End of IPA-managed part. */