3.25 Configuring a Name Server to Listen Only on Certain Network Interfaces

3.25.1 Problem

You want to configure a name server so that it listens only on some of the host's network interfaces.

3.25.2 Solution

Use the listen-on options substatement:

options {
    directory "/var/named";
    listen-on { 192.168.0.1; };
};

The name server will only listen on network interfaces that match the address match list. You can specify several addresses; for example, you probably want the name server to listen on the loopback interface:

options {
    directory "/var/named";
    listen-on { 192.168.0.1; 127.0.0.1; };
};

3.25.3 Discussion

The listen-on substatement can come in handy if you're running a name server on a host with lots of IP address aliases. You probably aren't going to configure resolvers to query all of those addresses, or delegate zones to all of them. Just pick one and tell the name server to listen only on that address.

You can also tell the name server not to listen on a particular interface by using an address match list with a negated element:

options {
    directory "/var/named";
    listen-on { ! 192.168.0.254; };
};

3.25.4 See Also

Section 7.3, to learn how to configure a name server to send queries from a particular IP address, and "Configuring the IPv4 Transport" in Chapter 10 of DNS and BIND.