mirror of
https://git.FreeBSD.org/src.git
synced 2024-12-26 11:47:31 +00:00
37a4b79385
user (for creation of the zone journal file). This is separate from the master/ directory for security. Give an example dynamic zone in the sample named.conf. Approved by: dougb Noticed by: Eivind Olsen <eivind at aminor.no> MFC after: 1 week
128 lines
3.6 KiB
Plaintext
128 lines
3.6 KiB
Plaintext
// $FreeBSD$
|
|
//
|
|
// Refer to the named.conf(5) and named(8) man pages, and the documentation
|
|
// in /usr/share/doc/bind9 for more details.
|
|
//
|
|
// If you are going to set up an authoritative server, make sure you
|
|
// understand the hairy details of how DNS works. Even with
|
|
// simple mistakes, you can break connectivity for affected parties,
|
|
// or cause huge amounts of useless Internet traffic.
|
|
|
|
options {
|
|
directory "/etc/namedb";
|
|
pid-file "/var/run/named/pid";
|
|
dump-file "/var/dump/named_dump.db";
|
|
statistics-file "/var/stats/named.stats";
|
|
|
|
// If named is being used only as a local resolver, this is a safe default.
|
|
// For named to be accessible to the network, comment this option, specify
|
|
// the proper IP address, or delete this option.
|
|
listen-on { 127.0.0.1; };
|
|
|
|
// If you have IPv6 enabled on this system, uncomment this option for
|
|
// use as a local resolver. To give access to the network, specify
|
|
// an IPv6 address, or the keyword "any".
|
|
// listen-on-v6 { ::1; };
|
|
|
|
// In addition to the "forwarders" clause, you can force your name
|
|
// server to never initiate queries of its own, but always ask its
|
|
// forwarders only, by enabling the following line:
|
|
//
|
|
// forward only;
|
|
|
|
// If you've got a DNS server around at your upstream provider, enter
|
|
// its IP address here, and enable the line below. This will make you
|
|
// benefit from its cache, thus reduce overall DNS traffic in the Internet.
|
|
/*
|
|
forwarders {
|
|
127.0.0.1;
|
|
};
|
|
*/
|
|
/*
|
|
* If there is a firewall between you and nameservers you want
|
|
* to talk to, you might need to uncomment the query-source
|
|
* directive below. Previous versions of BIND always asked
|
|
* questions using port 53, but BIND versions 8 and later
|
|
* use a pseudo-random unprivileged UDP port by default.
|
|
*/
|
|
// query-source address * port 53;
|
|
};
|
|
|
|
// If you enable a local name server, don't forget to enter 127.0.0.1
|
|
// first in your /etc/resolv.conf so this server will be queried.
|
|
// Also, make sure to enable it in /etc/rc.conf.
|
|
|
|
zone "." {
|
|
type hint;
|
|
file "named.root";
|
|
};
|
|
|
|
zone "0.0.127.IN-ADDR.ARPA" {
|
|
type master;
|
|
file "master/localhost.rev";
|
|
};
|
|
|
|
// RFC 3152
|
|
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" {
|
|
type master;
|
|
file "master/localhost-v6.rev";
|
|
};
|
|
|
|
// RFC 1886 -- deprecated
|
|
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" {
|
|
type master;
|
|
file "master/localhost-v6.rev";
|
|
};
|
|
|
|
// NB: Do not use the IP addresses below, they are faked, and only
|
|
// serve demonstration/documentation purposes!
|
|
//
|
|
// Example slave zone config entries. It can be convenient to become
|
|
// a slave at least for the zone your own domain is in. Ask
|
|
// your network administrator for the IP address of the responsible
|
|
// primary.
|
|
//
|
|
// Never forget to include the reverse lookup (IN-ADDR.ARPA) zone!
|
|
// (This is named after the first bytes of the IP address, in reverse
|
|
// order, with ".IN-ADDR.ARPA" appended.)
|
|
//
|
|
// Before starting to set up a primary zone, make sure you fully
|
|
// understand how DNS and BIND works. There are sometimes
|
|
// non-obvious pitfalls. Setting up a slave zone is simpler.
|
|
//
|
|
// NB: Don't blindly enable the examples below. :-) Use actual names
|
|
// and addresses instead.
|
|
|
|
/*
|
|
zone "example.com" {
|
|
type slave;
|
|
file "slave/example.com";
|
|
masters {
|
|
192.168.1.1;
|
|
};
|
|
};
|
|
|
|
// An example dynamic zone
|
|
key "exampleorgkey" {
|
|
algorithm hmac-md5;
|
|
secret "sf87HJqjkqh8ac87a02lla==";
|
|
};
|
|
|
|
zone "example.org" {
|
|
type master;
|
|
allow-update {
|
|
key "exampleorgkey";
|
|
};
|
|
file "dynamic/example.org";
|
|
};
|
|
|
|
zone "0.168.192.in-addr.arpa" {
|
|
type slave;
|
|
file "slave/0.168.192.in-addr.arpa";
|
|
masters {
|
|
192.168.1.1;
|
|
};
|
|
};
|
|
*/
|
|
|