summaryrefslogtreecommitdiffstats
path: root/etc/namedb
diff options
context:
space:
mode:
authordougb <dougb@FreeBSD.org>2007-08-02 09:18:53 +0000
committerdougb <dougb@FreeBSD.org>2007-08-02 09:18:53 +0000
commit5c7ee3e6d36d18732966860f6692ed6e94d7a351 (patch)
treeba00bd3c4c545b63bba5113c47b5c2aa0518d74f /etc/namedb
parentaf318198123ef7e5ed5046aa3df1fa157586cab7 (diff)
downloadFreeBSD-src-5c7ee3e6d36d18732966860f6692ed6e94d7a351.zip
FreeBSD-src-5c7ee3e6d36d18732966860f6692ed6e94d7a351.tar.gz
1. Move the disable-empty-zone stuff down below the first 25 lines so
that the listen-on stuff floats up to the first "page" of text. This makes it very obvious what's going on so that someone trying to enable a server for use on a network can easily see how to do that. 2. Change the default behavior back to using a hint zone for the root. 3. Leave the root slave zone config as a commented out example. 4. Remove the B and F root servers from the example at the request of their operators. Requested by: he-who-must-not-be-named [1] Requested by: many [2] Approved by: re (rwatson)
Diffstat (limited to 'etc/namedb')
-rw-r--r--etc/namedb/named.conf26
1 files changed, 13 insertions, 13 deletions
diff --git a/etc/namedb/named.conf b/etc/namedb/named.conf
index 41a90a8..76ddafc 100644
--- a/etc/namedb/named.conf
+++ b/etc/namedb/named.conf
@@ -15,10 +15,6 @@ options {
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
- disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
- disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
- disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
-
// If named is being used only as a local resolver, this is a safe default.
// For named to be accessible to the network, comment this option, specify
// the proper IP address, or delete this option.
@@ -29,6 +25,12 @@ options {
// an IPv6 address, or the keyword "any".
// listen-on-v6 { ::1; };
+// These zones are already covered by the empty zones listed below.
+// If you remove the related empty zones below, comment these lines out.
+ disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
+ disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
+ disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
+
// In addition to the "forwarders" clause, you can force your name
// server to never initiate queries of its own, but always ask its
// forwarders only, by enabling the following line:
@@ -57,22 +59,23 @@ options {
// first in your /etc/resolv.conf so this server will be queried.
// Also, make sure to enable it in /etc/rc.conf.
+// The traditional root hints mechanism. Use this, OR the slave zones below.
+zone "." { type hint; file "named.root"; };
+
/* Slaving the following zones from the root name servers has some
significant advantages:
1. Faster local resolution for your users
2. No spurious traffic will be sent from your network to the roots
3. Greater resilience to any potential root server failure/DDoS
- If you do not wish to slave these zones from the root servers
- use the entry below instead.
- zone "." { type hint; file "named.root"; };
+ To use this mechanism, uncomment the entries below, and comment
+ the hint zone above.
*/
+/*
zone "." {
type slave;
file "slave/root.slave";
masters {
- 192.5.5.241; // F.ROOT-SERVERS.NET.
- 192.228.79.201; // B.ROOT-SERVERS.NET.
192.33.4.12; // C.ROOT-SERVERS.NET.
192.112.36.4; // G.ROOT-SERVERS.NET.
193.0.14.129; // K.ROOT-SERVERS.NET.
@@ -83,8 +86,6 @@ zone "arpa" {
type slave;
file "slave/arpa.slave";
masters {
- 192.5.5.241; // F.ROOT-SERVERS.NET.
- 192.228.79.201; // B.ROOT-SERVERS.NET.
192.33.4.12; // C.ROOT-SERVERS.NET.
192.112.36.4; // G.ROOT-SERVERS.NET.
193.0.14.129; // K.ROOT-SERVERS.NET.
@@ -95,14 +96,13 @@ zone "in-addr.arpa" {
type slave;
file "slave/in-addr.arpa.slave";
masters {
- 192.5.5.241; // F.ROOT-SERVERS.NET.
- 192.228.79.201; // B.ROOT-SERVERS.NET.
192.33.4.12; // C.ROOT-SERVERS.NET.
192.112.36.4; // G.ROOT-SERVERS.NET.
193.0.14.129; // K.ROOT-SERVERS.NET.
};
notify no;
};
+*/
/* Serving the following zones locally will prevent any queries
for these zones leaving your network and going to the root
OpenPOWER on IntegriCloud