diff options
author | dougb <dougb@FreeBSD.org> | 2007-08-02 09:18:53 +0000 |
---|---|---|
committer | dougb <dougb@FreeBSD.org> | 2007-08-02 09:18:53 +0000 |
commit | 5c7ee3e6d36d18732966860f6692ed6e94d7a351 (patch) | |
tree | ba00bd3c4c545b63bba5113c47b5c2aa0518d74f /etc/namedb | |
parent | af318198123ef7e5ed5046aa3df1fa157586cab7 (diff) | |
download | FreeBSD-src-5c7ee3e6d36d18732966860f6692ed6e94d7a351.zip FreeBSD-src-5c7ee3e6d36d18732966860f6692ed6e94d7a351.tar.gz |
1. Move the disable-empty-zone stuff down below the first 25 lines so
that the listen-on stuff floats up to the first "page" of text. This
makes it very obvious what's going on so that someone trying to enable
a server for use on a network can easily see how to do that.
2. Change the default behavior back to using a hint zone for the root.
3. Leave the root slave zone config as a commented out example.
4. Remove the B and F root servers from the example at the request of
their operators.
Requested by: he-who-must-not-be-named [1]
Requested by: many [2]
Approved by: re (rwatson)
Diffstat (limited to 'etc/namedb')
-rw-r--r-- | etc/namedb/named.conf | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/etc/namedb/named.conf b/etc/namedb/named.conf index 41a90a8..76ddafc 100644 --- a/etc/namedb/named.conf +++ b/etc/namedb/named.conf @@ -15,10 +15,6 @@ options { dump-file "/var/dump/named_dump.db"; statistics-file "/var/stats/named.stats"; - disable-empty-zone "255.255.255.255.IN-ADDR.ARPA"; - disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; - disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; - // If named is being used only as a local resolver, this is a safe default. // For named to be accessible to the network, comment this option, specify // the proper IP address, or delete this option. @@ -29,6 +25,12 @@ options { // an IPv6 address, or the keyword "any". // listen-on-v6 { ::1; }; +// These zones are already covered by the empty zones listed below. +// If you remove the related empty zones below, comment these lines out. + disable-empty-zone "255.255.255.255.IN-ADDR.ARPA"; + disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; + disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; + // In addition to the "forwarders" clause, you can force your name // server to never initiate queries of its own, but always ask its // forwarders only, by enabling the following line: @@ -57,22 +59,23 @@ options { // first in your /etc/resolv.conf so this server will be queried. // Also, make sure to enable it in /etc/rc.conf. +// The traditional root hints mechanism. Use this, OR the slave zones below. +zone "." { type hint; file "named.root"; }; + /* Slaving the following zones from the root name servers has some significant advantages: 1. Faster local resolution for your users 2. No spurious traffic will be sent from your network to the roots 3. Greater resilience to any potential root server failure/DDoS - If you do not wish to slave these zones from the root servers - use the entry below instead. - zone "." { type hint; file "named.root"; }; + To use this mechanism, uncomment the entries below, and comment + the hint zone above. */ +/* zone "." { type slave; file "slave/root.slave"; masters { - 192.5.5.241; // F.ROOT-SERVERS.NET. - 192.228.79.201; // B.ROOT-SERVERS.NET. 192.33.4.12; // C.ROOT-SERVERS.NET. 192.112.36.4; // G.ROOT-SERVERS.NET. 193.0.14.129; // K.ROOT-SERVERS.NET. @@ -83,8 +86,6 @@ zone "arpa" { type slave; file "slave/arpa.slave"; masters { - 192.5.5.241; // F.ROOT-SERVERS.NET. - 192.228.79.201; // B.ROOT-SERVERS.NET. 192.33.4.12; // C.ROOT-SERVERS.NET. 192.112.36.4; // G.ROOT-SERVERS.NET. 193.0.14.129; // K.ROOT-SERVERS.NET. @@ -95,14 +96,13 @@ zone "in-addr.arpa" { type slave; file "slave/in-addr.arpa.slave"; masters { - 192.5.5.241; // F.ROOT-SERVERS.NET. - 192.228.79.201; // B.ROOT-SERVERS.NET. 192.33.4.12; // C.ROOT-SERVERS.NET. 192.112.36.4; // G.ROOT-SERVERS.NET. 193.0.14.129; // K.ROOT-SERVERS.NET. }; notify no; }; +*/ /* Serving the following zones locally will prevent any queries for these zones leaving your network and going to the root |