diff options
author | dougb <dougb@FreeBSD.org> | 2004-09-28 21:22:09 +0000 |
---|---|---|
committer | dougb <dougb@FreeBSD.org> | 2004-09-28 21:22:09 +0000 |
commit | 2f4ac8072dca78fa4dc46fc5409b77a5b6d77de1 (patch) | |
tree | eac694c0e3d392c054be0fdedec57300c30c337c /etc/namedb | |
parent | 8f51a71fe21c4111e706390bfacb765871db3814 (diff) | |
download | FreeBSD-src-2f4ac8072dca78fa4dc46fc5409b77a5b6d77de1.zip FreeBSD-src-2f4ac8072dca78fa4dc46fc5409b77a5b6d77de1.tar.gz |
Fix some of the more egregious problems with this file:
1. Update text about later BINDs using a pseudo-random, unpriviliged
query port for UDP by default.
2. We are now running in a sandbox by default, with a dedicated dump
directory, so remove the stale comment.
3. The topology configuration is not for the faint of heart, so
remove the commented example.
4. Tighten up some language a bit.
5. s/secondary/slave/
6. No need for the example about a bind-owned directory for slave zones.
7. Change domain.com to example.com in the example, per RFC 2606.
8. Update the path for slave zones in the example.
- Thanks to Scot Hetzel <swhetzel@gmail.com>
There is more work to do here, but this is an improvement.
Diffstat (limited to 'etc/namedb')
-rw-r--r-- | etc/namedb/named.conf | 42 |
1 files changed, 8 insertions, 34 deletions
diff --git a/etc/namedb/named.conf b/etc/namedb/named.conf index 3b45e0c..3f64e11 100644 --- a/etc/namedb/named.conf +++ b/etc/namedb/named.conf @@ -29,30 +29,12 @@ options { * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked - * questions using port 53, but BIND 8.1 uses an unprivileged - * port by default. + * questions using port 53, but BIND versions 8 and later + * use a pseudo-random unprivileged UDP port by default. */ // query-source address * port 53; - - /* - * If running in a sandbox, you may have to specify a different - * location for the dumpfile. - */ - // dump-file "s/named_dump.db"; }; -// Note: the following will be supported in a future release. -/* -host { any; } { - topology { - 127.0.0.0/8; - }; -}; -*/ - -// Setting up secondaries is way easier and a rough example for this -// is provided below. -// // If you enable a local name server, don't forget to enter 127.0.0.1 // first in your /etc/resolv.conf so this server will be queried. // Also, make sure to enable it in /etc/rc.conf. @@ -82,8 +64,8 @@ zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" { // NB: Do not use the IP addresses below, they are faked, and only // serve demonstration/documentation purposes! // -// Example secondary config entries. It can be convenient to become -// a secondary at least for the zone your own domain is in. Ask +// Example slave zone config entries. It can be convenient to become +// a slave at least for the zone your own domain is in. Ask // your network administrator for the IP address of the responsible // primary. // @@ -93,23 +75,15 @@ zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" { // // Before starting to set up a primary zone, make sure you fully // understand how DNS and BIND works. There are sometimes -// non-obvious pitfalls. Setting up a secondary is simpler. +// non-obvious pitfalls. Setting up a slave zone is simpler. // // NB: Don't blindly enable the examples below. :-) Use actual names // and addresses instead. -// -// NOTE!!! FreeBSD can run bind in a sandbox (see named_flags in rc.conf). -// The directory containing the secondary zones must be write accessible -// to bind. The following sequence is suggested: -// -// mkdir /etc/namedb/s -// chown bind:bind /etc/namedb/s -// chmod 750 /etc/namedb/s /* -zone "domain.com" { +zone "example.com" { type slave; - file "s/domain.com.bak"; + file "slave/example.com"; masters { 192.168.1.1; }; @@ -117,7 +91,7 @@ zone "domain.com" { zone "0.168.192.in-addr.arpa" { type slave; - file "s/0.168.192.in-addr.arpa.bak"; + file "slave/0.168.192.in-addr.arpa"; masters { 192.168.1.1; }; |