1. Update the documentation references, and the warning about setting up

authoritative servers.

2. Add an IPv4 listen-on option for 127.0.0.1, which is appropriate
for the default use as a local resolver.

3. Add a commented out listen-on-v6 option.

1 files changed, 14 insertions, 2 deletions

diff --git a/etc/namedb/named.conf b/etc/namedb/named.conf
index 32d1d3a..d0d4449 100644
--- a/etc/namedb/named.conf
+++ b/etc/namedb/named.conf
@@ -1,7 +1,9 @@
 // $FreeBSD$
 //
-// Refer to the named.conf(5) and named(8) man pages for details.  If
-// you are ever going to set up a primary server, make sure you
+// Refer to the named.conf(5) and named(8) man pages, and the documentation
+// in /usr/share/doc/bind9 for more details.
+//
+// If you are going to set up an authoritative server, make sure you
 // understand the hairy details of how DNS works.  Even with
 // simple mistakes, you can break connectivity for affected parties,
 // or cause huge amounts of useless Internet traffic.
@@ -12,6 +14,16 @@ options {
 	dump-file	"/var/dump/named_dump.db";
 	statistics-file	"/var/stats/named.stats";
 
+// If named is being used only as a local resolver, this is a safe default.
+// For named to be accessible to the network, comment this option, specify
+// the proper IP address, or delete this option.
+	listen-on	{ 127.0.0.1; };
+
+// If you have IPv6 enabled on this system, uncomment this option for
+// use as a local resolver.  To give access to the network, specify
+// an IPv6 address, or the keyword "any".
+//	listen-on-v6	{ ::1; };
+
 // In addition to the "forwarders" clause, you can force your name
 // server to never initiate queries of its own, but always ask its
 // forwarders only, by enabling the following line: