Fix some of the more egregious problems with this file:

1. Update text about later BINDs using a pseudo-random, unpriviliged
query port for UDP by default.

2. We are now running in a sandbox by default, with a dedicated dump
directory, so remove the stale comment.

3. The topology configuration is not for the faint of heart, so
remove the commented example.

4. Tighten up some language a bit.

5. s/secondary/slave/

6. No need for the example about a bind-owned directory for slave zones.

7. Change domain.com to example.com in the example, per RFC 2606.

8. Update the path for slave zones in the example.
	- Thanks to Scot Hetzel <swhetzel@gmail.com>

There is more work to do here, but this is an improvement.

1 files changed, 8 insertions, 34 deletions

diff --git a/etc/namedb/named.conf b/etc/namedb/named.conf
index 3b45e0c..3f64e11 100644
--- a/etc/namedb/named.conf
+++ b/etc/namedb/named.conf
@@ -29,30 +29,12 @@ options {
 	 * If there is a firewall between you and nameservers you want
 	 * to talk to, you might need to uncomment the query-source
 	 * directive below.  Previous versions of BIND always asked
-	 * questions using port 53, but BIND 8.1 uses an unprivileged
-	 * port by default.
+	 * questions using port 53, but BIND versions 8 and later
+	 * use a pseudo-random unprivileged UDP port by default.
 	 */
 	// query-source address * port 53;
-
-	/*
-	 * If running in a sandbox, you may have to specify a different
-	 * location for the dumpfile.
-	 */
-	// dump-file "s/named_dump.db";
 };
 
-// Note: the following will be supported in a future release.
-/*
-host { any; } {
-	topology {
-		127.0.0.0/8;
-	};
-};
-*/
-
-// Setting up secondaries is way easier and a rough example for this
-// is provided below.
-//
 // If you enable a local name server, don't forget to enter 127.0.0.1
 // first in your /etc/resolv.conf so this server will be queried.
 // Also, make sure to enable it in /etc/rc.conf.
@@ -82,8 +64,8 @@ zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" {
 // NB: Do not use the IP addresses below, they are faked, and only
 // serve demonstration/documentation purposes!
 //
-// Example secondary config entries.  It can be convenient to become
-// a secondary at least for the zone your own domain is in.  Ask
+// Example slave zone config entries.  It can be convenient to become
+// a slave at least for the zone your own domain is in.  Ask
 // your network administrator for the IP address of the responsible
 // primary.
 //
@@ -93,23 +75,15 @@ zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" {
 //
 // Before starting to set up a primary zone, make sure you fully
 // understand how DNS and BIND works.  There are sometimes
-// non-obvious pitfalls.  Setting up a secondary is simpler.
+// non-obvious pitfalls.  Setting up a slave zone is simpler.
 //
 // NB: Don't blindly enable the examples below. :-)  Use actual names
 // and addresses instead.
-//
-// NOTE!!! FreeBSD can run bind in a sandbox (see named_flags in rc.conf).
-// The directory containing the secondary zones must be write accessible
-// to bind.  The following sequence is suggested:
-//
-//	mkdir /etc/namedb/s
-//	chown bind:bind /etc/namedb/s
-//	chmod 750 /etc/namedb/s
 
 /*
-zone "domain.com" {
+zone "example.com" {
 	type slave;
-	file "s/domain.com.bak";
+	file "slave/example.com";
 	masters {
 		192.168.1.1;
 	};
@@ -117,7 +91,7 @@ zone "domain.com" {
 
 zone "0.168.192.in-addr.arpa" {
 	type slave;
-	file "s/0.168.192.in-addr.arpa.bak";
+	file "slave/0.168.192.in-addr.arpa";
 	masters {
 		192.168.1.1;
 	};