summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--etc/namedb/named.conf26
1 files changed, 13 insertions, 13 deletions
diff --git a/etc/namedb/named.conf b/etc/namedb/named.conf
index 41a90a8..76ddafc 100644
--- a/etc/namedb/named.conf
+++ b/etc/namedb/named.conf
@@ -15,10 +15,6 @@ options {
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
- disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
- disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
- disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
-
// If named is being used only as a local resolver, this is a safe default.
// For named to be accessible to the network, comment this option, specify
// the proper IP address, or delete this option.
@@ -29,6 +25,12 @@ options {
// an IPv6 address, or the keyword "any".
// listen-on-v6 { ::1; };
+// These zones are already covered by the empty zones listed below.
+// If you remove the related empty zones below, comment these lines out.
+ disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
+ disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
+ disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
+
// In addition to the "forwarders" clause, you can force your name
// server to never initiate queries of its own, but always ask its
// forwarders only, by enabling the following line:
@@ -57,22 +59,23 @@ options {
// first in your /etc/resolv.conf so this server will be queried.
// Also, make sure to enable it in /etc/rc.conf.
+// The traditional root hints mechanism. Use this, OR the slave zones below.
+zone "." { type hint; file "named.root"; };
+
/* Slaving the following zones from the root name servers has some
significant advantages:
1. Faster local resolution for your users
2. No spurious traffic will be sent from your network to the roots
3. Greater resilience to any potential root server failure/DDoS
- If you do not wish to slave these zones from the root servers
- use the entry below instead.
- zone "." { type hint; file "named.root"; };
+ To use this mechanism, uncomment the entries below, and comment
+ the hint zone above.
*/
+/*
zone "." {
type slave;
file "slave/root.slave";
masters {
- 192.5.5.241; // F.ROOT-SERVERS.NET.
- 192.228.79.201; // B.ROOT-SERVERS.NET.
192.33.4.12; // C.ROOT-SERVERS.NET.
192.112.36.4; // G.ROOT-SERVERS.NET.
193.0.14.129; // K.ROOT-SERVERS.NET.
@@ -83,8 +86,6 @@ zone "arpa" {
type slave;
file "slave/arpa.slave";
masters {
- 192.5.5.241; // F.ROOT-SERVERS.NET.
- 192.228.79.201; // B.ROOT-SERVERS.NET.
192.33.4.12; // C.ROOT-SERVERS.NET.
192.112.36.4; // G.ROOT-SERVERS.NET.
193.0.14.129; // K.ROOT-SERVERS.NET.
@@ -95,14 +96,13 @@ zone "in-addr.arpa" {
type slave;
file "slave/in-addr.arpa.slave";
masters {
- 192.5.5.241; // F.ROOT-SERVERS.NET.
- 192.228.79.201; // B.ROOT-SERVERS.NET.
192.33.4.12; // C.ROOT-SERVERS.NET.
192.112.36.4; // G.ROOT-SERVERS.NET.
193.0.14.129; // K.ROOT-SERVERS.NET.
};
notify no;
};
+*/
/* Serving the following zones locally will prevent any queries
for these zones leaving your network and going to the root
OpenPOWER on IntegriCloud