diff options
Diffstat (limited to 'contrib/bind/bin/named/named.conf')
| -rw-r--r-- | contrib/bind/bin/named/named.conf | 462 |
1 files changed, 0 insertions, 462 deletions
diff --git a/contrib/bind/bin/named/named.conf b/contrib/bind/bin/named/named.conf deleted file mode 100644 index 7d81695..0000000 --- a/contrib/bind/bin/named/named.conf +++ /dev/null @@ -1,462 +0,0 @@ -/* - * This is a worthless, nonrunnable example of a named.conf file that has - * every conceivable syntax element in use. We use it to test the parser. - * It could also be used as a conceptual template for users of new features. - */ - -/* - * C-style comments are OK - */ - -// So are C++-style comments - -# So are shell-style comments - -// watch out for ";" -- it's important! - -key sample_key { // for TSIG - algorithm hmac-md5; // hmac-md5 is the supported algorithm - secret "abcdefgh"; // base 64 encoded secret -}; - -key key2 { - algorithm hmac-md5; - secret "87654321"; -}; - -options { - directory "."; // use current directory - named-xfer "/usr/libexec/named-xfer"; // _PATH_XFER - dump-file "named_dump.db"; // _PATH_DUMPFILE - pid-file "/var/run/named.pid"; // _PATH_PIDFILE - statistics-file "named.stats"; // _PATH_STATS - memstatistics-file "named.memstats"; // _PATH_MEMSTATS - check-names master fail; - check-names slave warn; - check-names response ignore; - host-statistics no; - deallocate-on-exit no; // Painstakingly deallocate all - // objects when exiting instead of - // letting the OS clean up for us. - // Useful a memory leak is suspected. - // Final statistics are written to the - // memstatistics-file. - datasize default; - stacksize default; - coresize default; - files unlimited; - recursion yes; - fetch-glue yes; - fake-iquery no; - notify yes; // send NOTIFY messages. You can set - // notify on a zone-by-zone - // basis in the "zone" statement - // see (below) - // notify explicit; // only sent the notifies to the - // also-notify list - serial-queries 4; // number of parallel SOA queries - // we can have outstanding for master - // zone change testing purposes - auth-nxdomain yes; // always set AA on NXDOMAIN. - // don't set this to 'no' unless - // you know what you're doing -- older - // servers won't like it. - multiple-cnames no; // if yes, then a name my have more - // than one CNAME RR. This use - // is non-standard and is not - // recommended, but it is available - // because previous releases supported - // it and it was used by large sites - // for load balancing. - allow-query { any; }; - allow-transfer { any; }; - transfers-in 10; // DEFAULT_XFERS_RUNNING, cannot be - // set > than MAX_XFERS_RUNNING (20) - transfers-per-ns 2; // DEFAULT_XFERS_PER_NS - transfers-out 0; // not implemented - max-transfer-time-in 120; // MAX_XFER_TIME; the default number - // of minutes an inbound zone transfer - // may run. May be set on a per-zone - // basis. - /* - * The "transfer-format" option specifies the way outbound zone - * transfers (i.e. from us to them) are formatted. Two values are - * allowed: - * - * one-answer Each RR gets its own DNS message. - * This format is not very efficient, - * but is widely understood. All - * versions of BIND prior to 8.1 generate - * this format for outbound zone - * and require it on inbound transfers. - * - * many-answers As many RRs as will fit are put into - * each DNS message. This format is - * the most efficient, but is only known - * to work with BIND 8. Patches to - * BIND 4.9.5 named-xfer that enable it - * to understand 'many-answers' will be - * available. - * - * If you are going to be doing zone transfers to older servers, you - * shouldn't use 'many-answers'. 'transfer-format' may also be set - * on a host-by-host basis using the 'server' statement (see below). - */ - transfer-format one-answer; - query-source address * port *; - /* - * The "forward" option is only meaningful if you've defined - * forwarders. "first" gives the normal BIND - * forwarding behavior, i.e. ask the forwarders first, and if that - * doesn't work then do the full lookup. You can also say - * "forward only;" which is what used to be specified with - * "slave" or "options forward-only". "only" will never attempt - * a full lookup; only the forwarders will be used. - */ - forward first; - forwarders { }; // default is no forwarders - /* - * Here's a forwarders example that isn't trivial - */ - /* - forwarders { - 1.2.3.4; - 5.6.7.8; - }; - */ - topology { localhost; localnets; }; // prefer local nameservers - /* - * Here's a more complicated topology example; it's commented out - * because only one topology block is allowed. - * - topology { - 10/8; // prefer network 10.0.0.0 - // netmask 255.0.0.0 most - !1.2.3/24; // don't like 1.2.3.0 netmask - // 255.255.255.0 at all - { 1.2/16; 3/8; }; // like 1.2.0.0 netmask 255.255.0.0 - // and 3.0.0.0 netmask 255.0.0.0 - // equally well, but less than 10/8 - }; - */ - - listen-on port 53 { any; }; // listen for queries on port 53 on - // any interface on the system - // (i.e. all interfaces). The - // "port 53" is optional; if you - // don't specify a port, port 53 - // is assumed. - /* - * Multiple listen-on statements are allowed. Here's a more - * complicated example: - */ - /* - listen-on { 5.6.7.8; }; // listen on port 53 on interface - // 5.6.7.8 - listen-on port 1234 { // listen on port 1234 on any - !1.2.3.4; // interface on network 1.2.3 - 1.2.3/24; // netmask 255.255.255.0, except for - }; // interface 1.2.3.4. - */ - - /* - * Interval Timers - */ - cleaning-interval 60; // clean the cache of expired RRs - // every 'cleaning-interval' minutes - interface-interval 60; // scan for new or deleted interfaces - // every 'interface-interval' minutes - statistics-interval 60; // log statistics every - // 'statistics-interval' minutes - /* - * IXFR options - */ - maintain-ixfr-base no; // If yes, keep transaction log file for IXFR - max-ixfr-log-size 20; // Not implemented, maximum size the - // IXFR transaction log file to grow -}; - -/* - * Control listeners, for "ndc". Every nameserver needs at least one. - */ -controls { - inet * port 52 allow { any; }; // a bad idea - unix "/var/run/ndc" perm 0600 owner 0 group 0; // the default -}; - -zone "master.demo.zone" { - type master; // what used to be called "primary" - file "master.demo.zone"; - check-names fail; - allow-update { none; }; - allow-transfer { any; }; - allow-query { any; }; - // notify yes; // send NOTIFY messages for this - // zone? The global option is used - // if "notify" is not specified - // here. - // notify explicit; // only sent the notifies to the - // also-notify list - also-notify { }; // don't notify any nameservers other - // than those on the NS list for this - // zone -}; - -zone "slave.demo.zone" { - type slave; // what used to be called "secondary" - file "slave.demo.zone"; - ixfr-base "slave.demo.zone.ixfr"; // File name for IXFR transaction log file - masters { - 1.2.3.4; // where to zone transfer from - 5.6.7.8 key key2; - }; - transfer-source 10.0.0.53; // fixes multihoming problems - check-names warn; - allow-update { none; }; - allow-transfer { any; }; - allow-query { any; }; - max-transfer-time-in 120; // if not set, global option is used. - also-notify { }; // don't notify any nameservers other - // than those on the NS list for this - // zone -}; - -zone "stub.demo.zone" { - type stub; // stub zones are like slave zones, - // except that only the NS records - // are transferred. - file "stub.demo.zone"; - masters { - 1.2.3.4; // where to zone transfer from - 5.6.7.8; - }; - check-names warn; - allow-update { none; }; - allow-transfer { any; }; - allow-query { any; }; - max-transfer-time-in 120; // if not set, global option is used. -}; - -zone "." { - type hint; // used to be specified w/ "cache" - file "cache.db"; - pubkey 257 255 1 "AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP/rick6gvEer5VcDEkLR5Q=="; -}; - -trusted-keys { - . 257 255 1 "AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP/rick6gvEer5VcDEkLR5Q=="; -}; - - -acl can_query { !1.2.3/24; any; }; // network 1.2.3.0 mask 255.255.255.0 - // is disallowed; rest are OK -acl can_axfr { 1.2.3.4; can_query; }; // host 1.2.3.4 and any host allowed - // by can_query are OK - -zone "non-default-acl.demo.zone" { - type master; - file "foo"; - allow-query { can_query; }; - allow-transfer { can_axfr; }; - allow-update { - 1.2.3.4; - 5.6.7.8; - }; -}; - -acl key_acl { key sample_key; }; // a request signed with sample_key - -server 1.2.3.4 { - edns no; // if no, we won't send ends queries - // to this server - bogus no; // if yes, we won't query or listen - // to this server - transfer-format one-answer; // set transfer format for this - // server (see the description of - // 'transfer-format' above) - // if not specified, the global option - // will be used - transfers 0; // not implemented - keys { sample_key; key2; }; // for TSIG; sign requests to this - // server with this key - support-ixfr yes; // for IXFR supported by server - // if yes, the listed server talks IXFR -}; - -logging { - /* - * All log output goes to one or more "channels"; you can make as - * many of them as you want. - */ - - channel syslog_errors { // this channel will send errors or - syslog user; // or worse to syslog (user facility) - severity error; - }; - - /* - * Channels have a severity level. Messages at severity levels - * greater than or equal to the channel's level will be logged on - * the channel. In order of decreasing severity, the levels are: - * - * critical a fatal error - * error - * warning - * notice a normal, but significant event - * info an informational message - * debug 1 the least detailed debugging info - * ... - * debug 99 the most detailed debugging info - */ - - /* - * Here are the built-in channels: - * - * channel default_syslog { - * syslog daemon; - * severity info; - * }; - * - * channel default_debug { - * file "named.run"; // note: stderr is used instead - * // of "named.run" if the server - * // is started with the "-f" - * // option. - * severity dynamic; // this means log debugging - * // at whatever debugging level - * // the server is at, and don't - * // log anything if not - * // debugging. - * }; - * - * channel null { // this is the bit bucket; - * file "/dev/null"; // any logging to this channel - * // is discarded. - * }; - * - * channel default_stderr { // writes to stderr - * file "<stderr>"; // this is illustrative only; - * // there's currently no way - * // of saying "stderr" in the - * // configuration language. - * // i.e. don't try this at home. - * severity info; - * }; - * - * default_stderr only works before the server daemonizes (i.e. - * during initial startup) or when it is running in foreground - * mode (-f command line option). - */ - - /* - * There are many categories, so you can send the logs - * you want to see wherever you want, without seeing logs you - * don't want. Right now the categories are - * - * default the catch-all. many things still - * aren't classified into categories, and - * they all end up here. also, if you - * don't specify any channels for a - * category, the default category is used - * instead. - * config high-level configuration file - * processing - * parser low-level configuration file processing - * queries what used to be called "query logging" - * lame-servers messages like "Lame server on ..." - * statistics - * panic if the server has to shut itself - * down due to an internal problem, it - * logs the problem here (as well as - * in the problem's native category) - * update dynamic update - * ncache negative caching - * xfer-in zone transfers we're receiving - * xfer-out zone transfers we're sending - * db all database operations - * eventlib debugging info from the event system - * (see below) - * packet dumps of packets received and sent - * (see below) - * notify the NOTIFY protocol - * cname messages like "XX points to a CNAME" - * security approved/unapproved requests - * os operating system problems - * insist consistency check failures - * maintenance periodic maintenance - * load zone loading - * response-checks messages like - * "Malformed response ..." - * "wrong ans. name ..." - * "unrelated additional info ..." - * "invalid RR type ..." - * "bad referral ..." - */ - - category parser { - syslog_errors; // you can log to as many channels - default_syslog; // as you want - }; - - category lame-servers { null; }; // don't log these at all - - channel moderate_debug { - severity debug 3; // level 3 debugging to file - file "foo"; // foo - print-time yes; // timestamp log entries - print-category yes; // print category name - print-severity yes; // print severity level - /* - * Note that debugging must have been turned on either - * on the command line or with a signal to get debugging - * output (non-debugging output will still be written to - * this channel). - */ - }; - - /* - * If you don't want to see "zone XXXX loaded" messages but do - * want to see any problems, you could do the following. - */ - channel no_info_messages { - syslog; - severity notice; - }; - - category load { no_info_messages; }; - - /* - * You can also define category "default"; it gets used when no - * "category" statement has been given for a category. - */ - category default { - default_syslog; - moderate_debug; - }; - - /* - * If you don't define category default yourself, the default - * default category will be used. It is - * - * category default { default_syslog; default_debug; }; - */ - - /* - * If you don't define category panic yourself, the default - * panic category will be used. It is - * - * category panic { default_syslog; default_stderr; }; - */ - - /* - * Two categories, 'packet' and 'eventlib', are special. Only one - * channel may be assigned to each of them, and it must be a - * file channel. If you don't define them yourself, they default to - * - * category eventlib { default_debug; }; - * - * category packet { default_debug; }; - */ -}; - -include "filename"; // can't do within a statement |
