summaryrefslogtreecommitdiffstats
path: root/etc/namedb
Commit message (Collapse)AuthorAgeFilesLines
* Spelling fixes for etc/uqs2012-01-071-1/+1
|
* Commemorate the release of RFC 6303 by updating the comments regardingdougb2011-07-171-10/+10
| | | | our default empty zones. No functional changes.
* Pick up the 2011-06-08 update to this file, the addition of an IPv6dougb2011-07-171-2/+3
| | | | address for D.
* Add a note about AXFR of important zones being available from ICANNdougb2011-02-201-0/+5
|
* Remove in-addr.arpa from the list of zones it is possible to slave locallydougb2011-02-161-8/+0
|
* Catch up with reality and references from the latest RFCsdougb2011-02-051-8/+11
| | | | (especially 5735) for our default empty zones.
* Add the AAAA address for i.root-servers.netdougb2010-06-181-2/+3
|
* Update the example named.conf file to answer locally for the newlydougb2010-01-181-2/+15
| | | | | | released IPv4 documentation ranges (http://tools.ietf.org/html/rfc5737) and catch up to the IPv6 documentation range and domain names that 5737 also references.
* The named process needs to have a "working directory" that it candougb2009-12-151-95/+95
| | | | | | | | | | | | | | | | | | | write to. This is specified in "options { directory }" in named.conf. So, create /etc/namedb/working with appropriate permissions, and update the entry in named.conf to match. In addition to specifying the working directory, file and path names in named.conf can be specified relative to the directory listed. However, since that directory is now different from /etc/namedb (where the configuration, zone, rndc.*, and other files are located) further update named.conf to specify all file names with fully qualified paths. Also update the comment about file and path names so users know this should be done for all file/path names in the file. This change will eliminate the 'working directory is not writable' messages at boot time without sacrificing security. It will also allow for features in newer versions of BIND (9.7+) to work as designed.
* Update to the December 12, 2008 version of this file. The onedougb2009-12-111-18/+19
| | | | | substantive change is to add the IPv6 address of L. The other changes are all CAPS LOCK related.
* 1. New feature; option to have the script loop until a specified hostnamedougb2009-05-161-6/+14
| | | | | | | | | | | | (localhost by default) can be successfully looked up. Off by default. 2. New feature: option to create a forwarder configuration file based on the contents of /etc/resolv.conf. This allows you to utilize a local resolver for better performance, less network traffic, custom zones, etc. while still relying on the benefits of your local network resolver. Off by default. 3. Add named-checkconf into the startup routine. This will prevent named from trying to start in a situation where it would not be possible to do so.
* Strongly discourage the use of the query-source option, and explain why.dougb2008-07-121-7/+13
| | | | | | | Give a better example if a user absolutely must use this option, and suggest they pick something from the ephemeral port range rather than port 53. This means that the example will not work if it is merely uncommented, but this will hopefully encourage users to read the comment.
* From the 4 February 2008 update:dougb2008-02-071-3/+8
| | | | IPv6 addresses for 6 of the root name servers!
* Remove from the default empty zone list zones that, unlike the others,dougb2008-01-111-8/+0
| | | | could theoretically be allocated one day.
* Update to the 1 November 2007 version of this file. The changedougb2007-11-021-3/+3
| | | | | is to the address of l.root-servers.net, which is moving to a new /24 in order to enable anycast routing down the road.
* 1. Remove root name servers from the list of possible masters in thedougb2007-08-171-12/+12
| | | | | | | | | | | | | | | | | | | | | | | | commented out example who have either not responded, or specifically asked not to participate because they do not view AXFR as "a production service." 2. Add f.root-servers.net to the example after confirmation from Paul Vixie. 3. Add a warning to the commented out "root zone slave" example to the effect that it requires more attention than a hints file, and provides more benefit to larger sites than individual hosts. 4. Correct a typo copied from RFC 2544 which was corrected in a later errata, and confirmed in RFC 3330. Update the comment to reflect that RFC 3330 got it right and to avoid confusion down the road. 3330 also contains a reference back to 2544 for anyone interested in pursuing the history. [1] PR: conf/115573 [1] Submitted by: Oliver Fromme <olli@secnetix.de> [1] Approved by: re (kensmith)
* 1. Move the disable-empty-zone stuff down below the first 25 lines sodougb2007-08-021-13/+13
| | | | | | | | | | | | | | | | | | that the listen-on stuff floats up to the first "page" of text. This makes it very obvious what's going on so that someone trying to enable a server for use on a network can easily see how to do that. 2. Change the default behavior back to using a hint zone for the root. 3. Leave the root slave zone config as a commented out example. 4. Remove the B and F root servers from the example at the request of their operators. Requested by: he-who-must-not-be-named [1] Requested by: many [2] Approved by: re (rwatson)
* Drop the default zones that are now covered by the new zones thatdougb2007-06-181-0/+4
| | | | were added in the last revision.
* Bring our default named configuration more in line with currentdougb2007-06-187-119/+215
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | best practices: 1. The old way of generating the localhost zones was not optimal both because they did not exist by default, and because they were not really aligned with BCP. There is no need to have the dynamic data that the make-localhost script generated, and good reasons to do this more "by the book." 2. In named.conf a. Clean up white space b. Add/clarify a few comments c. Slave zones from the root servers instead of using a hints file. This has several advantages, as described in the comments. d. Significantly revamp the default zones, including the forward localhost zone, and the reverse zones for IPv4 and IPv6 loopback addresses. There are extensive comments describing what is included and why. Interested readers should take the time to review the RFCs mentioned in the comments. There is also relevant information about the motivations for hosting these zones in the "work in progress" Internet-Draft, http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt or its successor. It's also worth noting that a significant number of these empty zones are already included by default in the named binary without any user configuration. e. Because we're including a lot of examples of both local forward zones and slave zones in the default configuration, eliminate some of those examples. 3. Add new localhost-{forward|reverse} zone files, and an "empty" zone to support the changes in 2.d. above. The empty zone file isn't really empty in order to avoid a warning from BIND about a zone file that doesn't contain any A or AAAA records.
* Add a namedb/master directory for the zone files I'm about to add,dougb2007-06-182-4/+15
| | | | | and switch to the more "normal" way of installing files for the namedb directory so that we can pick up the new subdir.
* In accordance with my intentions announced (and not objected to)dougb2005-09-051-6/+0
| | | | | | on -arch, and RFC 4159 (http://www.rfc-editor.org/rfc/rfc4159.txt) which officially deprecates all usage of IP6.INT, remove the reference to that zone from the example named.conf file.
* Scot pointed out that the dynamic zone example didn't seem to "flow"dougb2005-01-221-11/+17
| | | | | | | | | | with the rest of the examples, so after discussion with him and gshapiro, re-sort the examples, and add more comments to make things very obvious. Also, divide the examples between example.{com|net|org} to make things even more obvious, and use the same RFC 1918 block for all examples. Pointed out by: Scot W. Hetzel <hetzels@westbend.net>
* Start the dreaded NOFOO -> NO_FOO conversion.ru2004-12-211-1/+1
| | | | OK'ed by: core
* Create a separate directory for dynamic zones which is owned by the bindgshapiro2004-11-041-0/+14
| | | | | | | | | | user (for creation of the zone journal file). This is separate from the master/ directory for security. Give an example dynamic zone in the sample named.conf. Approved by: dougb Noticed by: Eivind Olsen <eivind at aminor.no> MFC after: 1 week
* For variables that are only checked with defined(), don't provideru2004-10-241-1/+1
| | | | any fake value.
* 1. Update the documentation references, and the warning about setting updougb2004-09-301-2/+14
| | | | | | | | | authoritative servers. 2. Add an IPv4 listen-on option for 127.0.0.1, which is appropriate for the default use as a local resolver. 3. Add a commented out listen-on-v6 option.
* Add a statistics-file directivedougb2004-09-291-0/+1
|
* Fix some of the more egregious problems with this file:dougb2004-09-281-34/+8
| | | | | | | | | | | | | | | | | | | | | | | | 1. Update text about later BINDs using a pseudo-random, unpriviliged query port for UDP by default. 2. We are now running in a sandbox by default, with a dedicated dump directory, so remove the stale comment. 3. The topology configuration is not for the faint of heart, so remove the commented example. 4. Tighten up some language a bit. 5. s/secondary/slave/ 6. No need for the example about a bind-owned directory for slave zones. 7. Change domain.com to example.com in the example, per RFC 2606. 8. Update the path for slave zones in the example. - Thanks to Scot Hetzel <swhetzel@gmail.com> There is more work to do here, but this is an improvement.
* Create a named chroot directory structure in /var/named, and use itdougb2004-09-282-9/+12
| | | | | | | | | | | | | | | | by default when named is enabled. Also, improve our default directory layout by creating /var/named/etc/namedb/{master|slave} directories, and use the former for the generated localhost* files. Rather than using pax to copy device entries, mount devfs in the chroot directory. There may be some corner cases where things need to be adjusted, but overall this structure has been well tested on a production network, and should serve the needs of the vast majority of users. UPDATING has instructions on how to do the conversion for those with existing configurations.
* Removed whitespace at BOF, EOL & EOF.schweikh2004-06-062-3/+3
|
* Latest version of this file from InterNIC. This version updates the IPdougb2004-01-291-7/+8
| | | | address of b.root-servers.net, and various comments.
* Misc grammar, typo and wording fixes of comments.keramida2003-02-071-11/+11
| | | | | PR: docs/41034 Submitted by: Chris Pepper <pepper@rockefeller.edu>
* compliance with RFC3152.ume2002-11-261-0/+7
| | | | | | PR: standards/45557 Submitted by: Matthew Seaman <m.seaman@infracaninophile.co.uk> Approved by: re
* Import the latest hints file from Internic. The most important changedougb2002-11-061-13/+13
| | | | | is that J has moved, however I'm sure you'll all be very disappointed to hear that you can no longer retrieve this file via gopher.
* Install PROTO.localhost-v6.rev.ume2002-02-061-1/+2
| | | | | Reported by: Scott Allendorf <scott-allendorf@uiowa.edu> Forgot by: me (ume)
* Added this makefile. This is not attached to the build yet. I oftenbde2002-01-301-0/+8
| | | | | install parts of /etc manually and it helps to have a makefile for each subdir even if the main makefile doesn't invoke it.
* Do not taint ::/124 for localhost reverse table.ume2002-01-223-2/+26
|
* The named.conf file should refer to named.conf(5) in addition tocjc2001-12-031-5/+5
| | | | | | | | named(8) in the comments. PR: 32459 Submitted by: "Gary W. Swearingen" <swear@blarg.net> MFC after: 2 days
* Invoke named with privilege of bind:bind.kuriyama2001-08-231-0/+1
| | | | Change pidfile location to /var/run/named/pid.
* Replace old-style "chown foo.bar" with orthodox "chown foo:bar".sheldonh2001-05-281-1/+1
|
* FreeBSD doesn't run named in a sandbox by default, so change a comment so itben2001-01-161-1/+1
| | | | doesn't imply we do.
* o Add a PATH statement to the beginning of make-localhost, making itrwatson2000-11-291-0/+3
| | | | | | | work right when the administrator has modified their runtime environment in a manner not anticipated by our script. Requested by: Tom Maher <tardis@ece.cmu.edu>
* Add reverse lookup entry for ::1ume2000-07-071-0/+5
| | | | Suggested by: itojun
* Sigh. RFC2038 and bind 8.2.2 have a slight variation of interpretationpeter2000-01-101-0/+2
| | | | | | | | | of the SOA 'minimum' field. Now it's necessary to define $TTL seperately to shut it up. Bind does reasonable things by default but it's annoying still. PR: 15834 Submitted by: Daniel Lewart <d-lewart@uiuc.edu>
* Add/adjust some $FreeBSD$ tags.peter1999-09-131-1/+1
| | | | Noted by: Doug <Doug@gorean.org>
* $Id$ -> $FreeBSD$peter1999-08-273-3/+3
|
* Add (commented out) directive and note regarding dumpfile locationdillon1998-12-231-1/+7
| | | | | | when running in a sandbox. Submitted by: Ben Smithurst <ben@scientia.demon.co.uk>
* Since we do not pre-create /etc/namedb/s, add additional documentationdillon1998-12-021-2/+6
| | | | | | to the comments in named.conf to describe to the user how to create it. (named.conf does not use /etc/namedb/s by default anyway so us not pre-created it in the mtree does not hurt us terribly).
* Reviewed by: freebsd-current, freebsd-securitydillon1998-12-011-3/+7
| | | | | | | | Adjust rc.conf to run named in sandbox, adjust mtree to add /etc/namedb/s subdirectory (user bind, group bind) to hold secondaries, adjust comments in named.conf to reflect new secondary scheme. (Note that core read-only zone files are left owned by root, increasing security even more).
* Add Id keywordbrian1998-09-131-0/+2
|
OpenPOWER on IntegriCloud