| named.conf (171698) | named.conf (171865) |
|---|---|
| 1// $FreeBSD: head/etc/namedb/named.conf 171698 2007-08-02 09:18:53Z dougb $ | 1// $FreeBSD: head/etc/namedb/named.conf 171865 2007-08-17 04:37:02Z dougb $ |
| 2// 3// Refer to the named.conf(5) and named(8) man pages, and the documentation 4// in /usr/share/doc/bind9 for more details. 5// 6// If you are going to set up an authoritative server, make sure you 7// understand the hairy details of how DNS works. Even with 8// simple mistakes, you can break connectivity for affected parties, 9// or cause huge amounts of useless Internet traffic. --- 53 unchanged lines hidden (view full) --- 63zone "." { type hint; file "named.root"; }; 64 65/* Slaving the following zones from the root name servers has some 66 significant advantages: 67 1. Faster local resolution for your users 68 2. No spurious traffic will be sent from your network to the roots 69 3. Greater resilience to any potential root server failure/DDoS 70 | 2// 3// Refer to the named.conf(5) and named(8) man pages, and the documentation 4// in /usr/share/doc/bind9 for more details. 5// 6// If you are going to set up an authoritative server, make sure you 7// understand the hairy details of how DNS works. Even with 8// simple mistakes, you can break connectivity for affected parties, 9// or cause huge amounts of useless Internet traffic. --- 53 unchanged lines hidden (view full) --- 63zone "." { type hint; file "named.root"; }; 64 65/* Slaving the following zones from the root name servers has some 66 significant advantages: 67 1. Faster local resolution for your users 68 2. No spurious traffic will be sent from your network to the roots 69 3. Greater resilience to any potential root server failure/DDoS 70 |
| 71 On the other hand, this method requires more monitoring than the 72 hints file to be sure that an unexpected failure mode has not 73 incapacitated your server. Name servers that are serving a lot 74 of clients will benefit more from this approach than individual 75 hosts. Use with caution. 76 |
|
| 71 To use this mechanism, uncomment the entries below, and comment 72 the hint zone above. 73*/ 74/* 75zone "." { 76 type slave; 77 file "slave/root.slave"; 78 masters { | 77 To use this mechanism, uncomment the entries below, and comment 78 the hint zone above. 79*/ 80/* 81zone "." { 82 type slave; 83 file "slave/root.slave"; 84 masters { |
| 79 192.33.4.12; // C.ROOT-SERVERS.NET. 80 192.112.36.4; // G.ROOT-SERVERS.NET. 81 193.0.14.129; // K.ROOT-SERVERS.NET. | 85 192.5.5.241; // F.ROOT-SERVERS.NET. |
| 82 }; 83 notify no; 84}; 85zone "arpa" { 86 type slave; 87 file "slave/arpa.slave"; 88 masters { | 86 }; 87 notify no; 88}; 89zone "arpa" { 90 type slave; 91 file "slave/arpa.slave"; 92 masters { |
| 89 192.33.4.12; // C.ROOT-SERVERS.NET. 90 192.112.36.4; // G.ROOT-SERVERS.NET. 91 193.0.14.129; // K.ROOT-SERVERS.NET. | 93 192.5.5.241; // F.ROOT-SERVERS.NET. |
| 92 }; 93 notify no; 94}; 95zone "in-addr.arpa" { 96 type slave; 97 file "slave/in-addr.arpa.slave"; 98 masters { | 94 }; 95 notify no; 96}; 97zone "in-addr.arpa" { 98 type slave; 99 file "slave/in-addr.arpa.slave"; 100 masters { |
| 99 192.33.4.12; // C.ROOT-SERVERS.NET. 100 192.112.36.4; // G.ROOT-SERVERS.NET. 101 193.0.14.129; // K.ROOT-SERVERS.NET. | 101 192.5.5.241; // F.ROOT-SERVERS.NET. |
| 102 }; 103 notify no; 104}; 105*/ 106 107/* Serving the following zones locally will prevent any queries 108 for these zones leaving your network and going to the root 109 name servers. This has two significant advantages: --- 40 unchanged lines hidden (view full) --- 150zone "168.192.in-addr.arpa" { type master; file "master/empty.db"; }; 151 152// Link-local/APIPA (RFCs 3330 and 3927) 153zone "254.169.in-addr.arpa" { type master; file "master/empty.db"; }; 154 155// TEST-NET for Documentation (RFC 3330) 156zone "2.0.192.in-addr.arpa" { type master; file "master/empty.db"; }; 157 | 102 }; 103 notify no; 104}; 105*/ 106 107/* Serving the following zones locally will prevent any queries 108 for these zones leaving your network and going to the root 109 name servers. This has two significant advantages: --- 40 unchanged lines hidden (view full) --- 150zone "168.192.in-addr.arpa" { type master; file "master/empty.db"; }; 151 152// Link-local/APIPA (RFCs 3330 and 3927) 153zone "254.169.in-addr.arpa" { type master; file "master/empty.db"; }; 154 155// TEST-NET for Documentation (RFC 3330) 156zone "2.0.192.in-addr.arpa" { type master; file "master/empty.db"; }; 157 |
| 158// Router Benchmark Testing (RFC 2544) 159zone "18.192.in-addr.arpa" { type master; file "master/empty.db"; }; 160zone "19.192.in-addr.arpa" { type master; file "master/empty.db"; }; | 158// Router Benchmark Testing (RFC 3330) 159zone "18.198.in-addr.arpa" { type master; file "master/empty.db"; }; 160zone "19.198.in-addr.arpa" { type master; file "master/empty.db"; }; |
| 161 162// IANA Reserved - Old Class E Space 163zone "240.in-addr.arpa" { type master; file "master/empty.db"; }; 164zone "241.in-addr.arpa" { type master; file "master/empty.db"; }; 165zone "242.in-addr.arpa" { type master; file "master/empty.db"; }; 166zone "243.in-addr.arpa" { type master; file "master/empty.db"; }; 167zone "244.in-addr.arpa" { type master; file "master/empty.db"; }; 168zone "245.in-addr.arpa" { type master; file "master/empty.db"; }; --- 107 unchanged lines hidden --- | 161 162// IANA Reserved - Old Class E Space 163zone "240.in-addr.arpa" { type master; file "master/empty.db"; }; 164zone "241.in-addr.arpa" { type master; file "master/empty.db"; }; 165zone "242.in-addr.arpa" { type master; file "master/empty.db"; }; 166zone "243.in-addr.arpa" { type master; file "master/empty.db"; }; 167zone "244.in-addr.arpa" { type master; file "master/empty.db"; }; 168zone "245.in-addr.arpa" { type master; file "master/empty.db"; }; --- 107 unchanged lines hidden --- |