named.conf (175236) | named.conf (180478) |
---|---|
1// $FreeBSD: head/etc/namedb/named.conf 175236 2008-01-11 22:41:21Z dougb $ | 1// $FreeBSD: head/etc/namedb/named.conf 180478 2008-07-12 10:00:36Z dougb $ |
2// 3// Refer to the named.conf(5) and named(8) man pages, and the documentation 4// in /usr/share/doc/bind9 for more details. 5// 6// If you are going to set up an authoritative server, make sure you 7// understand the hairy details of how DNS works. Even with 8// simple mistakes, you can break connectivity for affected parties, 9// or cause huge amounts of useless Internet traffic. --- 31 unchanged lines hidden (view full) --- 41// its IP address here, and enable the line below. This will make you 42// benefit from its cache, thus reduce overall DNS traffic in the Internet. 43/* 44 forwarders { 45 127.0.0.1; 46 }; 47*/ 48 /* | 2// 3// Refer to the named.conf(5) and named(8) man pages, and the documentation 4// in /usr/share/doc/bind9 for more details. 5// 6// If you are going to set up an authoritative server, make sure you 7// understand the hairy details of how DNS works. Even with 8// simple mistakes, you can break connectivity for affected parties, 9// or cause huge amounts of useless Internet traffic. --- 31 unchanged lines hidden (view full) --- 41// its IP address here, and enable the line below. This will make you 42// benefit from its cache, thus reduce overall DNS traffic in the Internet. 43/* 44 forwarders { 45 127.0.0.1; 46 }; 47*/ 48 /* |
49 * If there is a firewall between you and nameservers you want 50 * to talk to, you might need to uncomment the query-source 51 * directive below. Previous versions of BIND always asked 52 * questions using port 53, but BIND versions 8 and later 53 * use a pseudo-random unprivileged UDP port by default. 54 */ 55 // query-source address * port 53; | 49 Modern versions of BIND use a random UDP port for each outgoing 50 query by default in order to dramatically reduce the possibility 51 of cache poisoning. All users are strongly encouraged to utilize 52 this feature, and to configure their firewalls to accommodate it. 53 54 AS A LAST RESORT in order to get around a restrictive firewall 55 policy you can try enabling the option below. Use of this option 56 will significantly reduce your ability to withstand cache poisoning 57 attacks, and should be avoided if at all possible. 58 59 Replace NNNNN in the example with a number between 49160 and 65530. 60 */ 61 // query-source address * port NNNNN; |
56}; 57 58// If you enable a local name server, don't forget to enter 127.0.0.1 59// first in your /etc/resolv.conf so this server will be queried. 60// Also, make sure to enable it in /etc/rc.conf. 61 62// The traditional root hints mechanism. Use this, OR the slave zones below. 63zone "." { type hint; file "named.root"; }; --- 204 unchanged lines hidden --- | 62}; 63 64// If you enable a local name server, don't forget to enter 127.0.0.1 65// first in your /etc/resolv.conf so this server will be queried. 66// Also, make sure to enable it in /etc/rc.conf. 67 68// The traditional root hints mechanism. Use this, OR the slave zones below. 69zone "." { type hint; file "named.root"; }; --- 204 unchanged lines hidden --- |