named.conf revision 50472
150472Speter// $FreeBSD: head/etc/namedb/named.conf 50472 1999-08-27 23:37:10Z peter $ 235947Speter// 335832Sache// Refer to the named(8) man page for details. If you are ever going 435832Sache// to setup a primary server, make sure you've understood the hairy 535832Sache// details of how DNS is working. Even with simple mistakes, you can 635832Sache// break connectivity for affected parties, or cause huge amount of 735832Sache// useless Internet traffic. 835832Sache 935832Sacheoptions { 1035832Sache directory "/etc/namedb"; 1135832Sache 1235832Sache// In addition to the "forwarders" clause, you can force your name 1335832Sache// server to never initiate queries of its own, but always ask its 1435832Sache// forwarders only, by enabling the following line: 1535947Speter// 1635832Sache// forward only; 1735832Sache 1835947Speter// If you've got a DNS server around at your upstream provider, enter 1935832Sache// its IP address here, and enable the line below. This will make you 2035832Sache// benefit from its cache, thus reduce overall DNS traffic in the Internet. 2135832Sache/* 2235832Sache forwarders { 2335832Sache 127.0.0.1; 2435832Sache }; 2535832Sache*/ 2635832Sache /* 2735832Sache * If there is a firewall between you and nameservers you want 2835832Sache * to talk to, you might need to uncomment the query-source 2935832Sache * directive below. Previous versions of BIND always asked 3035832Sache * questions using port 53, but BIND 8.1 uses an unprivileged 3135832Sache * port by default. 3235832Sache */ 3335832Sache // query-source address * port 53; 3442027Sdillon 3542027Sdillon /* 3642027Sdillon * If running in a sandbox, you may have to specify a different 3742027Sdillon * location for the dumpfile. 3842027Sdillon */ 3942027Sdillon // dump-file "s/named_dump.db"; 4035832Sache}; 4135832Sache 4235832Sache// Note: the following will be supported in a future release. 4335832Sache/* 4435832Sachehost { any; } { 4535832Sache topology { 4635832Sache 127.0.0.0/8; 4735832Sache }; 4835832Sache}; 4935832Sache*/ 5035832Sache 5135832Sache// Setting up secondaries is way easier and the rough picture for this 5235832Sache// is explained below. 5335947Speter// 5435832Sache// If you enable a local name server, don't forget to enter 127.0.0.1 5535832Sache// into your /etc/resolv.conf so this server will be queried first. 5635832Sache// Also, make sure to enable it in /etc/rc.conf. 5735832Sache 5835832Sachezone "." { 5935832Sache type hint; 6035832Sache file "named.root"; 6135832Sache}; 6235832Sache 6335832Sachezone "0.0.127.IN-ADDR.ARPA" { 6435832Sache type master; 6535832Sache file "localhost.rev"; 6635832Sache}; 6735832Sache 6835832Sache// NB: Do not use the IP addresses below, they are faked, and only 6935832Sache// serve demonstration/documentation purposes! 7035947Speter// 7135832Sache// Example secondary config entries. It can be convenient to become 7235947Speter// a secondary at least for the zone where your own domain is in. Ask 7335947Speter// your network administrator for the IP address of the responsible 7435947Speter// primary. 7535947Speter// 7635832Sache// Never forget to include the reverse lookup (IN-ADDR.ARPA) zone! 7735947Speter// (This is the first bytes of the respective IP address, in reverse 7835947Speter// order, with ".IN-ADDR.ARPA" appended.) 7935947Speter// 8035832Sache// Before starting to setup a primary zone, better make sure you fully 8135947Speter// understand how DNS and BIND works, however. There are sometimes 8235832Sache// unobvious pitfalls. Setting up a secondary is comparably simpler. 8335947Speter// 8435832Sache// NB: Don't blindly enable the examples below. :-) Use actual names 8535947Speter// and addresses instead. 8641442Sdillon// 8741442Sdillon// NOTE!!! FreeBSD runs bind in a sandbox (see named_flags in rc.conf). 8841442Sdillon// The directory containing the secondary zones must be write accessible 8941460Sdillon// to bind. The following sequence is suggested: 9041460Sdillon// 9141460Sdillon// mkdir /etc/namedb/s 9241460Sdillon// chown bind.bind /etc/namedb/s 9341460Sdillon// chmod 750 /etc/namedb/s 9435832Sache 9535832Sache/* 9635832Sachezone "domain.com" { 9735832Sache type slave; 9841442Sdillon file "s/domain.com.bak"; 9935832Sache masters { 10035832Sache 192.168.1.1; 10135832Sache }; 10235832Sache}; 10335832Sache 10435832Sachezone "0.168.192.in-addr.arpa" { 10535832Sache type slave; 10641442Sdillon file "s/0.168.192.in-addr.arpa.bak"; 10735832Sache masters { 10835832Sache 192.168.1.1; 10935832Sache }; 11035832Sache}; 11135832Sache*/ 11235832Sache 113