named.conf revision 135875
1// $FreeBSD: head/etc/namedb/named.conf 135875 2004-09-28 09:46:00Z dougb $ 2// 3// Refer to the named.conf(5) and named(8) man pages for details. If 4// you are ever going to set up a primary server, make sure you 5// understand the hairy details of how DNS works. Even with 6// simple mistakes, you can break connectivity for affected parties, 7// or cause huge amounts of useless Internet traffic. 8 9options { 10 directory "/etc/namedb"; 11 pid-file "/var/run/named/pid"; 12 dump-file "/var/dump/named_dump.db"; 13 14// In addition to the "forwarders" clause, you can force your name 15// server to never initiate queries of its own, but always ask its 16// forwarders only, by enabling the following line: 17// 18// forward only; 19 20// If you've got a DNS server around at your upstream provider, enter 21// its IP address here, and enable the line below. This will make you 22// benefit from its cache, thus reduce overall DNS traffic in the Internet. 23/* 24 forwarders { 25 127.0.0.1; 26 }; 27*/ 28 /* 29 * If there is a firewall between you and nameservers you want 30 * to talk to, you might need to uncomment the query-source 31 * directive below. Previous versions of BIND always asked 32 * questions using port 53, but BIND 8.1 uses an unprivileged 33 * port by default. 34 */ 35 // query-source address * port 53; 36 37 /* 38 * If running in a sandbox, you may have to specify a different 39 * location for the dumpfile. 40 */ 41 // dump-file "s/named_dump.db"; 42}; 43 44// Note: the following will be supported in a future release. 45/* 46host { any; } { 47 topology { 48 127.0.0.0/8; 49 }; 50}; 51*/ 52 53// Setting up secondaries is way easier and a rough example for this 54// is provided below. 55// 56// If you enable a local name server, don't forget to enter 127.0.0.1 57// first in your /etc/resolv.conf so this server will be queried. 58// Also, make sure to enable it in /etc/rc.conf. 59 60zone "." { 61 type hint; 62 file "named.root"; 63}; 64 65zone "0.0.127.IN-ADDR.ARPA" { 66 type master; 67 file "master/localhost.rev"; 68}; 69 70// RFC 3152 71zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" { 72 type master; 73 file "master/localhost-v6.rev"; 74}; 75 76// RFC 1886 -- deprecated 77zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" { 78 type master; 79 file "master/localhost-v6.rev"; 80}; 81 82// NB: Do not use the IP addresses below, they are faked, and only 83// serve demonstration/documentation purposes! 84// 85// Example secondary config entries. It can be convenient to become 86// a secondary at least for the zone your own domain is in. Ask 87// your network administrator for the IP address of the responsible 88// primary. 89// 90// Never forget to include the reverse lookup (IN-ADDR.ARPA) zone! 91// (This is named after the first bytes of the IP address, in reverse 92// order, with ".IN-ADDR.ARPA" appended.) 93// 94// Before starting to set up a primary zone, make sure you fully 95// understand how DNS and BIND works. There are sometimes 96// non-obvious pitfalls. Setting up a secondary is simpler. 97// 98// NB: Don't blindly enable the examples below. :-) Use actual names 99// and addresses instead. 100// 101// NOTE!!! FreeBSD can run bind in a sandbox (see named_flags in rc.conf). 102// The directory containing the secondary zones must be write accessible 103// to bind. The following sequence is suggested: 104// 105// mkdir /etc/namedb/s 106// chown bind:bind /etc/namedb/s 107// chmod 750 /etc/namedb/s 108 109/* 110zone "domain.com" { 111 type slave; 112 file "s/domain.com.bak"; 113 masters { 114 192.168.1.1; 115 }; 116}; 117 118zone "0.168.192.in-addr.arpa" { 119 type slave; 120 file "s/0.168.192.in-addr.arpa.bak"; 121 masters { 122 192.168.1.1; 123 }; 124}; 125*/ 126 127