named.conf revision 149797
1// $FreeBSD: head/etc/namedb/named.conf 149797 2005-09-05 13:42:22Z dougb $ 2// 3// Refer to the named.conf(5) and named(8) man pages, and the documentation 4// in /usr/share/doc/bind9 for more details. 5// 6// If you are going to set up an authoritative server, make sure you 7// understand the hairy details of how DNS works. Even with 8// simple mistakes, you can break connectivity for affected parties, 9// or cause huge amounts of useless Internet traffic. 10 11options { 12 directory "/etc/namedb"; 13 pid-file "/var/run/named/pid"; 14 dump-file "/var/dump/named_dump.db"; 15 statistics-file "/var/stats/named.stats"; 16 17// If named is being used only as a local resolver, this is a safe default. 18// For named to be accessible to the network, comment this option, specify 19// the proper IP address, or delete this option. 20 listen-on { 127.0.0.1; }; 21 22// If you have IPv6 enabled on this system, uncomment this option for 23// use as a local resolver. To give access to the network, specify 24// an IPv6 address, or the keyword "any". 25// listen-on-v6 { ::1; }; 26 27// In addition to the "forwarders" clause, you can force your name 28// server to never initiate queries of its own, but always ask its 29// forwarders only, by enabling the following line: 30// 31// forward only; 32 33// If you've got a DNS server around at your upstream provider, enter 34// its IP address here, and enable the line below. This will make you 35// benefit from its cache, thus reduce overall DNS traffic in the Internet. 36/* 37 forwarders { 38 127.0.0.1; 39 }; 40*/ 41 /* 42 * If there is a firewall between you and nameservers you want 43 * to talk to, you might need to uncomment the query-source 44 * directive below. Previous versions of BIND always asked 45 * questions using port 53, but BIND versions 8 and later 46 * use a pseudo-random unprivileged UDP port by default. 47 */ 48 // query-source address * port 53; 49}; 50 51// If you enable a local name server, don't forget to enter 127.0.0.1 52// first in your /etc/resolv.conf so this server will be queried. 53// Also, make sure to enable it in /etc/rc.conf. 54 55zone "." { 56 type hint; 57 file "named.root"; 58}; 59 60zone "0.0.127.IN-ADDR.ARPA" { 61 type master; 62 file "master/localhost.rev"; 63}; 64 65// RFC 3152 66zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" { 67 type master; 68 file "master/localhost-v6.rev"; 69}; 70 71// NB: Do not use the IP addresses below, they are faked, and only 72// serve demonstration/documentation purposes! 73// 74// Example slave zone config entries. It can be convenient to become 75// a slave at least for the zone your own domain is in. Ask 76// your network administrator for the IP address of the responsible 77// primary. 78// 79// Never forget to include the reverse lookup (IN-ADDR.ARPA) zone! 80// (This is named after the first bytes of the IP address, in reverse 81// order, with ".IN-ADDR.ARPA" appended.) 82// 83// Before starting to set up a primary zone, make sure you fully 84// understand how DNS and BIND works. There are sometimes 85// non-obvious pitfalls. Setting up a slave zone is simpler. 86// 87// NB: Don't blindly enable the examples below. :-) Use actual names 88// and addresses instead. 89 90/* An example master zone 91zone "example.net" { 92 type master; 93 file "master/example.net"; 94}; 95*/ 96 97/* An example dynamic zone 98key "exampleorgkey" { 99 algorithm hmac-md5; 100 secret "sf87HJqjkqh8ac87a02lla=="; 101}; 102zone "example.org" { 103 type master; 104 allow-update { 105 key "exampleorgkey"; 106 }; 107 file "dynamic/example.org"; 108}; 109*/ 110 111/* Examples of forward and reverse slave zones 112zone "example.com" { 113 type slave; 114 file "slave/example.com"; 115 masters { 116 192.168.1.1; 117 }; 118}; 119zone "1.168.192.in-addr.arpa" { 120 type slave; 121 file "slave/1.168.192.in-addr.arpa"; 122 masters { 123 192.168.1.1; 124 }; 125}; 126*/ 127 128