named.conf revision 170914
1// $FreeBSD: head/etc/namedb/named.conf 170914 2007-06-18 05:58:23Z dougb $ 2// 3// Refer to the named.conf(5) and named(8) man pages, and the documentation 4// in /usr/share/doc/bind9 for more details. 5// 6// If you are going to set up an authoritative server, make sure you 7// understand the hairy details of how DNS works. Even with 8// simple mistakes, you can break connectivity for affected parties, 9// or cause huge amounts of useless Internet traffic. 10 11options { 12 // Relative to the chroot directory, if any 13 directory "/etc/namedb"; 14 pid-file "/var/run/named/pid"; 15 dump-file "/var/dump/named_dump.db"; 16 statistics-file "/var/stats/named.stats"; 17 18// If named is being used only as a local resolver, this is a safe default. 19// For named to be accessible to the network, comment this option, specify 20// the proper IP address, or delete this option. 21 listen-on { 127.0.0.1; }; 22 23// If you have IPv6 enabled on this system, uncomment this option for 24// use as a local resolver. To give access to the network, specify 25// an IPv6 address, or the keyword "any". 26// listen-on-v6 { ::1; }; 27 28// In addition to the "forwarders" clause, you can force your name 29// server to never initiate queries of its own, but always ask its 30// forwarders only, by enabling the following line: 31// 32// forward only; 33 34// If you've got a DNS server around at your upstream provider, enter 35// its IP address here, and enable the line below. This will make you 36// benefit from its cache, thus reduce overall DNS traffic in the Internet. 37/* 38 forwarders { 39 127.0.0.1; 40 }; 41*/ 42 /* 43 * If there is a firewall between you and nameservers you want 44 * to talk to, you might need to uncomment the query-source 45 * directive below. Previous versions of BIND always asked 46 * questions using port 53, but BIND versions 8 and later 47 * use a pseudo-random unprivileged UDP port by default. 48 */ 49 // query-source address * port 53; 50}; 51 52// If you enable a local name server, don't forget to enter 127.0.0.1 53// first in your /etc/resolv.conf so this server will be queried. 54// Also, make sure to enable it in /etc/rc.conf. 55 56/* Slaving the following zones from the root name servers has some 57 significant advantages: 58 1. Faster local resolution for your users 59 2. No spurious traffic will be sent from your network to the roots 60 3. Greater resilience to any potential root server failure/DDoS 61 62 If you do not wish to slave these zones from the root servers 63 use the entry below instead. 64 zone "." { type hint; file "named.root"; }; 65*/ 66zone "." { 67 type slave; 68 file "slave/root.slave"; 69 masters { 70 192.5.5.241; // F.ROOT-SERVERS.NET. 71 192.228.79.201; // B.ROOT-SERVERS.NET. 72 192.33.4.12; // C.ROOT-SERVERS.NET. 73 192.112.36.4; // G.ROOT-SERVERS.NET. 74 193.0.14.129; // K.ROOT-SERVERS.NET. 75 }; 76 notify no; 77}; 78zone "arpa" { 79 type slave; 80 file "slave/arpa.slave"; 81 masters { 82 192.5.5.241; // F.ROOT-SERVERS.NET. 83 192.228.79.201; // B.ROOT-SERVERS.NET. 84 192.33.4.12; // C.ROOT-SERVERS.NET. 85 192.112.36.4; // G.ROOT-SERVERS.NET. 86 193.0.14.129; // K.ROOT-SERVERS.NET. 87 }; 88 notify no; 89}; 90zone "in-addr.arpa" { 91 type slave; 92 file "slave/in-addr.arpa.slave"; 93 masters { 94 192.5.5.241; // F.ROOT-SERVERS.NET. 95 192.228.79.201; // B.ROOT-SERVERS.NET. 96 192.33.4.12; // C.ROOT-SERVERS.NET. 97 192.112.36.4; // G.ROOT-SERVERS.NET. 98 193.0.14.129; // K.ROOT-SERVERS.NET. 99 }; 100 notify no; 101}; 102 103/* Serving the following zones locally will prevent any queries 104 for these zones leaving your network and going to the root 105 name servers. This has two significant advantages: 106 1. Faster local resolution for your users 107 2. No spurious traffic will be sent from your network to the roots 108*/ 109// RFC 1912 110zone "localhost" { type master; file "master/localhost-forward.db"; }; 111zone "127.in-addr.arpa" { type master; file "master/localhost-reverse.db"; }; 112zone "255.in-addr.arpa" { type master; file "master/empty.db"; }; 113 114// RFC 1912-style zone for IPv6 localhost address 115zone "0.ip6.arpa" { type master; file "master/localhost-reverse.db"; }; 116 117// "This" Network (RFCs 1912 and 3330) 118zone "0.in-addr.arpa" { type master; file "master/empty.db"; }; 119 120// IANA Reserved - Unlikely to ever be assigned 121zone "1.in-addr.arpa" { type master; file "master/empty.db"; }; 122zone "2.in-addr.arpa" { type master; file "master/empty.db"; }; 123zone "223.in-addr.arpa" { type master; file "master/empty.db"; }; 124 125// Public Data Networks (RFC 3330) 126zone "14.in-addr.arpa" { type master; file "master/empty.db"; }; 127 128// Private Use Networks (RFC 1918) 129zone "10.in-addr.arpa" { type master; file "master/empty.db"; }; 130zone "16.172.in-addr.arpa" { type master; file "master/empty.db"; }; 131zone "17.172.in-addr.arpa" { type master; file "master/empty.db"; }; 132zone "18.172.in-addr.arpa" { type master; file "master/empty.db"; }; 133zone "19.172.in-addr.arpa" { type master; file "master/empty.db"; }; 134zone "20.172.in-addr.arpa" { type master; file "master/empty.db"; }; 135zone "21.172.in-addr.arpa" { type master; file "master/empty.db"; }; 136zone "22.172.in-addr.arpa" { type master; file "master/empty.db"; }; 137zone "23.172.in-addr.arpa" { type master; file "master/empty.db"; }; 138zone "24.172.in-addr.arpa" { type master; file "master/empty.db"; }; 139zone "25.172.in-addr.arpa" { type master; file "master/empty.db"; }; 140zone "26.172.in-addr.arpa" { type master; file "master/empty.db"; }; 141zone "27.172.in-addr.arpa" { type master; file "master/empty.db"; }; 142zone "28.172.in-addr.arpa" { type master; file "master/empty.db"; }; 143zone "29.172.in-addr.arpa" { type master; file "master/empty.db"; }; 144zone "30.172.in-addr.arpa" { type master; file "master/empty.db"; }; 145zone "31.172.in-addr.arpa" { type master; file "master/empty.db"; }; 146zone "168.192.in-addr.arpa" { type master; file "master/empty.db"; }; 147 148// Link-local/APIPA (RFCs 3330 and 3927) 149zone "254.169.in-addr.arpa" { type master; file "master/empty.db"; }; 150 151// TEST-NET for Documentation (RFC 3330) 152zone "2.0.192.in-addr.arpa" { type master; file "master/empty.db"; }; 153 154// Router Benchmark Testing (RFC 2544) 155zone "18.192.in-addr.arpa" { type master; file "master/empty.db"; }; 156zone "19.192.in-addr.arpa" { type master; file "master/empty.db"; }; 157 158// IANA Reserved - Old Class E Space 159zone "240.in-addr.arpa" { type master; file "master/empty.db"; }; 160zone "241.in-addr.arpa" { type master; file "master/empty.db"; }; 161zone "242.in-addr.arpa" { type master; file "master/empty.db"; }; 162zone "243.in-addr.arpa" { type master; file "master/empty.db"; }; 163zone "244.in-addr.arpa" { type master; file "master/empty.db"; }; 164zone "245.in-addr.arpa" { type master; file "master/empty.db"; }; 165zone "246.in-addr.arpa" { type master; file "master/empty.db"; }; 166zone "247.in-addr.arpa" { type master; file "master/empty.db"; }; 167zone "248.in-addr.arpa" { type master; file "master/empty.db"; }; 168zone "249.in-addr.arpa" { type master; file "master/empty.db"; }; 169zone "250.in-addr.arpa" { type master; file "master/empty.db"; }; 170zone "251.in-addr.arpa" { type master; file "master/empty.db"; }; 171zone "252.in-addr.arpa" { type master; file "master/empty.db"; }; 172zone "253.in-addr.arpa" { type master; file "master/empty.db"; }; 173zone "254.in-addr.arpa" { type master; file "master/empty.db"; }; 174 175// IPv6 Unassigned Addresses (RFC 4291) 176zone "1.ip6.arpa" { type master; file "master/empty.db"; }; 177zone "3.ip6.arpa" { type master; file "master/empty.db"; }; 178zone "4.ip6.arpa" { type master; file "master/empty.db"; }; 179zone "5.ip6.arpa" { type master; file "master/empty.db"; }; 180zone "6.ip6.arpa" { type master; file "master/empty.db"; }; 181zone "7.ip6.arpa" { type master; file "master/empty.db"; }; 182zone "8.ip6.arpa" { type master; file "master/empty.db"; }; 183zone "9.ip6.arpa" { type master; file "master/empty.db"; }; 184zone "a.ip6.arpa" { type master; file "master/empty.db"; }; 185zone "b.ip6.arpa" { type master; file "master/empty.db"; }; 186zone "c.ip6.arpa" { type master; file "master/empty.db"; }; 187zone "d.ip6.arpa" { type master; file "master/empty.db"; }; 188zone "e.ip6.arpa" { type master; file "master/empty.db"; }; 189zone "0.f.ip6.arpa" { type master; file "master/empty.db"; }; 190zone "1.f.ip6.arpa" { type master; file "master/empty.db"; }; 191zone "2.f.ip6.arpa" { type master; file "master/empty.db"; }; 192zone "3.f.ip6.arpa" { type master; file "master/empty.db"; }; 193zone "4.f.ip6.arpa" { type master; file "master/empty.db"; }; 194zone "5.f.ip6.arpa" { type master; file "master/empty.db"; }; 195zone "6.f.ip6.arpa" { type master; file "master/empty.db"; }; 196zone "7.f.ip6.arpa" { type master; file "master/empty.db"; }; 197zone "8.f.ip6.arpa" { type master; file "master/empty.db"; }; 198zone "9.f.ip6.arpa" { type master; file "master/empty.db"; }; 199zone "a.f.ip6.arpa" { type master; file "master/empty.db"; }; 200zone "b.f.ip6.arpa" { type master; file "master/empty.db"; }; 201zone "0.e.f.ip6.arpa" { type master; file "master/empty.db"; }; 202zone "1.e.f.ip6.arpa" { type master; file "master/empty.db"; }; 203zone "2.e.f.ip6.arpa" { type master; file "master/empty.db"; }; 204zone "3.e.f.ip6.arpa" { type master; file "master/empty.db"; }; 205zone "4.e.f.ip6.arpa" { type master; file "master/empty.db"; }; 206zone "5.e.f.ip6.arpa" { type master; file "master/empty.db"; }; 207zone "6.e.f.ip6.arpa" { type master; file "master/empty.db"; }; 208zone "7.e.f.ip6.arpa" { type master; file "master/empty.db"; }; 209 210// IPv6 ULA (RFC 4193) 211zone "c.f.ip6.arpa" { type master; file "master/empty.db"; }; 212zone "d.f.ip6.arpa" { type master; file "master/empty.db"; }; 213 214// IPv6 Link Local (RFC 4291) 215zone "8.e.f.ip6.arpa" { type master; file "master/empty.db"; }; 216zone "9.e.f.ip6.arpa" { type master; file "master/empty.db"; }; 217zone "a.e.f.ip6.arpa" { type master; file "master/empty.db"; }; 218zone "b.e.f.ip6.arpa" { type master; file "master/empty.db"; }; 219 220// IPv6 Deprecated Site-Local Addresses (RFC 3879) 221zone "c.e.f.ip6.arpa" { type master; file "master/empty.db"; }; 222zone "d.e.f.ip6.arpa" { type master; file "master/empty.db"; }; 223zone "e.e.f.ip6.arpa" { type master; file "master/empty.db"; }; 224zone "f.e.f.ip6.arpa" { type master; file "master/empty.db"; }; 225 226// IP6.INT is Deprecated (RFC 4159) 227zone "ip6.int" { type master; file "master/empty.db"; }; 228 229// NB: Do not use the IP addresses below, they are faked, and only 230// serve demonstration/documentation purposes! 231// 232// Example slave zone config entries. It can be convenient to become 233// a slave at least for the zone your own domain is in. Ask 234// your network administrator for the IP address of the responsible 235// master name server. 236// 237// Do not forget to include the reverse lookup zone! 238// This is named after the first bytes of the IP address, in reverse 239// order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6. 240// 241// Before starting to set up a master zone, make sure you fully 242// understand how DNS and BIND work. There are sometimes 243// non-obvious pitfalls. Setting up a slave zone is usually simpler. 244// 245// NB: Don't blindly enable the examples below. :-) Use actual names 246// and addresses instead. 247 248/* An example dynamic zone 249key "exampleorgkey" { 250 algorithm hmac-md5; 251 secret "sf87HJqjkqh8ac87a02lla=="; 252}; 253zone "example.org" { 254 type master; 255 allow-update { 256 key "exampleorgkey"; 257 }; 258 file "dynamic/example.org"; 259}; 260*/ 261 262/* Example of a slave reverse zone 263zone "1.168.192.in-addr.arpa" { 264 type slave; 265 file "slave/1.168.192.in-addr.arpa"; 266 masters { 267 192.168.1.1; 268 }; 269}; 270*/ 271 272