named.conf revision 171698
1// $FreeBSD: head/etc/namedb/named.conf 171698 2007-08-02 09:18:53Z dougb $ 2// 3// Refer to the named.conf(5) and named(8) man pages, and the documentation 4// in /usr/share/doc/bind9 for more details. 5// 6// If you are going to set up an authoritative server, make sure you 7// understand the hairy details of how DNS works. Even with 8// simple mistakes, you can break connectivity for affected parties, 9// or cause huge amounts of useless Internet traffic. 10 11options { 12 // Relative to the chroot directory, if any 13 directory "/etc/namedb"; 14 pid-file "/var/run/named/pid"; 15 dump-file "/var/dump/named_dump.db"; 16 statistics-file "/var/stats/named.stats"; 17 18// If named is being used only as a local resolver, this is a safe default. 19// For named to be accessible to the network, comment this option, specify 20// the proper IP address, or delete this option. 21 listen-on { 127.0.0.1; }; 22 23// If you have IPv6 enabled on this system, uncomment this option for 24// use as a local resolver. To give access to the network, specify 25// an IPv6 address, or the keyword "any". 26// listen-on-v6 { ::1; }; 27 28// These zones are already covered by the empty zones listed below. 29// If you remove the related empty zones below, comment these lines out. 30 disable-empty-zone "255.255.255.255.IN-ADDR.ARPA"; 31 disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; 32 disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; 33 34// In addition to the "forwarders" clause, you can force your name 35// server to never initiate queries of its own, but always ask its 36// forwarders only, by enabling the following line: 37// 38// forward only; 39 40// If you've got a DNS server around at your upstream provider, enter 41// its IP address here, and enable the line below. This will make you 42// benefit from its cache, thus reduce overall DNS traffic in the Internet. 43/* 44 forwarders { 45 127.0.0.1; 46 }; 47*/ 48 /* 49 * If there is a firewall between you and nameservers you want 50 * to talk to, you might need to uncomment the query-source 51 * directive below. Previous versions of BIND always asked 52 * questions using port 53, but BIND versions 8 and later 53 * use a pseudo-random unprivileged UDP port by default. 54 */ 55 // query-source address * port 53; 56}; 57 58// If you enable a local name server, don't forget to enter 127.0.0.1 59// first in your /etc/resolv.conf so this server will be queried. 60// Also, make sure to enable it in /etc/rc.conf. 61 62// The traditional root hints mechanism. Use this, OR the slave zones below. 63zone "." { type hint; file "named.root"; }; 64 65/* Slaving the following zones from the root name servers has some 66 significant advantages: 67 1. Faster local resolution for your users 68 2. No spurious traffic will be sent from your network to the roots 69 3. Greater resilience to any potential root server failure/DDoS 70 71 To use this mechanism, uncomment the entries below, and comment 72 the hint zone above. 73*/ 74/* 75zone "." { 76 type slave; 77 file "slave/root.slave"; 78 masters { 79 192.33.4.12; // C.ROOT-SERVERS.NET. 80 192.112.36.4; // G.ROOT-SERVERS.NET. 81 193.0.14.129; // K.ROOT-SERVERS.NET. 82 }; 83 notify no; 84}; 85zone "arpa" { 86 type slave; 87 file "slave/arpa.slave"; 88 masters { 89 192.33.4.12; // C.ROOT-SERVERS.NET. 90 192.112.36.4; // G.ROOT-SERVERS.NET. 91 193.0.14.129; // K.ROOT-SERVERS.NET. 92 }; 93 notify no; 94}; 95zone "in-addr.arpa" { 96 type slave; 97 file "slave/in-addr.arpa.slave"; 98 masters { 99 192.33.4.12; // C.ROOT-SERVERS.NET. 100 192.112.36.4; // G.ROOT-SERVERS.NET. 101 193.0.14.129; // K.ROOT-SERVERS.NET. 102 }; 103 notify no; 104}; 105*/ 106 107/* Serving the following zones locally will prevent any queries 108 for these zones leaving your network and going to the root 109 name servers. This has two significant advantages: 110 1. Faster local resolution for your users 111 2. No spurious traffic will be sent from your network to the roots 112*/ 113// RFC 1912 114zone "localhost" { type master; file "master/localhost-forward.db"; }; 115zone "127.in-addr.arpa" { type master; file "master/localhost-reverse.db"; }; 116zone "255.in-addr.arpa" { type master; file "master/empty.db"; }; 117 118// RFC 1912-style zone for IPv6 localhost address 119zone "0.ip6.arpa" { type master; file "master/localhost-reverse.db"; }; 120 121// "This" Network (RFCs 1912 and 3330) 122zone "0.in-addr.arpa" { type master; file "master/empty.db"; }; 123 124// IANA Reserved - Unlikely to ever be assigned 125zone "1.in-addr.arpa" { type master; file "master/empty.db"; }; 126zone "2.in-addr.arpa" { type master; file "master/empty.db"; }; 127zone "223.in-addr.arpa" { type master; file "master/empty.db"; }; 128 129// Public Data Networks (RFC 3330) 130zone "14.in-addr.arpa" { type master; file "master/empty.db"; }; 131 132// Private Use Networks (RFC 1918) 133zone "10.in-addr.arpa" { type master; file "master/empty.db"; }; 134zone "16.172.in-addr.arpa" { type master; file "master/empty.db"; }; 135zone "17.172.in-addr.arpa" { type master; file "master/empty.db"; }; 136zone "18.172.in-addr.arpa" { type master; file "master/empty.db"; }; 137zone "19.172.in-addr.arpa" { type master; file "master/empty.db"; }; 138zone "20.172.in-addr.arpa" { type master; file "master/empty.db"; }; 139zone "21.172.in-addr.arpa" { type master; file "master/empty.db"; }; 140zone "22.172.in-addr.arpa" { type master; file "master/empty.db"; }; 141zone "23.172.in-addr.arpa" { type master; file "master/empty.db"; }; 142zone "24.172.in-addr.arpa" { type master; file "master/empty.db"; }; 143zone "25.172.in-addr.arpa" { type master; file "master/empty.db"; }; 144zone "26.172.in-addr.arpa" { type master; file "master/empty.db"; }; 145zone "27.172.in-addr.arpa" { type master; file "master/empty.db"; }; 146zone "28.172.in-addr.arpa" { type master; file "master/empty.db"; }; 147zone "29.172.in-addr.arpa" { type master; file "master/empty.db"; }; 148zone "30.172.in-addr.arpa" { type master; file "master/empty.db"; }; 149zone "31.172.in-addr.arpa" { type master; file "master/empty.db"; }; 150zone "168.192.in-addr.arpa" { type master; file "master/empty.db"; }; 151 152// Link-local/APIPA (RFCs 3330 and 3927) 153zone "254.169.in-addr.arpa" { type master; file "master/empty.db"; }; 154 155// TEST-NET for Documentation (RFC 3330) 156zone "2.0.192.in-addr.arpa" { type master; file "master/empty.db"; }; 157 158// Router Benchmark Testing (RFC 2544) 159zone "18.192.in-addr.arpa" { type master; file "master/empty.db"; }; 160zone "19.192.in-addr.arpa" { type master; file "master/empty.db"; }; 161 162// IANA Reserved - Old Class E Space 163zone "240.in-addr.arpa" { type master; file "master/empty.db"; }; 164zone "241.in-addr.arpa" { type master; file "master/empty.db"; }; 165zone "242.in-addr.arpa" { type master; file "master/empty.db"; }; 166zone "243.in-addr.arpa" { type master; file "master/empty.db"; }; 167zone "244.in-addr.arpa" { type master; file "master/empty.db"; }; 168zone "245.in-addr.arpa" { type master; file "master/empty.db"; }; 169zone "246.in-addr.arpa" { type master; file "master/empty.db"; }; 170zone "247.in-addr.arpa" { type master; file "master/empty.db"; }; 171zone "248.in-addr.arpa" { type master; file "master/empty.db"; }; 172zone "249.in-addr.arpa" { type master; file "master/empty.db"; }; 173zone "250.in-addr.arpa" { type master; file "master/empty.db"; }; 174zone "251.in-addr.arpa" { type master; file "master/empty.db"; }; 175zone "252.in-addr.arpa" { type master; file "master/empty.db"; }; 176zone "253.in-addr.arpa" { type master; file "master/empty.db"; }; 177zone "254.in-addr.arpa" { type master; file "master/empty.db"; }; 178 179// IPv6 Unassigned Addresses (RFC 4291) 180zone "1.ip6.arpa" { type master; file "master/empty.db"; }; 181zone "3.ip6.arpa" { type master; file "master/empty.db"; }; 182zone "4.ip6.arpa" { type master; file "master/empty.db"; }; 183zone "5.ip6.arpa" { type master; file "master/empty.db"; }; 184zone "6.ip6.arpa" { type master; file "master/empty.db"; }; 185zone "7.ip6.arpa" { type master; file "master/empty.db"; }; 186zone "8.ip6.arpa" { type master; file "master/empty.db"; }; 187zone "9.ip6.arpa" { type master; file "master/empty.db"; }; 188zone "a.ip6.arpa" { type master; file "master/empty.db"; }; 189zone "b.ip6.arpa" { type master; file "master/empty.db"; }; 190zone "c.ip6.arpa" { type master; file "master/empty.db"; }; 191zone "d.ip6.arpa" { type master; file "master/empty.db"; }; 192zone "e.ip6.arpa" { type master; file "master/empty.db"; }; 193zone "0.f.ip6.arpa" { type master; file "master/empty.db"; }; 194zone "1.f.ip6.arpa" { type master; file "master/empty.db"; }; 195zone "2.f.ip6.arpa" { type master; file "master/empty.db"; }; 196zone "3.f.ip6.arpa" { type master; file "master/empty.db"; }; 197zone "4.f.ip6.arpa" { type master; file "master/empty.db"; }; 198zone "5.f.ip6.arpa" { type master; file "master/empty.db"; }; 199zone "6.f.ip6.arpa" { type master; file "master/empty.db"; }; 200zone "7.f.ip6.arpa" { type master; file "master/empty.db"; }; 201zone "8.f.ip6.arpa" { type master; file "master/empty.db"; }; 202zone "9.f.ip6.arpa" { type master; file "master/empty.db"; }; 203zone "a.f.ip6.arpa" { type master; file "master/empty.db"; }; 204zone "b.f.ip6.arpa" { type master; file "master/empty.db"; }; 205zone "0.e.f.ip6.arpa" { type master; file "master/empty.db"; }; 206zone "1.e.f.ip6.arpa" { type master; file "master/empty.db"; }; 207zone "2.e.f.ip6.arpa" { type master; file "master/empty.db"; }; 208zone "3.e.f.ip6.arpa" { type master; file "master/empty.db"; }; 209zone "4.e.f.ip6.arpa" { type master; file "master/empty.db"; }; 210zone "5.e.f.ip6.arpa" { type master; file "master/empty.db"; }; 211zone "6.e.f.ip6.arpa" { type master; file "master/empty.db"; }; 212zone "7.e.f.ip6.arpa" { type master; file "master/empty.db"; }; 213 214// IPv6 ULA (RFC 4193) 215zone "c.f.ip6.arpa" { type master; file "master/empty.db"; }; 216zone "d.f.ip6.arpa" { type master; file "master/empty.db"; }; 217 218// IPv6 Link Local (RFC 4291) 219zone "8.e.f.ip6.arpa" { type master; file "master/empty.db"; }; 220zone "9.e.f.ip6.arpa" { type master; file "master/empty.db"; }; 221zone "a.e.f.ip6.arpa" { type master; file "master/empty.db"; }; 222zone "b.e.f.ip6.arpa" { type master; file "master/empty.db"; }; 223 224// IPv6 Deprecated Site-Local Addresses (RFC 3879) 225zone "c.e.f.ip6.arpa" { type master; file "master/empty.db"; }; 226zone "d.e.f.ip6.arpa" { type master; file "master/empty.db"; }; 227zone "e.e.f.ip6.arpa" { type master; file "master/empty.db"; }; 228zone "f.e.f.ip6.arpa" { type master; file "master/empty.db"; }; 229 230// IP6.INT is Deprecated (RFC 4159) 231zone "ip6.int" { type master; file "master/empty.db"; }; 232 233// NB: Do not use the IP addresses below, they are faked, and only 234// serve demonstration/documentation purposes! 235// 236// Example slave zone config entries. It can be convenient to become 237// a slave at least for the zone your own domain is in. Ask 238// your network administrator for the IP address of the responsible 239// master name server. 240// 241// Do not forget to include the reverse lookup zone! 242// This is named after the first bytes of the IP address, in reverse 243// order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6. 244// 245// Before starting to set up a master zone, make sure you fully 246// understand how DNS and BIND work. There are sometimes 247// non-obvious pitfalls. Setting up a slave zone is usually simpler. 248// 249// NB: Don't blindly enable the examples below. :-) Use actual names 250// and addresses instead. 251 252/* An example dynamic zone 253key "exampleorgkey" { 254 algorithm hmac-md5; 255 secret "sf87HJqjkqh8ac87a02lla=="; 256}; 257zone "example.org" { 258 type master; 259 allow-update { 260 key "exampleorgkey"; 261 }; 262 file "dynamic/example.org"; 263}; 264*/ 265 266/* Example of a slave reverse zone 267zone "1.168.192.in-addr.arpa" { 268 type slave; 269 file "slave/1.168.192.in-addr.arpa"; 270 masters { 271 192.168.1.1; 272 }; 273}; 274*/ 275 276