named.conf revision 41460
1193323Sed// $Id: named.conf,v 1.3 1998/12/01 21:36:33 dillon Exp $ 2193323Sed// 3193323Sed// Refer to the named(8) man page for details. If you are ever going 4193323Sed// to setup a primary server, make sure you've understood the hairy 5193323Sed// details of how DNS is working. Even with simple mistakes, you can 6193323Sed// break connectivity for affected parties, or cause huge amount of 7193323Sed// useless Internet traffic. 8193323Sed 9193323Sedoptions { 10193323Sed directory "/etc/namedb"; 11193323Sed 12193323Sed// In addition to the "forwarders" clause, you can force your name 13193323Sed// server to never initiate queries of its own, but always ask its 14193323Sed// forwarders only, by enabling the following line: 15193323Sed// 16193323Sed// forward only; 17193323Sed 18193323Sed// If you've got a DNS server around at your upstream provider, enter 19193323Sed// its IP address here, and enable the line below. This will make you 20193323Sed// benefit from its cache, thus reduce overall DNS traffic in the Internet. 21193323Sed/* 22193323Sed forwarders { 23193323Sed 127.0.0.1; 24193323Sed }; 25193323Sed*/ 26198090Srdivacky /* 27193323Sed * If there is a firewall between you and nameservers you want 28193323Sed * to talk to, you might need to uncomment the query-source 29193323Sed * directive below. Previous versions of BIND always asked 30194710Sed * questions using port 53, but BIND 8.1 uses an unprivileged 31193323Sed * port by default. 32193323Sed */ 33193323Sed // query-source address * port 53; 34193323Sed}; 35193323Sed 36193323Sed// Note: the following will be supported in a future release. 37193323Sed/* 38193323Sedhost { any; } { 39193323Sed topology { 40193323Sed 127.0.0.0/8; 41193323Sed }; 42193323Sed}; 43193323Sed*/ 44193323Sed 45193323Sed// Setting up secondaries is way easier and the rough picture for this 46193323Sed// is explained below. 47193323Sed// 48193323Sed// If you enable a local name server, don't forget to enter 127.0.0.1 49194710Sed// into your /etc/resolv.conf so this server will be queried first. 50194710Sed// Also, make sure to enable it in /etc/rc.conf. 51193323Sed 52193323Sedzone "." { 53193323Sed type hint; 54193323Sed file "named.root"; 55193323Sed}; 56193323Sed 57198090Srdivackyzone "0.0.127.IN-ADDR.ARPA" { 58193323Sed type master; 59193323Sed file "localhost.rev"; 60193323Sed}; 61193323Sed 62193323Sed// NB: Do not use the IP addresses below, they are faked, and only 63193323Sed// serve demonstration/documentation purposes! 64193323Sed// 65193323Sed// Example secondary config entries. It can be convenient to become 66193323Sed// a secondary at least for the zone where your own domain is in. Ask 67193323Sed// your network administrator for the IP address of the responsible 68193323Sed// primary. 69193323Sed// 70193323Sed// Never forget to include the reverse lookup (IN-ADDR.ARPA) zone! 71193323Sed// (This is the first bytes of the respective IP address, in reverse 72193323Sed// order, with ".IN-ADDR.ARPA" appended.) 73193323Sed// 74193323Sed// Before starting to setup a primary zone, better make sure you fully 75193323Sed// understand how DNS and BIND works, however. There are sometimes 76193323Sed// unobvious pitfalls. Setting up a secondary is comparably simpler. 77193323Sed// 78193323Sed// NB: Don't blindly enable the examples below. :-) Use actual names 79193323Sed// and addresses instead. 80193323Sed// 81193323Sed// NOTE!!! FreeBSD runs bind in a sandbox (see named_flags in rc.conf). 82193323Sed// The directory containing the secondary zones must be write accessible 83193323Sed// to bind. The following sequence is suggested: 84193323Sed// 85193323Sed// mkdir /etc/namedb/s 86193323Sed// chown bind.bind /etc/namedb/s 87193323Sed// chmod 750 /etc/namedb/s 88193323Sed 89193323Sed/* 90193323Sedzone "domain.com" { 91193323Sed type slave; 92193323Sed file "s/domain.com.bak"; 93193323Sed masters { 94193323Sed 192.168.1.1; 95193323Sed }; 96193323Sed}; 97193323Sed 98198090Srdivackyzone "0.168.192.in-addr.arpa" { 99193323Sed type slave; 100198090Srdivacky file "s/0.168.192.in-addr.arpa.bak"; 101193323Sed masters { 102193323Sed 192.168.1.1; 103198090Srdivacky }; 104193323Sed}; 105198090Srdivacky*/ 106198090Srdivacky 107193323Sed