source: hybrid/branches/releng-9.0/nanobsd/files/etc/namedb/named.conf@ 10381

Last change on this file since 10381 was 10381, checked in by rick, 13 years ago

Stock BSD namedb.
File size: 14.0 KB
Line 
1// $FreeBSD: release/9.0.0/etc/namedb/named.conf 224125 2011-07-17 06:20:47Z dougb $
2//
3// Refer to the named.conf(5) and named(8) man pages, and the documentation
4// in /usr/share/doc/bind9 for more details.
5//
6// If you are going to set up an authoritative server, make sure you
7// understand the hairy details of how DNS works. Even with
8// simple mistakes, you can break connectivity for affected parties,
9// or cause huge amounts of useless Internet traffic.
10
11options {
12 // All file and path names are relative to the chroot directory,
13 // if any, and should be fully qualified.
14 directory "/etc/namedb/working";
15 pid-file "/var/run/named/pid";
16 dump-file "/var/dump/named_dump.db";
17 statistics-file "/var/stats/named.stats";
18
19// If named is being used only as a local resolver, this is a safe default.
20// For named to be accessible to the network, comment this option, specify
21// the proper IP address, or delete this option.
22 listen-on { 127.0.0.1; };
23
24// If you have IPv6 enabled on this system, uncomment this option for
25// use as a local resolver. To give access to the network, specify
26// an IPv6 address, or the keyword "any".
27// listen-on-v6 { ::1; };
28
29// These zones are already covered by the empty zones listed below.
30// If you remove the related empty zones below, comment these lines out.
31 disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
32 disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
33 disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
34
35// If you've got a DNS server around at your upstream provider, enter
36// its IP address here, and enable the line below. This will make you
37// benefit from its cache, thus reduce overall DNS traffic in the Internet.
38/*
39 forwarders {
40 127.0.0.1;
41 };
42*/
43
44// If the 'forwarders' clause is not empty the default is to 'forward first'
45// which will fall back to sending a query from your local server if the name
46// servers in 'forwarders' do not have the answer. Alternatively you can
47// force your name server to never initiate queries of its own by enabling the
48// following line:
49// forward only;
50
51// If you wish to have forwarding configured automatically based on
52// the entries in /etc/resolv.conf, uncomment the following line and
53// set named_auto_forward=yes in /etc/rc.conf. You can also enable
54// named_auto_forward_only (the effect of which is described above).
55// include "/etc/namedb/auto_forward.conf";
56
57 /*
58 Modern versions of BIND use a random UDP port for each outgoing
59 query by default in order to dramatically reduce the possibility
60 of cache poisoning. All users are strongly encouraged to utilize
61 this feature, and to configure their firewalls to accommodate it.
62
63 AS A LAST RESORT in order to get around a restrictive firewall
64 policy you can try enabling the option below. Use of this option
65 will significantly reduce your ability to withstand cache poisoning
66 attacks, and should be avoided if at all possible.
67
68 Replace NNNNN in the example with a number between 49160 and 65530.
69 */
70 // query-source address * port NNNNN;
71};
72
73// If you enable a local name server, don't forget to enter 127.0.0.1
74// first in your /etc/resolv.conf so this server will be queried.
75// Also, make sure to enable it in /etc/rc.conf.
76
77// The traditional root hints mechanism. Use this, OR the slave zones below.
78zone "." { type hint; file "/etc/namedb/named.root"; };
79
80/* Slaving the following zones from the root name servers has some
81 significant advantages:
82 1. Faster local resolution for your users
83 2. No spurious traffic will be sent from your network to the roots
84 3. Greater resilience to any potential root server failure/DDoS
85
86 On the other hand, this method requires more monitoring than the
87 hints file to be sure that an unexpected failure mode has not
88 incapacitated your server. Name servers that are serving a lot
89 of clients will benefit more from this approach than individual
90 hosts. Use with caution.
91
92 To use this mechanism, uncomment the entries below, and comment
93 the hint zone above.
94
95 As documented at http://dns.icann.org/services/axfr/ these zones:
96 "." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and ROOT-SERVERS.NET
97 are availble for AXFR from these servers on IPv4 and IPv6:
98 xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org
99*/
100/*
101zone "." {
102 type slave;
103 file "/etc/namedb/slave/root.slave";
104 masters {
105 192.5.5.241; // F.ROOT-SERVERS.NET.
106 };
107 notify no;
108};
109zone "arpa" {
110 type slave;
111 file "/etc/namedb/slave/arpa.slave";
112 masters {
113 192.5.5.241; // F.ROOT-SERVERS.NET.
114 };
115 notify no;
116};
117*/
118
119/* Serving the following zones locally will prevent any queries
120 for these zones leaving your network and going to the root
121 name servers. This has two significant advantages:
122 1. Faster local resolution for your users
123 2. No spurious traffic will be sent from your network to the roots
124*/
125// RFCs 1912, 5735 and 6303 (and BCP 32 for localhost)
126zone "localhost" { type master; file "/etc/namedb/master/localhost-forward.db"; };
127zone "127.in-addr.arpa" { type master; file "/etc/namedb/master/localhost-reverse.db"; };
128zone "255.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
129
130// RFC 1912-style zone for IPv6 localhost address (RFC 6303)
131zone "0.ip6.arpa" { type master; file "/etc/namedb/master/localhost-reverse.db"; };
132
133// "This" Network (RFCs 1912, 5735 and 6303)
134zone "0.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
135
136// Private Use Networks (RFCs 1918, 5735 and 6303)
137zone "10.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
138zone "16.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
139zone "17.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
140zone "18.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
141zone "19.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
142zone "20.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
143zone "21.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
144zone "22.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
145zone "23.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
146zone "24.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
147zone "25.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
148zone "26.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
149zone "27.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
150zone "28.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
151zone "29.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
152zone "30.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
153zone "31.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
154zone "168.192.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
155
156// Link-local/APIPA (RFCs 3927, 5735 and 6303)
157zone "254.169.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
158
159// IETF protocol assignments (RFCs 5735 and 5736)
160zone "0.0.192.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
161
162// TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303)
163zone "2.0.192.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
164zone "100.51.198.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
165zone "113.0.203.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
166
167// IPv6 Example Range for Documentation (RFCs 3849 and 6303)
168zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
169
170// Domain Names for Documentation and Testing (BCP 32)
171zone "test" { type master; file "/etc/namedb/master/empty.db"; };
172zone "example" { type master; file "/etc/namedb/master/empty.db"; };
173zone "invalid" { type master; file "/etc/namedb/master/empty.db"; };
174zone "example.com" { type master; file "/etc/namedb/master/empty.db"; };
175zone "example.net" { type master; file "/etc/namedb/master/empty.db"; };
176zone "example.org" { type master; file "/etc/namedb/master/empty.db"; };
177
178// Router Benchmark Testing (RFCs 2544 and 5735)
179zone "18.198.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
180zone "19.198.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
181
182// IANA Reserved - Old Class E Space (RFC 5735)
183zone "240.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
184zone "241.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
185zone "242.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
186zone "243.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
187zone "244.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
188zone "245.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
189zone "246.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
190zone "247.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
191zone "248.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
192zone "249.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
193zone "250.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
194zone "251.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
195zone "252.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
196zone "253.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
197zone "254.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
198
199// IPv6 Unassigned Addresses (RFC 4291)
200zone "1.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
201zone "3.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
202zone "4.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
203zone "5.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
204zone "6.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
205zone "7.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
206zone "8.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
207zone "9.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
208zone "a.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
209zone "b.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
210zone "c.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
211zone "d.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
212zone "e.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
213zone "0.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
214zone "1.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
215zone "2.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
216zone "3.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
217zone "4.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
218zone "5.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
219zone "6.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
220zone "7.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
221zone "8.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
222zone "9.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
223zone "a.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
224zone "b.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
225zone "0.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
226zone "1.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
227zone "2.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
228zone "3.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
229zone "4.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
230zone "5.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
231zone "6.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
232zone "7.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
233
234// IPv6 ULA (RFCs 4193 and 6303)
235zone "c.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
236zone "d.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
237
238// IPv6 Link Local (RFCs 4291 and 6303)
239zone "8.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
240zone "9.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
241zone "a.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
242zone "b.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
243
244// IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303)
245zone "c.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
246zone "d.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
247zone "e.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
248zone "f.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
249
250// IP6.INT is Deprecated (RFC 4159)
251zone "ip6.int" { type master; file "/etc/namedb/master/empty.db"; };
252
253// NB: Do not use the IP addresses below, they are faked, and only
254// serve demonstration/documentation purposes!
255//
256// Example slave zone config entries. It can be convenient to become
257// a slave at least for the zone your own domain is in. Ask
258// your network administrator for the IP address of the responsible
259// master name server.
260//
261// Do not forget to include the reverse lookup zone!
262// This is named after the first bytes of the IP address, in reverse
263// order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6.
264//
265// Before starting to set up a master zone, make sure you fully
266// understand how DNS and BIND work. There are sometimes
267// non-obvious pitfalls. Setting up a slave zone is usually simpler.
268//
269// NB: Don't blindly enable the examples below. :-) Use actual names
270// and addresses instead.
271
272/* An example dynamic zone
273key "exampleorgkey" {
274 algorithm hmac-md5;
275 secret "sf87HJqjkqh8ac87a02lla==";
276};
277zone "example.org" {
278 type master;
279 allow-update {
280 key "exampleorgkey";
281 };
282 file "/etc/namedb/dynamic/example.org";
283};
284*/
285
286/* Example of a slave reverse zone
287zone "1.168.192.in-addr.arpa" {
288 type slave;
289 file "/etc/namedb/slave/1.168.192.in-addr.arpa";
290 masters {
291 192.168.1.1;
292 };
293};
294*/
Note: See TracBrowser for help on using the repository browser.