source: hybrid/branches/releng-9.0/nanobsd/files/var/named/etc/namedb/named.conf@ 10772

Last change on this file since 10772 was 10772, checked in by rick, 14 years ago

Avoid messsage:

managed-keys-zone ./IN: loading from master file /etc/namedb/managed-keys.bind failed: unknown class/type
File size: 16.2 KB
Line 
1// $FreeBSD: release/9.0.0/etc/namedb/named.conf 224125 2011-07-17 06:20:47Z dougb $
2//
3// Refer to the named.conf(5) and named(8) man pages, and the documentation
4// in /usr/share/doc/bind9 for more details.
5//
6// If you are going to set up an authoritative server, make sure you
7// understand the hairy details of how DNS works. Even with
8// simple mistakes, you can break connectivity for affected parties,
9// or cause huge amounts of useless Internet traffic.
10
11options {
12 // All file and path names are relative to the chroot directory,
13 // if any, and should be fully qualified.
14 directory "/etc/namedb/working";
15 pid-file "/var/run/named/pid";
16 dump-file "/var/dump/named_dump.db";
17 statistics-file "/var/stats/named.stats";
18 managed-keys-directory "/etc/namedb";
19
20// If named is being used only as a local resolver, this is a safe default.
21// For named to be accessible to the network, comment this option, specify
22// the proper IP address, or delete this option.
23// listen-on { 127.0.0.1; };
24
25// If you have IPv6 enabled on this system, uncomment this option for
26// use as a local resolver. To give access to the network, specify
27// an IPv6 address, or the keyword "any".
28// listen-on-v6 { ::1; };
29
30// These zones are already covered by the empty zones listed below.
31// If you remove the related empty zones below, comment these lines out.
32 disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
33 disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
34 disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
35
36// If you've got a DNS server around at your upstream provider, enter
37// its IP address here, and enable the line below. This will make you
38// benefit from its cache, thus reduce overall DNS traffic in the Internet.
39/*
40 forwarders {
41 127.0.0.1;
42 };
43*/
44
45// If the 'forwarders' clause is not empty the default is to 'forward first'
46// which will fall back to sending a query from your local server if the name
47// servers in 'forwarders' do not have the answer. Alternatively you can
48// force your name server to never initiate queries of its own by enabling the
49// following line:
50// forward only;
51
52// If you wish to have forwarding configured automatically based on
53// the entries in /etc/resolv.conf, uncomment the following line and
54// set named_auto_forward=yes in /etc/rc.conf. You can also enable
55// named_auto_forward_only (the effect of which is described above).
56 include "/etc/namedb/auto_forward.conf";
57
58 /*
59 Modern versions of BIND use a random UDP port for each outgoing
60 query by default in order to dramatically reduce the possibility
61 of cache poisoning. All users are strongly encouraged to utilize
62 this feature, and to configure their firewalls to accommodate it.
63
64 AS A LAST RESORT in order to get around a restrictive firewall
65 policy you can try enabling the option below. Use of this option
66 will significantly reduce your ability to withstand cache poisoning
67 attacks, and should be avoided if at all possible.
68
69 Replace NNNNN in the example with a number between 49160 and 65530.
70 */
71 // query-source address * port NNNNN;
72 allow-transfer { "any"; };
73 allow-recursion { "any"; };
74};
75
76// If you enable a local name server, don't forget to enter 127.0.0.1
77// first in your /etc/resolv.conf so this server will be queried.
78// Also, make sure to enable it in /etc/rc.conf.
79
80// The traditional root hints mechanism. Use this, OR the slave zones below.
81zone "." { type hint; file "/etc/namedb/named.root"; };
82
83/* Slaving the following zones from the root name servers has some
84 significant advantages:
85 1. Faster local resolution for your users
86 2. No spurious traffic will be sent from your network to the roots
87 3. Greater resilience to any potential root server failure/DDoS
88
89 On the other hand, this method requires more monitoring than the
90 hints file to be sure that an unexpected failure mode has not
91 incapacitated your server. Name servers that are serving a lot
92 of clients will benefit more from this approach than individual
93 hosts. Use with caution.
94
95 To use this mechanism, uncomment the entries below, and comment
96 the hint zone above.
97
98 As documented at http://dns.icann.org/services/axfr/ these zones:
99 "." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and ROOT-SERVERS.NET
100 are availble for AXFR from these servers on IPv4 and IPv6:
101 xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org
102*/
103/*
104zone "." {
105 type slave;
106 file "/etc/namedb/slave/root.slave";
107 masters {
108 192.5.5.241; // F.ROOT-SERVERS.NET.
109 };
110 notify no;
111};
112zone "arpa" {
113 type slave;
114 file "/etc/namedb/slave/arpa.slave";
115 masters {
116 192.5.5.241; // F.ROOT-SERVERS.NET.
117 };
118 notify no;
119};
120*/
121
122/* Serving the following zones locally will prevent any queries
123 for these zones leaving your network and going to the root
124 name servers. This has two significant advantages:
125 1. Faster local resolution for your users
126 2. No spurious traffic will be sent from your network to the roots
127*/
128// RFCs 1912, 5735 and 6303 (and BCP 32 for localhost)
129zone "localhost" { type master; file "/etc/namedb/master/localhost-forward.db"; };
130zone "127.in-addr.arpa" { type master; file "/etc/namedb/master/localhost-reverse.db"; };
131zone "255.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
132
133// RFC 1912-style zone for IPv6 localhost address (RFC 6303)
134zone "0.ip6.arpa" { type master; file "/etc/namedb/master/localhost-reverse.db"; };
135
136// "This" Network (RFCs 1912, 5735 and 6303)
137zone "0.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
138
139// Private Use Networks (RFCs 1918, 5735 and 6303)
140zone "10.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
141//zone "16.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
142//zone "17.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
143//zone "18.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
144//zone "19.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
145//zone "20.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
146//zone "21.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
147//zone "22.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
148//zone "23.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
149//zone "24.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
150//zone "25.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
151//zone "26.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
152//zone "27.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
153//zone "28.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
154//zone "29.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
155//zone "30.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
156//zone "31.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
157zone "168.192.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
158
159// Link-local/APIPA (RFCs 3927, 5735 and 6303)
160zone "254.169.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
161
162// IETF protocol assignments (RFCs 5735 and 5736)
163zone "0.0.192.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
164
165// TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303)
166zone "2.0.192.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
167zone "100.51.198.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
168zone "113.0.203.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
169
170// IPv6 Example Range for Documentation (RFCs 3849 and 6303)
171zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
172
173// Domain Names for Documentation and Testing (BCP 32)
174zone "test" { type master; file "/etc/namedb/master/empty.db"; };
175zone "example" { type master; file "/etc/namedb/master/empty.db"; };
176zone "invalid" { type master; file "/etc/namedb/master/empty.db"; };
177zone "example.com" { type master; file "/etc/namedb/master/empty.db"; };
178zone "example.net" { type master; file "/etc/namedb/master/empty.db"; };
179zone "example.org" { type master; file "/etc/namedb/master/empty.db"; };
180
181// Router Benchmark Testing (RFCs 2544 and 5735)
182zone "18.198.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
183zone "19.198.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
184
185// IANA Reserved - Old Class E Space (RFC 5735)
186zone "240.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
187zone "241.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
188zone "242.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
189zone "243.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
190zone "244.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
191zone "245.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
192zone "246.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
193zone "247.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
194zone "248.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
195zone "249.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
196zone "250.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
197zone "251.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
198zone "252.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
199zone "253.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
200zone "254.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
201
202// IPv6 Unassigned Addresses (RFC 4291)
203zone "1.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
204zone "3.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
205zone "4.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
206zone "5.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
207zone "6.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
208zone "7.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
209zone "8.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
210zone "9.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
211zone "a.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
212zone "b.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
213zone "c.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
214zone "d.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
215zone "e.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
216zone "0.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
217zone "1.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
218zone "2.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
219zone "3.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
220zone "4.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
221zone "5.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
222zone "6.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
223zone "7.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
224zone "8.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
225zone "9.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
226zone "a.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
227zone "b.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
228zone "0.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
229zone "1.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
230zone "2.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
231zone "3.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
232zone "4.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
233zone "5.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
234zone "6.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
235zone "7.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
236
237// IPv6 ULA (RFCs 4193 and 6303)
238zone "c.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
239zone "d.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
240
241// IPv6 Link Local (RFCs 4291 and 6303)
242zone "8.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
243zone "9.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
244zone "a.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
245zone "b.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
246
247// IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303)
248zone "c.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
249zone "d.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
250zone "e.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
251zone "f.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
252
253// IP6.INT is Deprecated (RFC 4159)
254zone "ip6.int" { type master; file "/etc/namedb/master/empty.db"; };
255
256// NB: Do not use the IP addresses below, they are faked, and only
257// serve demonstration/documentation purposes!
258//
259// Example slave zone config entries. It can be convenient to become
260// a slave at least for the zone your own domain is in. Ask
261// your network administrator for the IP address of the responsible
262// master name server.
263//
264// Do not forget to include the reverse lookup zone!
265// This is named after the first bytes of the IP address, in reverse
266// order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6.
267//
268// Before starting to set up a master zone, make sure you fully
269// understand how DNS and BIND work. There are sometimes
270// non-obvious pitfalls. Setting up a slave zone is usually simpler.
271//
272// NB: Don't blindly enable the examples below. :-) Use actual names
273// and addresses instead.
274
275/* An example dynamic zone
276key "exampleorgkey" {
277 algorithm hmac-md5;
278 secret "sf87HJqjkqh8ac87a02lla==";
279};
280zone "example.org" {
281 type master;
282 allow-update {
283 key "exampleorgkey";
284 };
285 file "/etc/namedb/dynamic/example.org";
286};
287*/
288
289/* Example of a slave reverse zone
290zone "1.168.192.in-addr.arpa" {
291 type slave;
292 file "/etc/namedb/slave/1.168.192.in-addr.arpa";
293 masters {
294 192.168.1.1;
295 };
296};
297*/
298
299zone "16.172.in-addr.arpa" {
300 type slave;
301 file "/etc/namedb/slave/16.172.in-addr.arpa";
302 masters { 172.16.4.46; };
303};
304zone "17.172.in-addr.arpa" {
305 type slave;
306 file "/etc/namedb/slave/17.172.in-addr.arpa";
307 masters { 172.16.4.46; };
308};
309zone "18.172.in-addr.arpa" {
310 type slave;
311 file "/etc/namedb/slave/18.172.in-addr.arpa";
312 masters { 172.16.4.46; };
313};
314zone "19.172.in-addr.arpa" {
315 type slave;
316 file "/etc/namedb/slave/19.172.in-addr.arpa";
317 masters { 172.16.4.46; };
318};
319zone "20.172.in-addr.arpa" {
320 type slave;
321 file "/etc/namedb/slave/20.172.in-addr.arpa";
322 masters { 172.16.4.46; };
323};
324zone "21.172.in-addr.arpa" {
325 type slave;
326 file "/etc/namedb/slave/21.172.in-addr.arpa";
327 masters { 172.16.4.46; };
328};
329zone "22.172.in-addr.arpa" {
330 type slave;
331 file "/etc/namedb/slave/22.172.in-addr.arpa";
332 masters { 172.16.4.46; };
333};
334zone "23.172.in-addr.arpa" {
335 type slave;
336 file "/etc/namedb/slave/23.172.in-addr.arpa";
337 masters { 172.16.4.46; };
338};
339zone "24.172.in-addr.arpa" {
340 type slave;
341 file "/etc/namedb/slave/24.172.in-addr.arpa";
342 masters { 172.16.4.46; };
343};
344zone "25.172.in-addr.arpa" {
345 type slave;
346 file "/etc/namedb/slave/25.172.in-addr.arpa";
347 masters { 172.16.4.46; };
348};
349zone "26.172.in-addr.arpa" {
350 type slave;
351 file "/etc/namedb/slave/26.172.in-addr.arpa";
352 masters { 172.16.4.46; };
353};
354zone "27.172.in-addr.arpa" {
355 type slave;
356 file "/etc/namedb/slave/27.172.in-addr.arpa";
357 masters { 172.16.4.46; };
358};
359zone "28.172.in-addr.arpa" {
360 type slave;
361 file "/etc/namedb/slave/28.172.in-addr.arpa";
362 masters { 172.16.4.46; };
363};
364zone "29.172.in-addr.arpa" {
365 type slave;
366 file "/etc/namedb/slave/29.172.in-addr.arpa";
367 masters { 172.16.4.46; };
368};
369zone "30.172.in-addr.arpa" {
370 type slave;
371 file "/etc/namedb/slave/30.172.in-addr.arpa";
372 masters { 172.16.4.46; };
373};
374zone "31.172.in-addr.arpa" {
375 type slave;
376 file "/etc/namedb/slave/31.172.in-addr.arpa";
377 masters { 172.16.4.46; };
378};
379zone "wleiden.net" {
380 type slave;
381 file "/etc/namedb/slave/wleiden.net";
382 masters { 172.16.4.46; };
383};
Note: See TracBrowser for help on using the repository browser.