Index: branches/releng-9.0/nanobsd/files/etc/namedb/named.conf
===================================================================
--- branches/releng-9.0/nanobsd/files/etc/namedb/named.conf	(revision 10381)
+++ branches/releng-9.0/nanobsd/files/etc/namedb/named.conf	(revision 10381)
@@ -0,0 +1,294 @@
+// $FreeBSD: release/9.0.0/etc/namedb/named.conf 224125 2011-07-17 06:20:47Z dougb $
+//
+// Refer to the named.conf(5) and named(8) man pages, and the documentation
+// in /usr/share/doc/bind9 for more details.
+//
+// If you are going to set up an authoritative server, make sure you
+// understand the hairy details of how DNS works.  Even with
+// simple mistakes, you can break connectivity for affected parties,
+// or cause huge amounts of useless Internet traffic.
+
+options {
+	// All file and path names are relative to the chroot directory,
+	// if any, and should be fully qualified.
+	directory	"/etc/namedb/working";
+	pid-file	"/var/run/named/pid";
+	dump-file	"/var/dump/named_dump.db";
+	statistics-file	"/var/stats/named.stats";
+
+// If named is being used only as a local resolver, this is a safe default.
+// For named to be accessible to the network, comment this option, specify
+// the proper IP address, or delete this option.
+	listen-on	{ 127.0.0.1; };
+
+// If you have IPv6 enabled on this system, uncomment this option for
+// use as a local resolver.  To give access to the network, specify
+// an IPv6 address, or the keyword "any".
+//	listen-on-v6	{ ::1; };
+
+// These zones are already covered by the empty zones listed below.
+// If you remove the related empty zones below, comment these lines out.
+	disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
+	disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
+	disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
+
+// If you've got a DNS server around at your upstream provider, enter
+// its IP address here, and enable the line below.  This will make you
+// benefit from its cache, thus reduce overall DNS traffic in the Internet.
+/*
+	forwarders {
+		127.0.0.1;
+	};
+*/
+
+// If the 'forwarders' clause is not empty the default is to 'forward first'
+// which will fall back to sending a query from your local server if the name
+// servers in 'forwarders' do not have the answer.  Alternatively you can
+// force your name server to never initiate queries of its own by enabling the
+// following line:
+//	forward only;
+
+// If you wish to have forwarding configured automatically based on
+// the entries in /etc/resolv.conf, uncomment the following line and
+// set named_auto_forward=yes in /etc/rc.conf.  You can also enable
+// named_auto_forward_only (the effect of which is described above).
+//	include "/etc/namedb/auto_forward.conf";
+
+	/*
+	   Modern versions of BIND use a random UDP port for each outgoing
+	   query by default in order to dramatically reduce the possibility
+	   of cache poisoning.  All users are strongly encouraged to utilize
+	   this feature, and to configure their firewalls to accommodate it.
+
+	   AS A LAST RESORT in order to get around a restrictive firewall
+	   policy you can try enabling the option below.  Use of this option
+	   will significantly reduce your ability to withstand cache poisoning
+	   attacks, and should be avoided if at all possible.
+
+	   Replace NNNNN in the example with a number between 49160 and 65530.
+	*/
+	// query-source address * port NNNNN;
+};
+
+// If you enable a local name server, don't forget to enter 127.0.0.1
+// first in your /etc/resolv.conf so this server will be queried.
+// Also, make sure to enable it in /etc/rc.conf.
+
+// The traditional root hints mechanism. Use this, OR the slave zones below.
+zone "." { type hint; file "/etc/namedb/named.root"; };
+
+/*	Slaving the following zones from the root name servers has some
+	significant advantages:
+	1. Faster local resolution for your users
+	2. No spurious traffic will be sent from your network to the roots
+	3. Greater resilience to any potential root server failure/DDoS
+
+	On the other hand, this method requires more monitoring than the
+	hints file to be sure that an unexpected failure mode has not
+	incapacitated your server.  Name servers that are serving a lot
+	of clients will benefit more from this approach than individual
+	hosts.  Use with caution.
+
+	To use this mechanism, uncomment the entries below, and comment
+	the hint zone above.
+
+	As documented at http://dns.icann.org/services/axfr/ these zones:
+	"." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and ROOT-SERVERS.NET
+	are availble for AXFR from these servers on IPv4 and IPv6:
+	xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org
+*/
+/*
+zone "." {
+	type slave;
+	file "/etc/namedb/slave/root.slave";
+	masters {
+		192.5.5.241;	// F.ROOT-SERVERS.NET.
+	};
+	notify no;
+};
+zone "arpa" {
+	type slave;
+	file "/etc/namedb/slave/arpa.slave";
+	masters {
+		192.5.5.241;	// F.ROOT-SERVERS.NET.
+	};
+	notify no;
+};
+*/
+
+/*	Serving the following zones locally will prevent any queries
+	for these zones leaving your network and going to the root
+	name servers.  This has two significant advantages:
+	1. Faster local resolution for your users
+	2. No spurious traffic will be sent from your network to the roots
+*/
+// RFCs 1912, 5735 and 6303 (and BCP 32 for localhost)
+zone "localhost"	{ type master; file "/etc/namedb/master/localhost-forward.db"; };
+zone "127.in-addr.arpa"	{ type master; file "/etc/namedb/master/localhost-reverse.db"; };
+zone "255.in-addr.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+
+// RFC 1912-style zone for IPv6 localhost address (RFC 6303)
+zone "0.ip6.arpa"	{ type master; file "/etc/namedb/master/localhost-reverse.db"; };
+
+// "This" Network (RFCs 1912, 5735 and 6303)
+zone "0.in-addr.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+
+// Private Use Networks (RFCs 1918, 5735 and 6303)
+zone "10.in-addr.arpa"	   { type master; file "/etc/namedb/master/empty.db"; };
+zone "16.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "17.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "18.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "19.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "20.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "21.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "22.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "23.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "24.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "25.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "26.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "27.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "28.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "29.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "30.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "31.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "168.192.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+
+// Link-local/APIPA (RFCs 3927, 5735 and 6303)
+zone "254.169.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+
+// IETF protocol assignments (RFCs 5735 and 5736)
+zone "0.0.192.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+
+// TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303)
+zone "2.0.192.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "100.51.198.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "113.0.203.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+
+// IPv6 Example Range for Documentation (RFCs 3849 and 6303)
+zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+
+// Domain Names for Documentation and Testing (BCP 32)
+zone "test" { type master; file "/etc/namedb/master/empty.db"; };
+zone "example" { type master; file "/etc/namedb/master/empty.db"; };
+zone "invalid" { type master; file "/etc/namedb/master/empty.db"; };
+zone "example.com" { type master; file "/etc/namedb/master/empty.db"; };
+zone "example.net" { type master; file "/etc/namedb/master/empty.db"; };
+zone "example.org" { type master; file "/etc/namedb/master/empty.db"; };
+
+// Router Benchmark Testing (RFCs 2544 and 5735)
+zone "18.198.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "19.198.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+
+// IANA Reserved - Old Class E Space (RFC 5735)
+zone "240.in-addr.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "241.in-addr.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "242.in-addr.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "243.in-addr.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "244.in-addr.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "245.in-addr.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "246.in-addr.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "247.in-addr.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "248.in-addr.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "249.in-addr.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "250.in-addr.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "251.in-addr.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "252.in-addr.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "253.in-addr.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "254.in-addr.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+
+// IPv6 Unassigned Addresses (RFC 4291)
+zone "1.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "3.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "4.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "5.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "6.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "7.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "8.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "9.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "a.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "b.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "c.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "d.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "e.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "0.f.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "1.f.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "2.f.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "3.f.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "4.f.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "5.f.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "6.f.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "7.f.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "8.f.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "9.f.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "a.f.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "b.f.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "0.e.f.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "1.e.f.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "2.e.f.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "3.e.f.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "4.e.f.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "5.e.f.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "6.e.f.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "7.e.f.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+
+// IPv6 ULA (RFCs 4193 and 6303)
+zone "c.f.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "d.f.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+
+// IPv6 Link Local (RFCs 4291 and 6303)
+zone "8.e.f.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "9.e.f.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "a.e.f.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "b.e.f.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+
+// IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303)
+zone "c.e.f.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "d.e.f.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "e.e.f.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+zone "f.e.f.ip6.arpa"	{ type master; file "/etc/namedb/master/empty.db"; };
+
+// IP6.INT is Deprecated (RFC 4159)
+zone "ip6.int"		{ type master; file "/etc/namedb/master/empty.db"; };
+
+// NB: Do not use the IP addresses below, they are faked, and only
+// serve demonstration/documentation purposes!
+//
+// Example slave zone config entries.  It can be convenient to become
+// a slave at least for the zone your own domain is in.  Ask
+// your network administrator for the IP address of the responsible
+// master name server.
+//
+// Do not forget to include the reverse lookup zone!
+// This is named after the first bytes of the IP address, in reverse
+// order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6.
+//
+// Before starting to set up a master zone, make sure you fully
+// understand how DNS and BIND work.  There are sometimes
+// non-obvious pitfalls.  Setting up a slave zone is usually simpler.
+//
+// NB: Don't blindly enable the examples below. :-)  Use actual names
+// and addresses instead.
+
+/* An example dynamic zone
+key "exampleorgkey" {
+	algorithm hmac-md5;
+	secret "sf87HJqjkqh8ac87a02lla==";
+};
+zone "example.org" {
+	type master;
+	allow-update {
+		key "exampleorgkey";
+	};
+	file "/etc/namedb/dynamic/example.org";
+};
+*/
+
+/* Example of a slave reverse zone
+zone "1.168.192.in-addr.arpa" {
+	type slave;
+	file "/etc/namedb/slave/1.168.192.in-addr.arpa";
+	masters {
+		192.168.1.1;
+	};
+};
+*/