// $FreeBSD: src/etc/namedb/named.conf,v 1.6.2.7 2003/02/13 13:16:51 keramida Exp $ // $DragonFly: src/etc/namedb/named.conf,v 1.6 2008/07/11 22:42:30 reed Exp $ // // Refer to the named.conf(5) and named(8) man pages for details. If // you are ever going to set up a primary server, make sure you // understand the hairy details of how DNS works. Even with // simple mistakes, you can break connectivity for affected parties, // or cause huge amounts of useless Internet traffic. include "rndc.key"; controls { inet 127.0.0.1 allow { 127.0.0.1; } keys { "rndc-key"; }; }; acl access { localhost; localnets; }; options { // When running chroot /etc/namedb/etc/namedb is a softlink to ".." just // so we can leave the directory directive set to something that works // in both chroot and normal modes. // directory "/etc/namedb"; // In addition to the "forwarders" clause, you can force your name // server to never initiate queries of its own, but always ask its // forwarders only, by enabling the following line: // // forward only; // Prevent external networks from using us to query domains we are not // authoritative for. // allow-recursion { localhost; }; // If you've got a DNS server around at your upstream provider, enter // its IP address here, and enable the line below. This will make you // benefit from its cache, thus reduce overall DNS traffic in the Internet. // // forwarders { // 127.0.0.1; // }; // If running in a sandbox the base directory is typically not writable, // store the dump file in the secondaries directory. // dump-file "s/named_dump.db"; }; // Note: the following will be supported in a future release. // // host { any; } { // topology { // 127.0.0.0/8; // }; // }; // If you intend to run a recursive name server you need some hints to // find the root zone ".", or you need a root.zone file which contains // records for all top level domains (e.g. like '.com'). // // A hint file is included and can be used for a quick-and-dirty // configuration, but it is better to use the 'getroot' script and pull // the real root.zone file. // // If you use a root.zone file then comment out the hint directive below // and uncomment the root.zone directive. Set up a cron job to run the // ./getroot script once a week to keep the root.zone file up-to-date. // // FOR SAFETY, THE "/etc/namedb" DIRECTORY and the "getroot" SCRIPT SHOULD // BE OWNED BY ROOT AND ONLY WRITABLE BY ROOT. zone "." { type hint; file "named.root"; }; // zone "." { // type master; // file "root.zone"; // }; // Setting up secondaries is way easier and a rough example for this // is provided below. // // If you enable a local name server, don't forget to enter 127.0.0.1 // first in your /etc/resolv.conf so this server will be queried. // Also, make sure to enable it in /etc/rc.conf. zone "0.0.127.IN-ADDR.ARPA" { type master; file "localhost.rev"; }; // RFC 3152 zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" { type master; file "localhost-v6.rev"; }; // RFC 1886 -- deprecated zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" { type master; file "localhost-v6.rev"; }; // NB: Do not use the IP addresses below, they are faked, and only // serve demonstration/documentation purposes! // // Example secondary config entries. It can be convenient to become // a secondary at least for the zone your own domain is in. Ask // your network administrator for the IP address of the responsible // primary. // // Never forget to include the reverse lookup (IN-ADDR.ARPA) zone! // (This is named after the first bytes of the IP address, in reverse // order, with ".IN-ADDR.ARPA" appended.) // // Before starting to set up a primary zone, make sure you fully // understand how DNS and BIND works. There are sometimes // non-obvious pitfalls. Setting up a secondary is simpler. // // NB: Don't blindly enable the examples below. :-) Use actual names // and addresses instead. // // NOTE!!! FreeBSD can run bind in a sandbox (see named_flags in rc.conf). // The directory containing the secondary zones must be write accessible // to bind. The following sequence is suggested: // // mkdir /etc/namedb/s // chown bind:bind /etc/namedb/s // chmod 750 /etc/namedb/s // // // zone "domain.com" { // type slave; // file "s/domain.com.bak"; // masters { // 192.168.1.1; // }; // }; // // zone "0.168.192.in-addr.arpa" { // type slave; // file "s/0.168.192.in-addr.arpa.bak"; // masters { // 192.168.1.1; // }; // };