diff --git a/etc/namedb/named.conf b/etc/namedb/named.conf index 41a90a8cebda..76ddafca91f7 100644 --- a/etc/namedb/named.conf +++ b/etc/namedb/named.conf @@ -15,10 +15,6 @@ options { dump-file "/var/dump/named_dump.db"; statistics-file "/var/stats/named.stats"; - disable-empty-zone "255.255.255.255.IN-ADDR.ARPA"; - disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; - disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; - // If named is being used only as a local resolver, this is a safe default. // For named to be accessible to the network, comment this option, specify // the proper IP address, or delete this option. @@ -29,6 +25,12 @@ options { // an IPv6 address, or the keyword "any". // listen-on-v6 { ::1; }; +// These zones are already covered by the empty zones listed below. +// If you remove the related empty zones below, comment these lines out. + disable-empty-zone "255.255.255.255.IN-ADDR.ARPA"; + disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; + disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; + // In addition to the "forwarders" clause, you can force your name // server to never initiate queries of its own, but always ask its // forwarders only, by enabling the following line: @@ -57,22 +59,23 @@ options { // first in your /etc/resolv.conf so this server will be queried. // Also, make sure to enable it in /etc/rc.conf. +// The traditional root hints mechanism. Use this, OR the slave zones below. +zone "." { type hint; file "named.root"; }; + /* Slaving the following zones from the root name servers has some significant advantages: 1. Faster local resolution for your users 2. No spurious traffic will be sent from your network to the roots 3. Greater resilience to any potential root server failure/DDoS - If you do not wish to slave these zones from the root servers - use the entry below instead. - zone "." { type hint; file "named.root"; }; + To use this mechanism, uncomment the entries below, and comment + the hint zone above. */ +/* zone "." { type slave; file "slave/root.slave"; masters { - 192.5.5.241; // F.ROOT-SERVERS.NET. - 192.228.79.201; // B.ROOT-SERVERS.NET. 192.33.4.12; // C.ROOT-SERVERS.NET. 192.112.36.4; // G.ROOT-SERVERS.NET. 193.0.14.129; // K.ROOT-SERVERS.NET. @@ -83,8 +86,6 @@ zone "arpa" { type slave; file "slave/arpa.slave"; masters { - 192.5.5.241; // F.ROOT-SERVERS.NET. - 192.228.79.201; // B.ROOT-SERVERS.NET. 192.33.4.12; // C.ROOT-SERVERS.NET. 192.112.36.4; // G.ROOT-SERVERS.NET. 193.0.14.129; // K.ROOT-SERVERS.NET. @@ -95,14 +96,13 @@ zone "in-addr.arpa" { type slave; file "slave/in-addr.arpa.slave"; masters { - 192.5.5.241; // F.ROOT-SERVERS.NET. - 192.228.79.201; // B.ROOT-SERVERS.NET. 192.33.4.12; // C.ROOT-SERVERS.NET. 192.112.36.4; // G.ROOT-SERVERS.NET. 193.0.14.129; // K.ROOT-SERVERS.NET. }; notify no; }; +*/ /* Serving the following zones locally will prevent any queries for these zones leaving your network and going to the root