1. Move the disable-empty-zone stuff down below the first 25 lines so
that the listen-on stuff floats up to the first "page" of text. This makes it very obvious what's going on so that someone trying to enable a server for use on a network can easily see how to do that. 2. Change the default behavior back to using a hint zone for the root. 3. Leave the root slave zone config as a commented out example. 4. Remove the B and F root servers from the example at the request of their operators. Requested by: he-who-must-not-be-named [1] Requested by: many [2] Approved by: re (rwatson)
This commit is contained in:
parent
4ed3c2ad17
commit
1c24b5458d
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=171698
@ -15,10 +15,6 @@ options {
|
|||||||
dump-file "/var/dump/named_dump.db";
|
dump-file "/var/dump/named_dump.db";
|
||||||
statistics-file "/var/stats/named.stats";
|
statistics-file "/var/stats/named.stats";
|
||||||
|
|
||||||
disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
|
|
||||||
disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
|
|
||||||
disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
|
|
||||||
|
|
||||||
// If named is being used only as a local resolver, this is a safe default.
|
// If named is being used only as a local resolver, this is a safe default.
|
||||||
// For named to be accessible to the network, comment this option, specify
|
// For named to be accessible to the network, comment this option, specify
|
||||||
// the proper IP address, or delete this option.
|
// the proper IP address, or delete this option.
|
||||||
@ -29,6 +25,12 @@ options {
|
|||||||
// an IPv6 address, or the keyword "any".
|
// an IPv6 address, or the keyword "any".
|
||||||
// listen-on-v6 { ::1; };
|
// listen-on-v6 { ::1; };
|
||||||
|
|
||||||
|
// These zones are already covered by the empty zones listed below.
|
||||||
|
// If you remove the related empty zones below, comment these lines out.
|
||||||
|
disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
|
||||||
|
disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
|
||||||
|
disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
|
||||||
|
|
||||||
// In addition to the "forwarders" clause, you can force your name
|
// In addition to the "forwarders" clause, you can force your name
|
||||||
// server to never initiate queries of its own, but always ask its
|
// server to never initiate queries of its own, but always ask its
|
||||||
// forwarders only, by enabling the following line:
|
// forwarders only, by enabling the following line:
|
||||||
@ -57,22 +59,23 @@ options {
|
|||||||
// first in your /etc/resolv.conf so this server will be queried.
|
// first in your /etc/resolv.conf so this server will be queried.
|
||||||
// Also, make sure to enable it in /etc/rc.conf.
|
// Also, make sure to enable it in /etc/rc.conf.
|
||||||
|
|
||||||
|
// The traditional root hints mechanism. Use this, OR the slave zones below.
|
||||||
|
zone "." { type hint; file "named.root"; };
|
||||||
|
|
||||||
/* Slaving the following zones from the root name servers has some
|
/* Slaving the following zones from the root name servers has some
|
||||||
significant advantages:
|
significant advantages:
|
||||||
1. Faster local resolution for your users
|
1. Faster local resolution for your users
|
||||||
2. No spurious traffic will be sent from your network to the roots
|
2. No spurious traffic will be sent from your network to the roots
|
||||||
3. Greater resilience to any potential root server failure/DDoS
|
3. Greater resilience to any potential root server failure/DDoS
|
||||||
|
|
||||||
If you do not wish to slave these zones from the root servers
|
To use this mechanism, uncomment the entries below, and comment
|
||||||
use the entry below instead.
|
the hint zone above.
|
||||||
zone "." { type hint; file "named.root"; };
|
|
||||||
*/
|
*/
|
||||||
|
/*
|
||||||
zone "." {
|
zone "." {
|
||||||
type slave;
|
type slave;
|
||||||
file "slave/root.slave";
|
file "slave/root.slave";
|
||||||
masters {
|
masters {
|
||||||
192.5.5.241; // F.ROOT-SERVERS.NET.
|
|
||||||
192.228.79.201; // B.ROOT-SERVERS.NET.
|
|
||||||
192.33.4.12; // C.ROOT-SERVERS.NET.
|
192.33.4.12; // C.ROOT-SERVERS.NET.
|
||||||
192.112.36.4; // G.ROOT-SERVERS.NET.
|
192.112.36.4; // G.ROOT-SERVERS.NET.
|
||||||
193.0.14.129; // K.ROOT-SERVERS.NET.
|
193.0.14.129; // K.ROOT-SERVERS.NET.
|
||||||
@ -83,8 +86,6 @@ zone "arpa" {
|
|||||||
type slave;
|
type slave;
|
||||||
file "slave/arpa.slave";
|
file "slave/arpa.slave";
|
||||||
masters {
|
masters {
|
||||||
192.5.5.241; // F.ROOT-SERVERS.NET.
|
|
||||||
192.228.79.201; // B.ROOT-SERVERS.NET.
|
|
||||||
192.33.4.12; // C.ROOT-SERVERS.NET.
|
192.33.4.12; // C.ROOT-SERVERS.NET.
|
||||||
192.112.36.4; // G.ROOT-SERVERS.NET.
|
192.112.36.4; // G.ROOT-SERVERS.NET.
|
||||||
193.0.14.129; // K.ROOT-SERVERS.NET.
|
193.0.14.129; // K.ROOT-SERVERS.NET.
|
||||||
@ -95,14 +96,13 @@ zone "in-addr.arpa" {
|
|||||||
type slave;
|
type slave;
|
||||||
file "slave/in-addr.arpa.slave";
|
file "slave/in-addr.arpa.slave";
|
||||||
masters {
|
masters {
|
||||||
192.5.5.241; // F.ROOT-SERVERS.NET.
|
|
||||||
192.228.79.201; // B.ROOT-SERVERS.NET.
|
|
||||||
192.33.4.12; // C.ROOT-SERVERS.NET.
|
192.33.4.12; // C.ROOT-SERVERS.NET.
|
||||||
192.112.36.4; // G.ROOT-SERVERS.NET.
|
192.112.36.4; // G.ROOT-SERVERS.NET.
|
||||||
193.0.14.129; // K.ROOT-SERVERS.NET.
|
193.0.14.129; // K.ROOT-SERVERS.NET.
|
||||||
};
|
};
|
||||||
notify no;
|
notify no;
|
||||||
};
|
};
|
||||||
|
*/
|
||||||
|
|
||||||
/* Serving the following zones locally will prevent any queries
|
/* Serving the following zones locally will prevent any queries
|
||||||
for these zones leaving your network and going to the root
|
for these zones leaving your network and going to the root
|
||||||
|
Loading…
Reference in New Issue
Block a user