Commit Graph

27 Commits

Author SHA1 Message Date
Doug Barton
d207e3a35c Remove from the default empty zone list zones that, unlike the others,
could theoretically be allocated one day.
2008-01-11 22:41:21 +00:00
Doug Barton
f183dbca4f 1. Remove root name servers from the list of possible masters in the
commented out example who have either not responded, or specifically
asked not to participate because they do not view AXFR as "a production
service."

2. Add f.root-servers.net to the example after confirmation from
Paul Vixie.

3. Add a warning to the commented out "root zone slave" example to the
effect that it requires more attention than a hints file, and provides
more benefit to larger sites than individual hosts.

4. Correct a typo copied from RFC 2544 which was corrected in a later
errata, and confirmed in RFC 3330. Update the comment to reflect that
RFC 3330 got it right and to avoid confusion down the road. 3330 also
contains a reference back to 2544 for anyone interested in pursuing the
history. [1]

PR:             conf/115573 [1]
Submitted by:   Oliver Fromme <olli@secnetix.de> [1]

Approved by:	re (kensmith)
2007-08-17 04:37:02 +00:00
Doug Barton
1c24b5458d 1. Move the disable-empty-zone stuff down below the first 25 lines so
that the listen-on stuff floats up to the first "page" of text. This
makes it very obvious what's going on so that someone trying to enable
a server for use on a network can easily see how to do that.

2. Change the default behavior back to using a hint zone for the root.

3. Leave the root slave zone config as a commented out example.

4. Remove the B and F root servers from the example at the request of
their operators.

Requested by:	he-who-must-not-be-named [1]
Requested by:	many [2]

Approved by:	re (rwatson)
2007-08-02 09:18:53 +00:00
Doug Barton
e56dafe630 Drop the default zones that are now covered by the new zones that
were added in the last revision.
2007-06-18 06:29:45 +00:00
Doug Barton
1de57a4c76 Bring our default named configuration more in line with current
best practices:

1. The old way of generating the localhost zones was not optimal both
because they did not exist by default, and because they were not really
aligned with BCP. There is no need to have the dynamic data that the
make-localhost script generated, and good reasons to do this more
"by the book."

2. In named.conf
	a. Clean up white space
	b. Add/clarify a few comments
	c. Slave zones from the root servers instead of using a hints
	file. This has several advantages, as described in the comments.
	d. Significantly revamp the default zones, including the
	forward localhost zone, and the reverse zones for IPv4 and IPv6
	loopback addresses. There are extensive comments describing what
	is included and why. Interested readers should take the time to
	review the RFCs mentioned in the comments. There is also relevant
	information about the motivations for hosting these zones in the
	"work in progress" Internet-Draft,
	http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
	or its successor.
	It's also worth noting that a significant number of these
	empty zones are already included by default in the named binary
	without any user configuration.
	e. Because we're including a lot of examples of both local
	forward zones and slave zones in the default configuration,
	eliminate some of those examples.

3. Add new localhost-{forward|reverse} zone files, and an "empty" zone
to support the changes in 2.d. above. The empty zone file isn't really
empty in order to avoid a warning from BIND about a zone file that
doesn't contain any A or AAAA records.
2007-06-18 05:58:23 +00:00
Doug Barton
9e8bc8bf11 In accordance with my intentions announced (and not objected to)
on -arch, and RFC 4159 (http://www.rfc-editor.org/rfc/rfc4159.txt)
which officially deprecates all usage of IP6.INT, remove the
reference to that zone from the example named.conf file.
2005-09-05 13:42:22 +00:00
Doug Barton
259b67a528 Scot pointed out that the dynamic zone example didn't seem to "flow"
with the rest of the examples, so after discussion with him and gshapiro,
re-sort the examples, and add more comments to make things very obvious.

Also, divide the examples between example.{com|net|org} to make things
even more obvious, and use the same RFC 1918 block for all examples.

Pointed out by:	Scot W. Hetzel <hetzels@westbend.net>
2005-01-22 21:34:10 +00:00
Gregory Neil Shapiro
37a4b79385 Create a separate directory for dynamic zones which is owned by the bind
user (for creation of the zone journal file).  This is separate from the
master/ directory for security.  Give an example dynamic zone in the
sample named.conf.

Approved by:	dougb
Noticed by:	Eivind Olsen <eivind at aminor.no>
MFC after:	1 week
2004-11-04 05:24:29 +00:00
Doug Barton
83b3de9f56 1. Update the documentation references, and the warning about setting up
authoritative servers.

2. Add an IPv4 listen-on option for 127.0.0.1, which is appropriate
for the default use as a local resolver.

3. Add a commented out listen-on-v6 option.
2004-09-30 09:57:36 +00:00
Doug Barton
e963331b47 Add a statistics-file directive 2004-09-29 03:49:35 +00:00
Doug Barton
81f7fbc732 Fix some of the more egregious problems with this file:
1. Update text about later BINDs using a pseudo-random, unpriviliged
query port for UDP by default.

2. We are now running in a sandbox by default, with a dedicated dump
directory, so remove the stale comment.

3. The topology configuration is not for the faint of heart, so
remove the commented example.

4. Tighten up some language a bit.

5. s/secondary/slave/

6. No need for the example about a bind-owned directory for slave zones.

7. Change domain.com to example.com in the example, per RFC 2606.

8. Update the path for slave zones in the example.
	- Thanks to Scot Hetzel <swhetzel@gmail.com>

There is more work to do here, but this is an improvement.
2004-09-28 21:22:09 +00:00
Doug Barton
8f1bb3891d Create a named chroot directory structure in /var/named, and use it
by default when named is enabled. Also, improve our default directory
layout by creating /var/named/etc/namedb/{master|slave} directories,
and use the former for the generated localhost* files.

Rather than using pax to copy device entries, mount devfs in the
chroot directory.

There may be some corner cases where things need to be adjusted,
but overall this structure has been well tested on a production
network, and should serve the needs of the vast majority of users.

UPDATING has instructions on how to do the conversion for those
with existing configurations.
2004-09-28 09:46:00 +00:00
Jens Schweikhardt
d8beb0fd3b Removed whitespace at BOF, EOL & EOF. 2004-06-06 11:46:29 +00:00
Giorgos Keramidas
d38c8c5622 Misc grammar, typo and wording fixes of comments.
PR:		docs/41034
Submitted by:	Chris Pepper <pepper@rockefeller.edu>
2003-02-07 20:58:38 +00:00
Hajimu UMEMOTO
3cea219898 compliance with RFC3152.
PR:		standards/45557
Submitted by:	Matthew Seaman <m.seaman@infracaninophile.co.uk>
Approved by:	re
2002-11-26 07:55:44 +00:00
Hajimu UMEMOTO
fc50a44458 Do not taint ::/124 for localhost reverse table. 2002-01-22 17:22:41 +00:00
Crist J. Clark
cb46a4618b The named.conf file should refer to named.conf(5) in addition to
named(8) in the comments.

PR:		32459
Submitted by:	"Gary W. Swearingen" <swear@blarg.net>
MFC after:	2 days
2001-12-03 08:05:52 +00:00
Jun Kuriyama
6d9e09d7d0 Invoke named with privilege of bind:bind.
Change pidfile location to /var/run/named/pid.
2001-08-23 13:34:45 +00:00
Sheldon Hearn
24c3179f4e Replace old-style "chown foo.bar" with orthodox "chown foo:bar". 2001-05-28 13:43:26 +00:00
Ben Smithurst
2300f00f4c FreeBSD doesn't run named in a sandbox by default, so change a comment so it
doesn't imply we do.
2001-01-16 20:57:18 +00:00
Hajimu UMEMOTO
2150dfdae0 Add reverse lookup entry for ::1
Suggested by:	itojun
2000-07-07 17:20:23 +00:00
Peter Wemm
9b7a44a60e $Id$ -> $FreeBSD$ 1999-08-27 23:37:10 +00:00
Matthew Dillon
35fb56f97e Add (commented out) directive and note regarding dumpfile location
when running in a sandbox.

Submitted by:	Ben Smithurst <ben@scientia.demon.co.uk>
1998-12-23 06:06:13 +00:00
Matthew Dillon
cc6fef08db Since we do not pre-create /etc/namedb/s, add additional documentation
to the comments in named.conf to describe to the user how to create it.
    (named.conf does not use /etc/namedb/s by default anyway so us not
    pre-created it in the mtree does not hurt us terribly).
1998-12-02 19:59:24 +00:00
Matthew Dillon
128272b8c5 Reviewed by: freebsd-current, freebsd-security
Adjust rc.conf to run named in sandbox, adjust mtree to add /etc/namedb/s
    subdirectory (user bind, group bind) to hold secondaries, adjust
    comments in named.conf to reflect new secondary scheme.  (Note that
    core read-only zone files are left owned by root, increasing security even
    more).
1998-12-01 21:36:33 +00:00
Peter Wemm
19ca863a42 Delete some large chunks of trailing whitespace since it was making some
lines longer than 80 columns.
1998-05-11 11:26:28 +00:00
Andrey A. Chernov
0888581f49 Add new named configuration template and remove old template 1998-05-07 23:42:33 +00:00