5.3 & bind9: named.conf vs. named.sample ; why are they different?
spam maps
spamrefuse at yahoo.com
Sun Oct 3 05:47:11 PDT 2004
I have these two files in /var/named/etc/namedb, but
are different.
Is /var/named/etc/namedb/named.conf redundant and old?
# diff -u /var/named/etc/namedb/named.conf
/var/named/etc/namedb/named.sample
--- /var/named/etc/namedb/named.conf Sat Oct 2
14:58:53 2004
+++ /var/named/etc/namedb/named.sample Sat Oct 2
14:55:49 2004
@@ -1,14 +1,28 @@
-// $FreeBSD: src/etc/namedb/named.conf,v 1.15
2004/06/06 11:46:29
schweikh Exp $
+// $FreeBSD: src/etc/namedb/named.conf,v 1.15.2.1
2004/09/30 23:36:07
dougb Exp $
//
-// Refer to the named.conf(5) and named(8) man pages
for details. If
-// you are ever going to set up a primary server,
make sure you
+// Refer to the named.conf(5) and named(8) man pages,
and the
documentation
+// in /usr/share/doc/bind9 for more details.
+//
+// If you are going to set up an authoritative
server, make sure you
// understand the hairy details of how DNS works.
Even with
// simple mistakes, you can break connectivity for
affected parties,
// or cause huge amounts of useless Internet
traffic.
options {
- directory "/etc/namedb";
- pid-file "/var/run/named/pid";
+ directory "/etc/namedb";
+ pid-file "/var/run/named/pid";
+ dump-file "/var/dump/named_dump.db";
+ statistics-file "/var/stats/named.stats";
+
+// If named is being used only as a local resolver,
this is a safe
default.
+// For named to be accessible to the network, comment
this option,
specify
+// the proper IP address, or delete this option.
+ listen-on { 127.0.0.1; };
+
+// If you have IPv6 enabled on this system, uncomment
this option for
+// use as a local resolver. To give access to the
network, specify
+// an IPv6 address, or the keyword "any".
+// listen-on-v6 { ::1; };
// In addition to the "forwarders" clause, you can
force your name
// server to never initiate queries of its own, but
always ask its
@@ -28,30 +42,12 @@
* If there is a firewall between you and
nameservers you want
* to talk to, you might need to uncomment
the query-source
* directive below. Previous versions of
BIND always asked
- * questions using port 53, but BIND 8.1 uses
an unprivileged
- * port by default.
+ * questions using port 53, but BIND versions
8 and later
+ * use a pseudo-random unprivileged UDP port
by default.
*/
// query-source address * port 53;
-
- /*
- * location for the dumpfile.
- */
- // dump-file "s/named_dump.db";
};
-// Note: the following will be supported in a future
release.
-/*
-host { any; } {
- topology {
- 127.0.0.0/8;
- };
-};
-*/
-
-// Setting up secondaries is way easier and a rough
example for this
-// is provided below.
-//
// If you enable a local name server, don't forget
to enter 127.0.0.1
// first in your /etc/resolv.conf so this server
will be queried.
// Also, make sure to enable it in /etc/rc.conf.
@@ -63,26 +59,26 @@
zone "0.0.127.IN-ADDR.ARPA" {
type master;
- file "localhost.rev";
+ file "master/localhost.rev";
};
// RFC 3152
zone
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"
{
type master;
- file "localhost-v6.rev";
+ file "master/localhost-v6.rev";
};
// RFC 1886 -- deprecated
zone
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT"
{
type master;
- file "localhost-v6.rev";
+ file "master/localhost-v6.rev";
};
// NB: Do not use the IP addresses below, they are
faked, and only
// serve demonstration/documentation purposes!
//
-// Example secondary config entries. It can be
convenient to become
-// a secondary at least for the zone your own domain
is in. Ask
+// Example slave zone config entries. It can be
convenient to become
+// a slave at least for the zone your own domain is
in. Ask
- * If running in a sandbox, you may have to
specify a different
- * location for the dumpfile.
- */
- // dump-file "s/named_dump.db";
};
-// Note: the following will be supported in a future
release.
-/*
-host { any; } {
- topology {
- 127.0.0.0/8;
- };
-};
-*/
-
-// Setting up secondaries is way easier and a rough
example for this
-// is provided below.
-//
// If you enable a local name server, don't forget
to enter 127.0.0.1
// first in your /etc/resolv.conf so this server
will be queried.
// Also, make sure to enable it in /etc/rc.conf.
@@ -63,26 +59,26 @@
zone "0.0.127.IN-ADDR.ARPA" {
type master;
- file "localhost.rev";
+ file "master/localhost.rev";
};
// RFC 3152
zone
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"
{
type master;
- file "localhost-v6.rev";
+ file "master/localhost-v6.rev";
};
// RFC 1886 -- deprecated
zone
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT"
{
type master;
- file "localhost-v6.rev";
+ file "master/localhost-v6.rev";
};
// NB: Do not use the IP addresses below, they are
faked, and only
// serve demonstration/documentation purposes!
//
-// Example secondary config entries. It can be
convenient to become
-// a secondary at least for the zone your own domain
is in. Ask
+// Example slave zone config entries. It can be
convenient to become
+// a slave at least for the zone your own domain is
in. Ask
// your network administrator for the IP address of
the responsible
// primary.
//
@@ -92,23 +88,15 @@
//
// Before starting to set up a primary zone, make
sure you fully
// understand how DNS and BIND works. There are
sometimes
-// non-obvious pitfalls. Setting up a secondary is
simpler.
+// non-obvious pitfalls. Setting up a slave zone is
simpler.
//
// NB: Don't blindly enable the examples below. :-)
Use actual names
// and addresses instead.
-//
-// NOTE!!! FreeBSD can run bind in a sandbox (see
named_flags in
rc.conf).
-// The directory containing the secondary zones must
be write
accessible
-// to bind. The following sequence is suggested:
-//
-// mkdir /etc/namedb/s
-// chown bind:bind /etc/namedb/s
-// chmod 750 /etc/namedb/s
/*
-zone "domain.com" {
+zone "example.com" {
type slave;
- file "s/domain.com.bak";
+ file "slave/example.com";
masters {
192.168.1.1;
};
@@ -116,7 +104,7 @@
zone "0.168.192.in-addr.arpa" {
type slave;
- file "s/0.168.192.in-addr.arpa.bak";
+ file "slave/0.168.192.in-addr.arpa";
masters {
192.168.1.1;
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
More information about the freebsd-current
mailing list