2013-04-26 00:28:05 +04:00
|
|
|
# $NetBSD: named.conf,v 1.7 2013/04/25 20:28:05 christos Exp $
|
1998-10-05 22:26:03 +04:00
|
|
|
|
1998-12-15 04:08:43 +03:00
|
|
|
# boot file for secondary name server
|
|
|
|
# Note that there should be one primary entry for each SOA record.
|
2013-04-26 00:28:05 +04:00
|
|
|
# If you cannot get DNSSEC to work, and you see the following message:
|
|
|
|
# DNSKEY: verify failed due to bad signature (keyid=19036): \
|
|
|
|
# RRSIG validity period has not begun
|
|
|
|
# Fix your clock. You can comment out the dnssec entries temporarily to
|
|
|
|
# get to an ntp server.
|
1998-10-05 22:26:03 +04:00
|
|
|
|
|
|
|
options {
|
|
|
|
directory "/etc/namedb";
|
2010-08-24 17:18:58 +04:00
|
|
|
dnssec-enable yes;
|
2013-04-26 00:28:05 +04:00
|
|
|
dnssec-validation auto;
|
2010-08-24 17:18:58 +04:00
|
|
|
dnssec-lookaside auto;
|
|
|
|
managed-keys-directory "keys";
|
2013-04-26 00:28:05 +04:00
|
|
|
bindkeys-file "bind.keys";
|
2006-03-23 16:50:44 +03:00
|
|
|
allow-recursion { localhost; localnets; };
|
2008-07-23 09:47:48 +04:00
|
|
|
|
|
|
|
#
|
|
|
|
# This forces all queries to come from port 53; might be
|
|
|
|
# needed for firewall traversals but should be avoided if
|
|
|
|
# at all possible because of the risk of spoofing attacks.
|
|
|
|
#
|
|
|
|
#query-source address * port 53;
|
1998-10-05 22:26:03 +04:00
|
|
|
};
|
|
|
|
|
|
|
|
zone "." {
|
|
|
|
type hint;
|
|
|
|
file "root.cache";
|
|
|
|
};
|
|
|
|
|
2000-04-26 05:33:27 +04:00
|
|
|
zone "localhost" {
|
|
|
|
type master;
|
|
|
|
file "localhost";
|
|
|
|
};
|
|
|
|
|
1999-01-22 04:41:19 +03:00
|
|
|
zone "127.IN-ADDR.ARPA" {
|
1998-10-05 22:26:03 +04:00
|
|
|
type master;
|
1999-01-22 04:41:19 +03:00
|
|
|
file "127";
|
1998-10-05 22:26:03 +04:00
|
|
|
};
|
2000-03-01 14:06:27 +03:00
|
|
|
|
2002-02-26 11:48:35 +03:00
|
|
|
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
|
|
|
|
type master;
|
|
|
|
file "loopback.v6";
|
|
|
|
};
|
|
|
|
|
1998-12-15 04:08:43 +03:00
|
|
|
# example secondary server config:
|
|
|
|
#
|
|
|
|
# zone "Berkeley.EDU" {
|
|
|
|
# type slave;
|
1999-01-22 04:41:19 +03:00
|
|
|
# file "berkeley.edu.cache";
|
1998-12-15 04:08:43 +03:00
|
|
|
# masters {
|
|
|
|
# 128.32.130.11;
|
|
|
|
# 128.32.133.1;
|
|
|
|
# };
|
|
|
|
# };
|
|
|
|
|
|
|
|
# zone "32.128.IN-ADDR.ARPA" {
|
|
|
|
# type slave;
|
1999-01-22 04:41:19 +03:00
|
|
|
# file "128.32.cache";
|
1998-12-15 04:08:43 +03:00
|
|
|
# masters {
|
|
|
|
# 128.32.130.11;
|
|
|
|
# 128.32.133.1;
|
|
|
|
# };
|
|
|
|
# };
|
|
|
|
|
|
|
|
# example primary server config:
|
|
|
|
#
|
|
|
|
# zone "Berkeley.EDU" {
|
|
|
|
# type master;
|
1999-01-22 04:41:19 +03:00
|
|
|
# file "berkeley.edu";
|
1998-12-15 04:08:43 +03:00
|
|
|
# };
|
|
|
|
|
|
|
|
# zone "32.128.IN-ADDR.ARPA" {
|
|
|
|
# type master;
|
1999-01-22 04:41:19 +03:00
|
|
|
# file "128.32";
|
1998-12-15 04:08:43 +03:00
|
|
|
# };
|