[BACK]Return to named.conf CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / src / etc

File: [cvs.NetBSD.org] / src / etc / named.conf (download)

Revision 1.4, Thu Mar 23 13:50:44 2006 UTC (13 years, 5 months ago) by itojun
Branch: MAIN
CVS Tags: yamt-pf42-baseX, yamt-pf42-base4, yamt-pf42-base3, yamt-pf42-base2, yamt-pf42-base, yamt-pf42, wrstuden-revivesa-base-1, wrstuden-revivesa-base, wrstuden-fixsa-base-1, netbsd-4-base, netbsd-4-0-RELEASE, netbsd-4-0-RC5, netbsd-4-0-RC4, netbsd-4-0-RC3, netbsd-4-0-RC2, netbsd-4-0-RC1, mjf-devfs-base, mjf-devfs, matt-mips64-base, matt-mips64, matt-armv6-prevmlocking, matt-armv6-nbase, matt-armv6-base, matt-armv6, keiichi-mipv6-base, keiichi-mipv6, hpcarm-cleanup-nbase, hpcarm-cleanup-base, hpcarm-cleanup, cube-autoconf-base, cube-autoconf, abandoned-netbsd-4-base, abandoned-netbsd-4
Branch point for: wrstuden-revivesa, wrstuden-fixsa, netbsd-4-0, netbsd-4, mjf-devfs2
Changes since 1.3: +2 -1 lines

disable recursion by attackers (yes, attackers do use recursion to perform DoS).

# $NetBSD: named.conf,v 1.4 2006/03/23 13:50:44 itojun Exp $

# boot file for secondary name server
# Note that there should be one primary entry for each SOA record.

options {
	directory "/etc/namedb";
	query-source address * port 53;
	allow-recursion { localhost; localnets; };
};

zone "." {
	type hint;
	file "root.cache";
};

zone "localhost" {
	type master;
	file "localhost";
};

zone "127.IN-ADDR.ARPA" {
	type master;
	file "127";
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
	type master;
	file "loopback.v6";
};

# example secondary server config:
#
# zone "Berkeley.EDU" {
# 	type slave;
# 	file "berkeley.edu.cache";
# 	masters {
# 		128.32.130.11;
# 		128.32.133.1;
# 	};
# };

# zone "32.128.IN-ADDR.ARPA" {
# 	type slave;
# 	file "128.32.cache";
# 	masters {
# 		128.32.130.11;
# 		128.32.133.1;
# 	};
# };

# example primary server config:
# 
# zone "Berkeley.EDU" {
# 	type master;
# 	file "berkeley.edu";
# };

# zone "32.128.IN-ADDR.ARPA" {
# 	type master;
# 	file "128.32";
# };