[BACK]Return to named.conf CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / src / etc

File: [cvs.NetBSD.org] / src / etc / named.conf (download)

Revision 1.6, Tue Aug 24 13:18:58 2010 UTC (13 years, 6 months ago) by christos
Branch: MAIN
CVS Tags: yamt-pagecache-tag8, yamt-pagecache-base8, yamt-pagecache-base7, yamt-pagecache-base6, yamt-pagecache-base5, yamt-pagecache-base4, yamt-pagecache-base3, yamt-pagecache-base2, yamt-pagecache-base, netbsd-6-base, netbsd-6-1-RELEASE, netbsd-6-1-RC4, netbsd-6-1-RC3, netbsd-6-1-RC2, netbsd-6-1-RC1, netbsd-6-1-5-RELEASE, netbsd-6-1-4-RELEASE, netbsd-6-1-3-RELEASE, netbsd-6-1-2-RELEASE, netbsd-6-1-1-RELEASE, netbsd-6-1, netbsd-6-0-RELEASE, netbsd-6-0-RC2, netbsd-6-0-RC1, netbsd-6-0-6-RELEASE, netbsd-6-0-5-RELEASE, netbsd-6-0-4-RELEASE, netbsd-6-0-3-RELEASE, netbsd-6-0-2-RELEASE, netbsd-6-0-1-RELEASE, netbsd-6-0, netbsd-6, matt-nb6-plus-nbase, matt-nb6-plus-base, matt-nb6-plus, matt-mips64-premerge-20101231, cherry-xenmp-base, cherry-xenmp, bouyer-quota2-nbase, bouyer-quota2-base, bouyer-quota2, agc-symver-base, agc-symver
Branch point for: yamt-pagecache, tls-maxphys
Changes since 1.5: +5 -1 lines

Enable dnssec, and populate managed-keys.bind

# $NetBSD: named.conf,v 1.6 2010/08/24 13:18:58 christos Exp $

# boot file for secondary name server
# Note that there should be one primary entry for each SOA record.

options {
	directory "/etc/namedb";
	dnssec-enable yes;
	dnssec-validation yes;
	dnssec-lookaside auto;
	managed-keys-directory "keys";
	allow-recursion { localhost; localnets; };

	#
	# This forces all queries to come from port 53; might be
	# needed for firewall traversals but should be avoided if
	# at all possible because of the risk of spoofing attacks.
	#
	#query-source address * port 53;
};

zone "." {
	type hint;
	file "root.cache";
};

zone "localhost" {
	type master;
	file "localhost";
};

zone "127.IN-ADDR.ARPA" {
	type master;
	file "127";
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
	type master;
	file "loopback.v6";
};

# example secondary server config:
#
# zone "Berkeley.EDU" {
# 	type slave;
# 	file "berkeley.edu.cache";
# 	masters {
# 		128.32.130.11;
# 		128.32.133.1;
# 	};
# };

# zone "32.128.IN-ADDR.ARPA" {
# 	type slave;
# 	file "128.32.cache";
# 	masters {
# 		128.32.130.11;
# 		128.32.133.1;
# 	};
# };

# example primary server config:
# 
# zone "Berkeley.EDU" {
# 	type master;
# 	file "berkeley.edu";
# };

# zone "32.128.IN-ADDR.ARPA" {
# 	type master;
# 	file "128.32";
# };