[BACK]Return to named.conf CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / src / etc

File: [cvs.NetBSD.org] / src / etc / named.conf (download)

Revision 1.7, Thu Apr 25 20:28:05 2013 UTC (6 years, 3 months ago) by christos
Branch: MAIN
CVS Tags: yamt-pagecache-base9, tls-maxphys-base, tls-earlyentropy-base, tls-earlyentropy, riastradh-xf86-video-intel-2-7-1-pre-2-21-15, riastradh-drm2-base3, riastradh-drm2-base2, riastradh-drm2-base1, riastradh-drm2-base, riastradh-drm2, prg-localcount2-base3, prg-localcount2-base2, prg-localcount2-base1, prg-localcount2-base, prg-localcount2, phil-wifi-base, phil-wifi-20190609, phil-wifi, pgoyette-localcount-base, pgoyette-localcount-20170426, pgoyette-localcount-20170320, pgoyette-localcount-20170107, pgoyette-localcount-20161104, pgoyette-localcount-20160806, pgoyette-localcount-20160726, pgoyette-localcount, pgoyette-compat-merge-20190127, pgoyette-compat-base, pgoyette-compat-20190127, pgoyette-compat-20190118, pgoyette-compat-1226, pgoyette-compat-1126, pgoyette-compat-1020, pgoyette-compat-0930, pgoyette-compat-0906, pgoyette-compat-0728, pgoyette-compat-0625, pgoyette-compat-0521, pgoyette-compat-0502, pgoyette-compat-0422, pgoyette-compat-0415, pgoyette-compat-0407, pgoyette-compat-0330, pgoyette-compat-0322, pgoyette-compat-0315, pgoyette-compat, perseant-stdc-iso10646-base, perseant-stdc-iso10646, netbsd-9-base, netbsd-9, netbsd-8-base, netbsd-8-1-RELEASE, netbsd-8-1-RC1, netbsd-8-0-RELEASE, netbsd-8-0-RC2, netbsd-8-0-RC1, netbsd-8, netbsd-7-nhusb-base-20170116, netbsd-7-nhusb-base, netbsd-7-nhusb, netbsd-7-base, netbsd-7-2-RELEASE, netbsd-7-1-RELEASE, netbsd-7-1-RC2, netbsd-7-1-RC1, netbsd-7-1-2-RELEASE, netbsd-7-1-1-RELEASE, netbsd-7-1, netbsd-7-0-RELEASE, netbsd-7-0-RC3, netbsd-7-0-RC2, netbsd-7-0-RC1, netbsd-7-0-2-RELEASE, netbsd-7-0-1-RELEASE, netbsd-7-0, netbsd-7, matt-nb8-mediatek-base, matt-nb8-mediatek, localcount-20160914, khorben-n900, bouyer-socketcan-base1, bouyer-socketcan-base, bouyer-socketcan, HEAD
Changes since 1.6: +8 -2 lines

- read the root keys from our file
- explain what happens if we get clock skew

# $NetBSD: named.conf,v 1.7 2013/04/25 20:28:05 christos Exp $

# boot file for secondary name server
# Note that there should be one primary entry for each SOA record.
# If you cannot get DNSSEC to work, and you see the following message:
# DNSKEY: verify failed due to bad signature (keyid=19036): \
# RRSIG validity period has not begun 
# Fix your clock. You can comment out the dnssec entries temporarily to
# get to an ntp server.

options {
	directory "/etc/namedb";
	dnssec-enable yes;
	dnssec-validation auto;
	dnssec-lookaside auto;
	managed-keys-directory "keys";
	bindkeys-file "bind.keys";
	allow-recursion { localhost; localnets; };

	#
	# This forces all queries to come from port 53; might be
	# needed for firewall traversals but should be avoided if
	# at all possible because of the risk of spoofing attacks.
	#
	#query-source address * port 53;
};

zone "." {
	type hint;
	file "root.cache";
};

zone "localhost" {
	type master;
	file "localhost";
};

zone "127.IN-ADDR.ARPA" {
	type master;
	file "127";
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
	type master;
	file "loopback.v6";
};

# example secondary server config:
#
# zone "Berkeley.EDU" {
# 	type slave;
# 	file "berkeley.edu.cache";
# 	masters {
# 		128.32.130.11;
# 		128.32.133.1;
# 	};
# };

# zone "32.128.IN-ADDR.ARPA" {
# 	type slave;
# 	file "128.32.cache";
# 	masters {
# 		128.32.130.11;
# 		128.32.133.1;
# 	};
# };

# example primary server config:
# 
# zone "Berkeley.EDU" {
# 	type master;
# 	file "berkeley.edu";
# };

# zone "32.128.IN-ADDR.ARPA" {
# 	type master;
# 	file "128.32";
# };