From owner-freebsd-current@FreeBSD.ORG Sun Oct 3 12:47:11 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2C4D216A4CE for ; Sun, 3 Oct 2004 12:47:11 +0000 (GMT) Received: from web54005.mail.yahoo.com (web54005.mail.yahoo.com [206.190.36.229]) by mx1.FreeBSD.org (Postfix) with SMTP id ADAEE43D1F for ; Sun, 3 Oct 2004 12:47:10 +0000 (GMT) (envelope-from spamrefuse@yahoo.com) Message-ID: <20041003124710.30828.qmail@web54005.mail.yahoo.com> Received: from [147.46.44.181] by web54005.mail.yahoo.com via HTTP; Sun, 03 Oct 2004 05:47:10 PDT Date: Sun, 3 Oct 2004 05:47:10 -0700 (PDT) From: spam maps To: freebsd-current@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: 5.3 & bind9: named.conf vs. named.sample ; why are they different? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Oct 2004 12:47:11 -0000 I have these two files in /var/named/etc/namedb, but are different. Is /var/named/etc/namedb/named.conf redundant and old? # diff -u /var/named/etc/namedb/named.conf /var/named/etc/namedb/named.sample --- /var/named/etc/namedb/named.conf Sat Oct 2 14:58:53 2004 +++ /var/named/etc/namedb/named.sample Sat Oct 2 14:55:49 2004 @@ -1,14 +1,28 @@ -// $FreeBSD: src/etc/namedb/named.conf,v 1.15 2004/06/06 11:46:29 schweikh Exp $ +// $FreeBSD: src/etc/namedb/named.conf,v 1.15.2.1 2004/09/30 23:36:07 dougb Exp $ // -// Refer to the named.conf(5) and named(8) man pages for details. If -// you are ever going to set up a primary server, make sure you +// Refer to the named.conf(5) and named(8) man pages, and the documentation +// in /usr/share/doc/bind9 for more details. +// +// If you are going to set up an authoritative server, make sure you // understand the hairy details of how DNS works. Even with // simple mistakes, you can break connectivity for affected parties, // or cause huge amounts of useless Internet traffic. options { - directory "/etc/namedb"; - pid-file "/var/run/named/pid"; + directory "/etc/namedb"; + pid-file "/var/run/named/pid"; + dump-file "/var/dump/named_dump.db"; + statistics-file "/var/stats/named.stats"; + +// If named is being used only as a local resolver, this is a safe default. +// For named to be accessible to the network, comment this option, specify +// the proper IP address, or delete this option. + listen-on { 127.0.0.1; }; + +// If you have IPv6 enabled on this system, uncomment this option for +// use as a local resolver. To give access to the network, specify +// an IPv6 address, or the keyword "any". +// listen-on-v6 { ::1; }; // In addition to the "forwarders" clause, you can force your name // server to never initiate queries of its own, but always ask its @@ -28,30 +42,12 @@ * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked - * questions using port 53, but BIND 8.1 uses an unprivileged - * port by default. + * questions using port 53, but BIND versions 8 and later + * use a pseudo-random unprivileged UDP port by default. */ // query-source address * port 53; - - /* - * location for the dumpfile. - */ - // dump-file "s/named_dump.db"; }; -// Note: the following will be supported in a future release. -/* -host { any; } { - topology { - 127.0.0.0/8; - }; -}; -*/ - -// Setting up secondaries is way easier and a rough example for this -// is provided below. -// // If you enable a local name server, don't forget to enter 127.0.0.1 // first in your /etc/resolv.conf so this server will be queried. // Also, make sure to enable it in /etc/rc.conf. @@ -63,26 +59,26 @@ zone "0.0.127.IN-ADDR.ARPA" { type master; - file "localhost.rev"; + file "master/localhost.rev"; }; // RFC 3152 zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" { type master; - file "localhost-v6.rev"; + file "master/localhost-v6.rev"; }; // RFC 1886 -- deprecated zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" { type master; - file "localhost-v6.rev"; + file "master/localhost-v6.rev"; }; // NB: Do not use the IP addresses below, they are faked, and only // serve demonstration/documentation purposes! // -// Example secondary config entries. It can be convenient to become -// a secondary at least for the zone your own domain is in. Ask +// Example slave zone config entries. It can be convenient to become +// a slave at least for the zone your own domain is in. Ask - * If running in a sandbox, you may have to specify a different - * location for the dumpfile. - */ - // dump-file "s/named_dump.db"; }; -// Note: the following will be supported in a future release. -/* -host { any; } { - topology { - 127.0.0.0/8; - }; -}; -*/ - -// Setting up secondaries is way easier and a rough example for this -// is provided below. -// // If you enable a local name server, don't forget to enter 127.0.0.1 // first in your /etc/resolv.conf so this server will be queried. // Also, make sure to enable it in /etc/rc.conf. @@ -63,26 +59,26 @@ zone "0.0.127.IN-ADDR.ARPA" { type master; - file "localhost.rev"; + file "master/localhost.rev"; }; // RFC 3152 zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" { type master; - file "localhost-v6.rev"; + file "master/localhost-v6.rev"; }; // RFC 1886 -- deprecated zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" { type master; - file "localhost-v6.rev"; + file "master/localhost-v6.rev"; }; // NB: Do not use the IP addresses below, they are faked, and only // serve demonstration/documentation purposes! // -// Example secondary config entries. It can be convenient to become -// a secondary at least for the zone your own domain is in. Ask +// Example slave zone config entries. It can be convenient to become +// a slave at least for the zone your own domain is in. Ask // your network administrator for the IP address of the responsible // primary. // @@ -92,23 +88,15 @@ // // Before starting to set up a primary zone, make sure you fully // understand how DNS and BIND works. There are sometimes -// non-obvious pitfalls. Setting up a secondary is simpler. +// non-obvious pitfalls. Setting up a slave zone is simpler. // // NB: Don't blindly enable the examples below. :-) Use actual names // and addresses instead. -// -// NOTE!!! FreeBSD can run bind in a sandbox (see named_flags in rc.conf). -// The directory containing the secondary zones must be write accessible -// to bind. The following sequence is suggested: -// -// mkdir /etc/namedb/s -// chown bind:bind /etc/namedb/s -// chmod 750 /etc/namedb/s /* -zone "domain.com" { +zone "example.com" { type slave; - file "s/domain.com.bak"; + file "slave/example.com"; masters { 192.168.1.1; }; @@ -116,7 +104,7 @@ zone "0.168.192.in-addr.arpa" { type slave; - file "s/0.168.192.in-addr.arpa.bak"; + file "slave/0.168.192.in-addr.arpa"; masters { 192.168.1.1; _______________________________ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com