diff options
Diffstat (limited to 'etc/namedb')
-rw-r--r-- | etc/namedb/PROTO.localhost-v6.rev | 17 | ||||
-rw-r--r-- | etc/namedb/PROTO.localhost.rev | 17 | ||||
-rwxr-xr-x | etc/namedb/make-localhost | 49 | ||||
-rw-r--r-- | etc/namedb/master/empty.db | 11 | ||||
-rw-r--r-- | etc/namedb/master/localhost-forward.db | 11 | ||||
-rw-r--r-- | etc/namedb/master/localhost-reverse.db | 13 | ||||
-rw-r--r-- | etc/namedb/named.conf | 216 |
7 files changed, 215 insertions, 119 deletions
diff --git a/etc/namedb/PROTO.localhost-v6.rev b/etc/namedb/PROTO.localhost-v6.rev deleted file mode 100644 index 1616771235d5..000000000000 --- a/etc/namedb/PROTO.localhost-v6.rev +++ /dev/null @@ -1,17 +0,0 @@ -; From: @(#)localhost.rev 5.1 (Berkeley) 6/30/90 -; $FreeBSD$ -; -; This file is automatically edited by the `make-localhost' script in -; the /etc/namedb directory. -; - -$TTL 3600 - -@ IN SOA @host@. root.@host@. ( - @date@ ; Serial - 3600 ; Refresh - 900 ; Retry - 3600000 ; Expire - 3600 ) ; Minimum - IN NS @host@. - IN PTR localhost.@domain@. diff --git a/etc/namedb/PROTO.localhost.rev b/etc/namedb/PROTO.localhost.rev deleted file mode 100644 index 046868305455..000000000000 --- a/etc/namedb/PROTO.localhost.rev +++ /dev/null @@ -1,17 +0,0 @@ -; From: @(#)localhost.rev 5.1 (Berkeley) 6/30/90 -; $FreeBSD$ -; -; This file is automatically edited by the `make-localhost' script in -; the /etc/namedb directory. -; - -$TTL 3600 - -@ IN SOA @host@. root.@host@. ( - @date@ ; Serial - 3600 ; Refresh - 900 ; Retry - 3600000 ; Expire - 3600 ) ; Minimum - IN NS @host@. -1 IN PTR localhost.@domain@. diff --git a/etc/namedb/make-localhost b/etc/namedb/make-localhost deleted file mode 100755 index 60fbe49441ab..000000000000 --- a/etc/namedb/make-localhost +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# -# make-localhost - edit the appropriate local information into -# /etc/namedb/localhost.rev -# - -PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin -export PATH - -if [ "`hostname -s`" != "`hostname`" ]; then - # hostname must contain domain - - host=`hostname -s` - fullhost=`hostname` - domain=`echo $fullhost | sed "s/^$host\.//"` -else - host=`hostname` - - if [ -z "$1" ]; then - echo -n 'Enter your domain name: ' - read domain - else - domain="$1" - fi - - # strip trailing dot, if any - domain=`echo $domain | sed 's/\.$//'` - fullhost="$host.$domain" -fi - -date=`date +"%Y%m%d"` - -mkdir -p master - -mv -f master/localhost-v6.rev master/localhost-v6.rev.BAK 2>/dev/null - -sed -e "s/@host@/$fullhost/g" \ - -e "s/@domain@/$domain/g" \ - -e "s/@date@/$date/g" \ - < PROTO.localhost-v6.rev > master/localhost-v6.rev - -mv -f master/localhost.rev master/localhost.rev.BAK 2>/dev/null - -exec sed -e "s/@host@/$fullhost/g" \ - -e "s/@domain@/$domain/g" \ - -e "s/@date@/$date/g" \ - < PROTO.localhost.rev > master/localhost.rev diff --git a/etc/namedb/master/empty.db b/etc/namedb/master/empty.db new file mode 100644 index 000000000000..070f6634825a --- /dev/null +++ b/etc/namedb/master/empty.db @@ -0,0 +1,11 @@ + +; $FreeBSD$ + +$TTL 3h +@ SOA @ nobody.localhost. 42 1d 12h 1w 3h + ; Serial, Refresh, Retry, Expire, Neg. cache TTL + +@ NS @ + +; Silence a BIND warning +@ A 127.0.0.1 diff --git a/etc/namedb/master/localhost-forward.db b/etc/namedb/master/localhost-forward.db new file mode 100644 index 000000000000..9156d2f09978 --- /dev/null +++ b/etc/namedb/master/localhost-forward.db @@ -0,0 +1,11 @@ + +; $FreeBSD$ + +$TTL 3h +localhost. SOA localhost. nobody.localhost. 42 1d 12h 1w 3h + ; Serial, Refresh, Retry, Expire, Neg. cache TTL + + NS localhost. + + A 127.0.0.1 + AAAA ::1 diff --git a/etc/namedb/master/localhost-reverse.db b/etc/namedb/master/localhost-reverse.db new file mode 100644 index 000000000000..ceabe059ba77 --- /dev/null +++ b/etc/namedb/master/localhost-reverse.db @@ -0,0 +1,13 @@ + +; $FreeBSD$ + +$TTL 3h +@ SOA localhost. nobody.localhost. 42 1d 12h 1w 3h + ; Serial, Refresh, Retry, Expire, Neg. cache TTL + + NS localhost. + +1.0.0 PTR localhost. + +1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR localhost. + diff --git a/etc/namedb/named.conf b/etc/namedb/named.conf index 4a7772fe13b0..7c51ae6e6094 100644 --- a/etc/namedb/named.conf +++ b/etc/namedb/named.conf @@ -9,6 +9,7 @@ // or cause huge amounts of useless Internet traffic. options { + // Relative to the chroot directory, if any directory "/etc/namedb"; pid-file "/var/run/named/pid"; dump-file "/var/dump/named_dump.db"; @@ -28,7 +29,7 @@ options { // server to never initiate queries of its own, but always ask its // forwarders only, by enabling the following line: // -// forward only; +// forward only; // If you've got a DNS server around at your upstream provider, enter // its IP address here, and enable the line below. This will make you @@ -52,52 +53,202 @@ options { // first in your /etc/resolv.conf so this server will be queried. // Also, make sure to enable it in /etc/rc.conf. +/* Slaving the following zones from the root name servers has some + significant advantages: + 1. Faster local resolution for your users + 2. No spurious traffic will be sent from your network to the roots + 3. Greater resilience to any potential root server failure/DDoS + + If you do not wish to slave these zones from the root servers + use the entry below instead. + zone "." { type hint; file "named.root"; }; +*/ zone "." { - type hint; - file "named.root"; + type slave; + file "slave/root.slave"; + masters { + 192.5.5.241; // F.ROOT-SERVERS.NET. + 192.228.79.201; // B.ROOT-SERVERS.NET. + 192.33.4.12; // C.ROOT-SERVERS.NET. + 192.112.36.4; // G.ROOT-SERVERS.NET. + 193.0.14.129; // K.ROOT-SERVERS.NET. + }; + notify no; }; - -zone "0.0.127.IN-ADDR.ARPA" { - type master; - file "master/localhost.rev"; +zone "arpa" { + type slave; + file "slave/arpa.slave"; + masters { + 192.5.5.241; // F.ROOT-SERVERS.NET. + 192.228.79.201; // B.ROOT-SERVERS.NET. + 192.33.4.12; // C.ROOT-SERVERS.NET. + 192.112.36.4; // G.ROOT-SERVERS.NET. + 193.0.14.129; // K.ROOT-SERVERS.NET. + }; + notify no; }; - -// RFC 3152 -zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" { - type master; - file "master/localhost-v6.rev"; +zone "in-addr.arpa" { + type slave; + file "slave/in-addr.arpa.slave"; + masters { + 192.5.5.241; // F.ROOT-SERVERS.NET. + 192.228.79.201; // B.ROOT-SERVERS.NET. + 192.33.4.12; // C.ROOT-SERVERS.NET. + 192.112.36.4; // G.ROOT-SERVERS.NET. + 193.0.14.129; // K.ROOT-SERVERS.NET. + }; + notify no; }; +/* Serving the following zones locally will prevent any queries + for these zones leaving your network and going to the root + name servers. This has two significant advantages: + 1. Faster local resolution for your users + 2. No spurious traffic will be sent from your network to the roots +*/ +// RFC 1912 +zone "localhost" { type master; file "master/localhost-forward.db"; }; +zone "127.in-addr.arpa" { type master; file "master/localhost-reverse.db"; }; +zone "255.in-addr.arpa" { type master; file "master/empty.db"; }; + +// RFC 1912-style zone for IPv6 localhost address +zone "0.ip6.arpa" { type master; file "master/localhost-reverse.db"; }; + +// "This" Network (RFCs 1912 and 3330) +zone "0.in-addr.arpa" { type master; file "master/empty.db"; }; + +// IANA Reserved - Unlikely to ever be assigned +zone "1.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "2.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "223.in-addr.arpa" { type master; file "master/empty.db"; }; + +// Public Data Networks (RFC 3330) +zone "14.in-addr.arpa" { type master; file "master/empty.db"; }; + +// Private Use Networks (RFC 1918) +zone "10.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "16.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "17.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "18.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "19.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "20.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "21.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "22.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "23.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "24.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "25.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "26.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "27.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "28.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "29.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "30.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "31.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "168.192.in-addr.arpa" { type master; file "master/empty.db"; }; + +// Link-local/APIPA (RFCs 3330 and 3927) +zone "254.169.in-addr.arpa" { type master; file "master/empty.db"; }; + +// TEST-NET for Documentation (RFC 3330) +zone "2.0.192.in-addr.arpa" { type master; file "master/empty.db"; }; + +// Router Benchmark Testing (RFC 2544) +zone "18.192.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "19.192.in-addr.arpa" { type master; file "master/empty.db"; }; + +// IANA Reserved - Old Class E Space +zone "240.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "241.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "242.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "243.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "244.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "245.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "246.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "247.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "248.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "249.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "250.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "251.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "252.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "253.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "254.in-addr.arpa" { type master; file "master/empty.db"; }; + +// IPv6 Unassigned Addresses (RFC 4291) +zone "1.ip6.arpa" { type master; file "master/empty.db"; }; +zone "3.ip6.arpa" { type master; file "master/empty.db"; }; +zone "4.ip6.arpa" { type master; file "master/empty.db"; }; +zone "5.ip6.arpa" { type master; file "master/empty.db"; }; +zone "6.ip6.arpa" { type master; file "master/empty.db"; }; +zone "7.ip6.arpa" { type master; file "master/empty.db"; }; +zone "8.ip6.arpa" { type master; file "master/empty.db"; }; +zone "9.ip6.arpa" { type master; file "master/empty.db"; }; +zone "a.ip6.arpa" { type master; file "master/empty.db"; }; +zone "b.ip6.arpa" { type master; file "master/empty.db"; }; +zone "c.ip6.arpa" { type master; file "master/empty.db"; }; +zone "d.ip6.arpa" { type master; file "master/empty.db"; }; +zone "e.ip6.arpa" { type master; file "master/empty.db"; }; +zone "0.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "1.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "2.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "3.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "4.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "5.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "6.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "7.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "8.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "9.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "a.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "b.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "0.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "1.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "2.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "3.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "4.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "5.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "6.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "7.e.f.ip6.arpa" { type master; file "master/empty.db"; }; + +// IPv6 ULA (RFC 4193) +zone "c.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "d.f.ip6.arpa" { type master; file "master/empty.db"; }; + +// IPv6 Link Local (RFC 4291) +zone "8.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "9.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "a.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "b.e.f.ip6.arpa" { type master; file "master/empty.db"; }; + +// IPv6 Deprecated Site-Local Addresses (RFC 3879) +zone "c.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "d.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "e.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "f.e.f.ip6.arpa" { type master; file "master/empty.db"; }; + +// IP6.INT is Deprecated (RFC 4159) +zone "ip6.int" { type master; file "master/empty.db"; }; + // NB: Do not use the IP addresses below, they are faked, and only // serve demonstration/documentation purposes! // // Example slave zone config entries. It can be convenient to become // a slave at least for the zone your own domain is in. Ask // your network administrator for the IP address of the responsible -// primary. +// master name server. // -// Never forget to include the reverse lookup (IN-ADDR.ARPA) zone! -// (This is named after the first bytes of the IP address, in reverse -// order, with ".IN-ADDR.ARPA" appended.) +// Do not forget to include the reverse lookup zone! +// This is named after the first bytes of the IP address, in reverse +// order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6. // -// Before starting to set up a primary zone, make sure you fully -// understand how DNS and BIND works. There are sometimes -// non-obvious pitfalls. Setting up a slave zone is simpler. +// Before starting to set up a master zone, make sure you fully +// understand how DNS and BIND work. There are sometimes +// non-obvious pitfalls. Setting up a slave zone is usually simpler. // // NB: Don't blindly enable the examples below. :-) Use actual names // and addresses instead. -/* An example master zone -zone "example.net" { - type master; - file "master/example.net"; -}; -*/ - /* An example dynamic zone key "exampleorgkey" { - algorithm hmac-md5; - secret "sf87HJqjkqh8ac87a02lla=="; + algorithm hmac-md5; + secret "sf87HJqjkqh8ac87a02lla=="; }; zone "example.org" { type master; @@ -108,14 +259,7 @@ zone "example.org" { }; */ -/* Examples of forward and reverse slave zones -zone "example.com" { - type slave; - file "slave/example.com"; - masters { - 192.168.1.1; - }; -}; +/* Example of a slave reverse zone zone "1.168.192.in-addr.arpa" { type slave; file "slave/1.168.192.in-addr.arpa"; |