diff options
| author | Doug Barton <dougb@FreeBSD.org> | 2007-07-11 07:08:23 +0000 |
|---|---|---|
| committer | Doug Barton <dougb@FreeBSD.org> | 2007-07-11 07:08:23 +0000 |
| commit | e7e5f09f36e68bd69e221a241643d7e428186f76 (patch) | |
| tree | 3d9b24ea9a6ecb59e42d3bd9957acd3f5a611e6c | |
| parent | 9ae49a84397a5991b29538ae9654f63ab001777a (diff) | |
Notes
| -rw-r--r-- | etc/Makefile | 30 | ||||
| -rw-r--r-- | etc/namedb/Makefile | 10 | ||||
| -rw-r--r-- | etc/namedb/PROTO.localhost-v6.rev | 17 | ||||
| -rw-r--r-- | etc/namedb/PROTO.localhost.rev | 17 | ||||
| -rwxr-xr-x | etc/namedb/make-localhost | 49 | ||||
| -rw-r--r-- | etc/namedb/named.conf | 220 |
6 files changed, 203 insertions, 140 deletions
diff --git a/etc/Makefile b/etc/Makefile index 71287de85ab2..883248eabe19 100644 --- a/etc/Makefile +++ b/etc/Makefile @@ -58,11 +58,6 @@ MTREE+= BIND.include.dist .endif .endif -.if !defined(NO_BIND_ETC) && !defined(NO_BIND) && !defined(NO_BIND_MTREE) -NAMEDB= PROTO.localhost.rev PROTO.localhost-v6.rev named.conf named.root \ - make-localhost -.endif - PPPCNF= ppp.conf .if defined(NO_SENDMAIL) @@ -128,6 +123,19 @@ distribution: .if !defined(NO_I4B) cd ${.CURDIR}/isdn; ${MAKE} install .endif + +.if !defined(NO_BIND) +.if !defined(NO_BIND_MTREE) + @if [ ! -e ${DESTDIR}/etc/namedb ]; then \ + set -x; \ + ln -s ../var/named/etc/namedb ${DESTDIR}/etc/namedb; \ + fi +.endif +.if !defined(NO_BIND_ETC) + cd ${.CURDIR}/namedb; ${MAKE} install +.endif +.endif + .if !defined(NO_SENDMAIL) cd ${.CURDIR}/sendmail; ${MAKE} distribution .endif @@ -156,18 +164,6 @@ distribution: ln ${DESTDIR}/root/.profile ${DESTDIR}/.profile cd ${.CURDIR}/mtree; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 444 \ ${MTREE} ${DESTDIR}/etc/mtree -.if !defined(NO_BIND) -.if !defined(NO_BIND_ETC) && !defined(NO_BIND_MTREE) - cd ${.CURDIR}/namedb; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ - ${NAMEDB} ${DESTDIR}/var/named/etc/namedb -.endif -.if !defined(NO_BIND_MTREE) - @if [ ! -e ${DESTDIR}/etc/namedb ]; then \ - set -x; \ - ln -s ../var/named/etc/namedb ${DESTDIR}/etc/namedb; \ - fi -.endif -.endif cd ${.CURDIR}/ppp; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 600 \ ${PPPCNF} ${DESTDIR}/etc/ppp cd ${.CURDIR}/mail; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ diff --git a/etc/namedb/Makefile b/etc/namedb/Makefile index 1d240f6a0b72..3a5e1f699a23 100644 --- a/etc/namedb/Makefile +++ b/etc/namedb/Makefile @@ -1,9 +1,11 @@ # $FreeBSD$ -FILES= PROTO.localhost.rev PROTO.localhost-v6.rev named.conf named.root \ - make-localhost +SUBDIR= master + +FILES= named.conf named.root + NO_OBJ= -FILESDIR= /etc/namedb -FILESMODE= 644 +FILESDIR= /etc/namedb +FILESMODE= 644 .include <bsd.prog.mk> diff --git a/etc/namedb/PROTO.localhost-v6.rev b/etc/namedb/PROTO.localhost-v6.rev deleted file mode 100644 index 1616771235d5..000000000000 --- a/etc/namedb/PROTO.localhost-v6.rev +++ /dev/null @@ -1,17 +0,0 @@ -; From: @(#)localhost.rev 5.1 (Berkeley) 6/30/90 -; $FreeBSD$ -; -; This file is automatically edited by the `make-localhost' script in -; the /etc/namedb directory. -; - -$TTL 3600 - -@ IN SOA @host@. root.@host@. ( - @date@ ; Serial - 3600 ; Refresh - 900 ; Retry - 3600000 ; Expire - 3600 ) ; Minimum - IN NS @host@. - IN PTR localhost.@domain@. diff --git a/etc/namedb/PROTO.localhost.rev b/etc/namedb/PROTO.localhost.rev deleted file mode 100644 index 046868305455..000000000000 --- a/etc/namedb/PROTO.localhost.rev +++ /dev/null @@ -1,17 +0,0 @@ -; From: @(#)localhost.rev 5.1 (Berkeley) 6/30/90 -; $FreeBSD$ -; -; This file is automatically edited by the `make-localhost' script in -; the /etc/namedb directory. -; - -$TTL 3600 - -@ IN SOA @host@. root.@host@. ( - @date@ ; Serial - 3600 ; Refresh - 900 ; Retry - 3600000 ; Expire - 3600 ) ; Minimum - IN NS @host@. -1 IN PTR localhost.@domain@. diff --git a/etc/namedb/make-localhost b/etc/namedb/make-localhost deleted file mode 100755 index 60fbe49441ab..000000000000 --- a/etc/namedb/make-localhost +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# -# make-localhost - edit the appropriate local information into -# /etc/namedb/localhost.rev -# - -PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin -export PATH - -if [ "`hostname -s`" != "`hostname`" ]; then - # hostname must contain domain - - host=`hostname -s` - fullhost=`hostname` - domain=`echo $fullhost | sed "s/^$host\.//"` -else - host=`hostname` - - if [ -z "$1" ]; then - echo -n 'Enter your domain name: ' - read domain - else - domain="$1" - fi - - # strip trailing dot, if any - domain=`echo $domain | sed 's/\.$//'` - fullhost="$host.$domain" -fi - -date=`date +"%Y%m%d"` - -mkdir -p master - -mv -f master/localhost-v6.rev master/localhost-v6.rev.BAK 2>/dev/null - -sed -e "s/@host@/$fullhost/g" \ - -e "s/@domain@/$domain/g" \ - -e "s/@date@/$date/g" \ - < PROTO.localhost-v6.rev > master/localhost-v6.rev - -mv -f master/localhost.rev master/localhost.rev.BAK 2>/dev/null - -exec sed -e "s/@host@/$fullhost/g" \ - -e "s/@domain@/$domain/g" \ - -e "s/@date@/$date/g" \ - < PROTO.localhost.rev > master/localhost.rev diff --git a/etc/namedb/named.conf b/etc/namedb/named.conf index 4a7772fe13b0..41a90a8cebda 100644 --- a/etc/namedb/named.conf +++ b/etc/namedb/named.conf @@ -9,11 +9,16 @@ // or cause huge amounts of useless Internet traffic. options { + // Relative to the chroot directory, if any directory "/etc/namedb"; pid-file "/var/run/named/pid"; dump-file "/var/dump/named_dump.db"; statistics-file "/var/stats/named.stats"; + disable-empty-zone "255.255.255.255.IN-ADDR.ARPA"; + disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; + disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; + // If named is being used only as a local resolver, this is a safe default. // For named to be accessible to the network, comment this option, specify // the proper IP address, or delete this option. @@ -28,7 +33,7 @@ options { // server to never initiate queries of its own, but always ask its // forwarders only, by enabling the following line: // -// forward only; +// forward only; // If you've got a DNS server around at your upstream provider, enter // its IP address here, and enable the line below. This will make you @@ -52,52 +57,202 @@ options { // first in your /etc/resolv.conf so this server will be queried. // Also, make sure to enable it in /etc/rc.conf. +/* Slaving the following zones from the root name servers has some + significant advantages: + 1. Faster local resolution for your users + 2. No spurious traffic will be sent from your network to the roots + 3. Greater resilience to any potential root server failure/DDoS + + If you do not wish to slave these zones from the root servers + use the entry below instead. + zone "." { type hint; file "named.root"; }; +*/ zone "." { - type hint; - file "named.root"; + type slave; + file "slave/root.slave"; + masters { + 192.5.5.241; // F.ROOT-SERVERS.NET. + 192.228.79.201; // B.ROOT-SERVERS.NET. + 192.33.4.12; // C.ROOT-SERVERS.NET. + 192.112.36.4; // G.ROOT-SERVERS.NET. + 193.0.14.129; // K.ROOT-SERVERS.NET. + }; + notify no; }; - -zone "0.0.127.IN-ADDR.ARPA" { - type master; - file "master/localhost.rev"; +zone "arpa" { + type slave; + file "slave/arpa.slave"; + masters { + 192.5.5.241; // F.ROOT-SERVERS.NET. + 192.228.79.201; // B.ROOT-SERVERS.NET. + 192.33.4.12; // C.ROOT-SERVERS.NET. + 192.112.36.4; // G.ROOT-SERVERS.NET. + 193.0.14.129; // K.ROOT-SERVERS.NET. + }; + notify no; }; - -// RFC 3152 -zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" { - type master; - file "master/localhost-v6.rev"; +zone "in-addr.arpa" { + type slave; + file "slave/in-addr.arpa.slave"; + masters { + 192.5.5.241; // F.ROOT-SERVERS.NET. + 192.228.79.201; // B.ROOT-SERVERS.NET. + 192.33.4.12; // C.ROOT-SERVERS.NET. + 192.112.36.4; // G.ROOT-SERVERS.NET. + 193.0.14.129; // K.ROOT-SERVERS.NET. + }; + notify no; }; +/* Serving the following zones locally will prevent any queries + for these zones leaving your network and going to the root + name servers. This has two significant advantages: + 1. Faster local resolution for your users + 2. No spurious traffic will be sent from your network to the roots +*/ +// RFC 1912 +zone "localhost" { type master; file "master/localhost-forward.db"; }; +zone "127.in-addr.arpa" { type master; file "master/localhost-reverse.db"; }; +zone "255.in-addr.arpa" { type master; file "master/empty.db"; }; + +// RFC 1912-style zone for IPv6 localhost address +zone "0.ip6.arpa" { type master; file "master/localhost-reverse.db"; }; + +// "This" Network (RFCs 1912 and 3330) +zone "0.in-addr.arpa" { type master; file "master/empty.db"; }; + +// IANA Reserved - Unlikely to ever be assigned +zone "1.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "2.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "223.in-addr.arpa" { type master; file "master/empty.db"; }; + +// Public Data Networks (RFC 3330) +zone "14.in-addr.arpa" { type master; file "master/empty.db"; }; + +// Private Use Networks (RFC 1918) +zone "10.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "16.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "17.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "18.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "19.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "20.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "21.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "22.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "23.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "24.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "25.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "26.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "27.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "28.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "29.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "30.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "31.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "168.192.in-addr.arpa" { type master; file "master/empty.db"; }; + +// Link-local/APIPA (RFCs 3330 and 3927) +zone "254.169.in-addr.arpa" { type master; file "master/empty.db"; }; + +// TEST-NET for Documentation (RFC 3330) +zone "2.0.192.in-addr.arpa" { type master; file "master/empty.db"; }; + +// Router Benchmark Testing (RFC 2544) +zone "18.192.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "19.192.in-addr.arpa" { type master; file "master/empty.db"; }; + +// IANA Reserved - Old Class E Space +zone "240.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "241.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "242.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "243.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "244.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "245.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "246.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "247.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "248.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "249.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "250.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "251.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "252.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "253.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "254.in-addr.arpa" { type master; file "master/empty.db"; }; + +// IPv6 Unassigned Addresses (RFC 4291) +zone "1.ip6.arpa" { type master; file "master/empty.db"; }; +zone "3.ip6.arpa" { type master; file "master/empty.db"; }; +zone "4.ip6.arpa" { type master; file "master/empty.db"; }; +zone "5.ip6.arpa" { type master; file "master/empty.db"; }; +zone "6.ip6.arpa" { type master; file "master/empty.db"; }; +zone "7.ip6.arpa" { type master; file "master/empty.db"; }; +zone "8.ip6.arpa" { type master; file "master/empty.db"; }; +zone "9.ip6.arpa" { type master; file "master/empty.db"; }; +zone "a.ip6.arpa" { type master; file "master/empty.db"; }; +zone "b.ip6.arpa" { type master; file "master/empty.db"; }; +zone "c.ip6.arpa" { type master; file "master/empty.db"; }; +zone "d.ip6.arpa" { type master; file "master/empty.db"; }; +zone "e.ip6.arpa" { type master; file "master/empty.db"; }; +zone "0.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "1.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "2.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "3.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "4.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "5.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "6.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "7.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "8.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "9.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "a.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "b.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "0.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "1.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "2.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "3.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "4.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "5.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "6.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "7.e.f.ip6.arpa" { type master; file "master/empty.db"; }; + +// IPv6 ULA (RFC 4193) +zone "c.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "d.f.ip6.arpa" { type master; file "master/empty.db"; }; + +// IPv6 Link Local (RFC 4291) +zone "8.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "9.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "a.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "b.e.f.ip6.arpa" { type master; file "master/empty.db"; }; + +// IPv6 Deprecated Site-Local Addresses (RFC 3879) +zone "c.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "d.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "e.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "f.e.f.ip6.arpa" { type master; file "master/empty.db"; }; + +// IP6.INT is Deprecated (RFC 4159) +zone "ip6.int" { type master; file "master/empty.db"; }; + // NB: Do not use the IP addresses below, they are faked, and only // serve demonstration/documentation purposes! // // Example slave zone config entries. It can be convenient to become // a slave at least for the zone your own domain is in. Ask // your network administrator for the IP address of the responsible -// primary. +// master name server. // -// Never forget to include the reverse lookup (IN-ADDR.ARPA) zone! -// (This is named after the first bytes of the IP address, in reverse -// order, with ".IN-ADDR.ARPA" appended.) +// Do not forget to include the reverse lookup zone! +// This is named after the first bytes of the IP address, in reverse +// order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6. // -// Before starting to set up a primary zone, make sure you fully -// understand how DNS and BIND works. There are sometimes -// non-obvious pitfalls. Setting up a slave zone is simpler. +// Before starting to set up a master zone, make sure you fully +// understand how DNS and BIND work. There are sometimes +// non-obvious pitfalls. Setting up a slave zone is usually simpler. // // NB: Don't blindly enable the examples below. :-) Use actual names // and addresses instead. -/* An example master zone -zone "example.net" { - type master; - file "master/example.net"; -}; -*/ - /* An example dynamic zone key "exampleorgkey" { - algorithm hmac-md5; - secret "sf87HJqjkqh8ac87a02lla=="; + algorithm hmac-md5; + secret "sf87HJqjkqh8ac87a02lla=="; }; zone "example.org" { type master; @@ -108,14 +263,7 @@ zone "example.org" { }; */ -/* Examples of forward and reverse slave zones -zone "example.com" { - type slave; - file "slave/example.com"; - masters { - 192.168.1.1; - }; -}; +/* Example of a slave reverse zone zone "1.168.192.in-addr.arpa" { type slave; file "slave/1.168.192.in-addr.arpa"; |