head 1.11; access; symbols netbsd-10-0-RELEASE:1.10.6.1 netbsd-10-0-RC6:1.10.6.1 netbsd-10-0-RC5:1.10 netbsd-10-0-RC4:1.10 netbsd-10-0-RC3:1.10 netbsd-10-0-RC2:1.10 netbsd-10-0-RC1:1.10 netbsd-10:1.10.0.6 netbsd-10-base:1.10 netbsd-9-3-RELEASE:1.7.32.1 cjep_sun2x-base1:1.10 cjep_sun2x:1.10.0.4 cjep_sun2x-base:1.10 cjep_staticlib_x-base1:1.10 netbsd-9-2-RELEASE:1.7.32.1 cjep_staticlib_x:1.10.0.2 cjep_staticlib_x-base:1.10 netbsd-9-1-RELEASE:1.7.32.1 phil-wifi-20200421:1.8 phil-wifi-20200411:1.8 is-mlppp:1.7.0.34 is-mlppp-base:1.7 phil-wifi-20200406:1.8 netbsd-8-2-RELEASE:1.7.22.1 netbsd-9-0-RELEASE:1.7 netbsd-9-0-RC2:1.7 netbsd-9-0-RC1:1.7 phil-wifi-20191119:1.7 netbsd-9:1.7.0.32 netbsd-9-base:1.7 phil-wifi-20190609:1.7 netbsd-8-1-RELEASE:1.7 netbsd-8-1-RC1:1.7 pgoyette-compat-merge-20190127:1.7 pgoyette-compat-20190127:1.7 pgoyette-compat-20190118:1.7 pgoyette-compat-1226:1.7 pgoyette-compat-1126:1.7 pgoyette-compat-1020:1.7 pgoyette-compat-0930:1.7 pgoyette-compat-0906:1.7 netbsd-7-2-RELEASE:1.7 pgoyette-compat-0728:1.7 netbsd-8-0-RELEASE:1.7 phil-wifi:1.7.0.30 phil-wifi-base:1.7 pgoyette-compat-0625:1.7 netbsd-8-0-RC2:1.7 pgoyette-compat-0521:1.7 pgoyette-compat-0502:1.7 pgoyette-compat-0422:1.7 netbsd-8-0-RC1:1.7 pgoyette-compat-0415:1.7 pgoyette-compat-0407:1.7 pgoyette-compat-0330:1.7 pgoyette-compat-0322:1.7 pgoyette-compat-0315:1.7 netbsd-7-1-2-RELEASE:1.7 pgoyette-compat:1.7.0.28 pgoyette-compat-base:1.7 netbsd-7-1-1-RELEASE:1.7 matt-nb8-mediatek:1.7.0.26 matt-nb8-mediatek-base:1.7 perseant-stdc-iso10646:1.7.0.24 perseant-stdc-iso10646-base:1.7 netbsd-8:1.7.0.22 netbsd-8-base:1.7 prg-localcount2-base3:1.7 prg-localcount2-base2:1.7 prg-localcount2-base1:1.7 prg-localcount2:1.7.0.20 prg-localcount2-base:1.7 pgoyette-localcount-20170426:1.7 bouyer-socketcan-base1:1.7 pgoyette-localcount-20170320:1.7 netbsd-7-1:1.7.0.18 netbsd-7-1-RELEASE:1.7 netbsd-7-1-RC2:1.7 netbsd-7-nhusb-base-20170116:1.7 bouyer-socketcan:1.7.0.16 bouyer-socketcan-base:1.7 pgoyette-localcount-20170107:1.7 netbsd-7-1-RC1:1.7 pgoyette-localcount-20161104:1.7 netbsd-7-0-2-RELEASE:1.7 localcount-20160914:1.7 netbsd-7-nhusb:1.7.0.14 netbsd-7-nhusb-base:1.7 pgoyette-localcount-20160806:1.7 pgoyette-localcount-20160726:1.7 pgoyette-localcount:1.7.0.12 pgoyette-localcount-base:1.7 netbsd-7-0-1-RELEASE:1.7 netbsd-7-0:1.7.0.10 netbsd-7-0-RELEASE:1.7 netbsd-7-0-RC3:1.7 netbsd-7-0-RC2:1.7 netbsd-7-0-RC1:1.7 netbsd-5-2-3-RELEASE:1.5.2.1 netbsd-5-1-5-RELEASE:1.5.10.1 netbsd-6-0-6-RELEASE:1.6 netbsd-6-1-5-RELEASE:1.6 netbsd-7:1.7.0.8 netbsd-7-base:1.7 yamt-pagecache-base9:1.7 yamt-pagecache-tag8:1.6 netbsd-6-1-4-RELEASE:1.6 netbsd-6-0-5-RELEASE:1.6 tls-earlyentropy:1.7.0.6 tls-earlyentropy-base:1.7 riastradh-xf86-video-intel-2-7-1-pre-2-21-15:1.7 riastradh-drm2-base3:1.7 netbsd-6-1-3-RELEASE:1.6 netbsd-6-0-4-RELEASE:1.6 netbsd-5-2-2-RELEASE:1.5.2.1 netbsd-5-1-4-RELEASE:1.5.10.1 netbsd-6-1-2-RELEASE:1.6 netbsd-6-0-3-RELEASE:1.6 netbsd-5-2-1-RELEASE:1.5.2.1 netbsd-5-1-3-RELEASE:1.5.10.1 netbsd-6-1-1-RELEASE:1.6 riastradh-drm2-base2:1.7 riastradh-drm2-base1:1.7 riastradh-drm2:1.7.0.4 riastradh-drm2-base:1.7 netbsd-6-1:1.6.0.20 netbsd-6-0-2-RELEASE:1.6 netbsd-6-1-RELEASE:1.6 khorben-n900:1.7.0.2 netbsd-6-1-RC4:1.6 netbsd-6-1-RC3:1.6 agc-symver:1.6.0.18 agc-symver-base:1.6 netbsd-6-1-RC2:1.6 netbsd-6-1-RC1:1.6 yamt-pagecache-base8:1.6 netbsd-5-2:1.5.2.1.0.2 netbsd-6-0-1-RELEASE:1.6 yamt-pagecache-base7:1.6 netbsd-5-2-RELEASE:1.5.2.1 netbsd-5-2-RC1:1.5.2.1 matt-nb6-plus-nbase:1.6 yamt-pagecache-base6:1.6 netbsd-6-0:1.6.0.14 netbsd-6-0-RELEASE:1.6 netbsd-6-0-RC2:1.6 tls-maxphys:1.6.0.12 tls-maxphys-base:1.7 matt-nb6-plus:1.6.0.10 matt-nb6-plus-base:1.6 netbsd-6-0-RC1:1.6 yamt-pagecache-base5:1.6 yamt-pagecache-base4:1.6 netbsd-6:1.6.0.8 netbsd-6-base:1.6 netbsd-5-1-2-RELEASE:1.5.10.1 netbsd-5-1-1-RELEASE:1.5.10.1 yamt-pagecache-base3:1.6 yamt-pagecache-base2:1.6 yamt-pagecache:1.6.0.6 yamt-pagecache-base:1.6 cherry-xenmp:1.6.0.4 cherry-xenmp-base:1.6 bouyer-quota2-nbase:1.6 bouyer-quota2:1.6.0.2 bouyer-quota2-base:1.6 matt-mips64-premerge-20101231:1.6 matt-nb5-mips64-premerge-20101231:1.5 matt-nb5-pq3:1.5.0.12 matt-nb5-pq3-base:1.5 netbsd-5-1:1.5.0.10 netbsd-5-1-RELEASE:1.5 netbsd-5-1-RC4:1.5 matt-nb5-mips64-k15:1.5 netbsd-5-1-RC3:1.5 netbsd-5-1-RC2:1.5 netbsd-5-1-RC1:1.5 netbsd-5-0-2-RELEASE:1.5 matt-nb5-mips64-premerge-20091211:1.5 matt-premerge-20091211:1.5 matt-nb5-mips64-u2-k2-k4-k7-k8-k9:1.5 matt-nb4-mips64-k7-u2a-k9b:1.5 matt-nb5-mips64-u1-k1-k5:1.5 matt-nb5-mips64:1.5.0.8 netbsd-5-0-1-RELEASE:1.5 jym-xensuspend-nbase:1.5 netbsd-5-0:1.5.0.6 netbsd-5-0-RELEASE:1.5 netbsd-5-0-RC4:1.5 netbsd-5-0-RC3:1.5 netbsd-5-0-RC2:1.5 jym-xensuspend:1.5.0.4 jym-xensuspend-base:1.5 netbsd-5-0-RC1:1.5 mjf-devfs2-base2:1.5 netbsd-5:1.5.0.2 netbsd-5-base:1.5 matt-mips64-base2:1.5 matt-mips64:1.4.0.26 netbsd-4-0-1-RELEASE:1.4.14.1 wrstuden-revivesa-base-3:1.5 wrstuden-revivesa-base-2:1.5 wrstuden-fixsa-newbase:1.4.4.1 wrstuden-revivesa-base-1:1.4 yamt-pf42-base4:1.4 yamt-pf42-base3:1.4 hpcarm-cleanup-nbase:1.4 yamt-pf42-baseX:1.4 yamt-pf42-base2:1.4 wrstuden-revivesa:1.4.0.24 wrstuden-revivesa-base:1.4 yamt-pf42:1.4.0.22 yamt-pf42-base:1.4 mjf-devfs2:1.4.0.20 mjf-devfs2-base:1.5 keiichi-mipv6:1.4.0.18 keiichi-mipv6-base:1.4 mjf-devfs:1.4.0.16 mjf-devfs-base:1.4 matt-armv6-nbase:1.4 matt-armv6-prevmlocking:1.4 wrstuden-fixsa-base-1:1.4 netbsd-4-0:1.4.0.14 netbsd-4-0-RELEASE:1.4 cube-autoconf:1.4.0.12 cube-autoconf-base:1.4 netbsd-4-0-RC5:1.4 netbsd-4-0-RC4:1.4 netbsd-4-0-RC3:1.4 netbsd-4-0-RC2:1.4 netbsd-4-0-RC1:1.4 matt-armv6:1.4.0.10 matt-armv6-base:1.4 matt-mips64-base:1.4 hpcarm-cleanup:1.4.0.8 hpcarm-cleanup-base:1.4 netbsd-3-1-1-RELEASE:1.2.2.2 netbsd-3-0-3-RELEASE:1.2.2.2 wrstuden-fixsa:1.4.0.6 wrstuden-fixsa-base:1.4.4.1 abandoned-netbsd-4-base:1.4 abandoned-netbsd-4:1.4.0.2 netbsd-3-1:1.2.2.2.0.4 netbsd-3-1-RELEASE:1.2.2.2 netbsd-3-0-2-RELEASE:1.2.2.2 netbsd-3-1-RC4:1.2.2.2 netbsd-3-1-RC3:1.2.2.2 netbsd-3-1-RC2:1.2.2.2 netbsd-3-1-RC1:1.2.2.2 netbsd-4:1.4.0.4 netbsd-4-base:1.4 netbsd-3-0-1-RELEASE:1.2.2.2 netbsd-3-0:1.2.2.2.0.2 netbsd-3-0-RELEASE:1.2.2.2 netbsd-3-0-RC6:1.2.2.2 netbsd-3-0-RC5:1.2.2.2 netbsd-3-0-RC4:1.2.2.2 netbsd-3-0-RC3:1.2.2.2 netbsd-3-0-RC2:1.2.2.2 netbsd-3-0-RC1:1.2.2.2 netbsd-3:1.2.0.2; locks; strict; comment @# @; 1.11 date 2024.03.07.14.21.03; author christos; state Exp; branches; next 1.10; commitid FfNRxMkhA6QLFe1F; 1.10 date 2020.10.11.22.14.55; author jnemeth; state Exp; branches 1.10.6.1; next 1.9; commitid 0IeHnYRpG86zfxrC; 1.9 date 2020.10.11.22.11.36; author jnemeth; state Exp; branches; next 1.8; commitid mq9WkwE6eyJeexrC; 1.8 date 2020.03.21.20.20.59; author christos; state Exp; branches; next 1.7; commitid VaI4sRz6x264bj1C; 1.7 date 2013.04.25.20.28.05; author christos; state Exp; branches 1.7.22.1 1.7.30.1 1.7.32.1; next 1.6; 1.6 date 2010.08.24.13.18.58; author christos; state Exp; branches 1.6.6.1 1.6.12.1; next 1.5; 1.5 date 2008.07.23.05.47.48; author dholland; state Exp; branches 1.5.2.1 1.5.6.1 1.5.10.1; next 1.4; 1.4 date 2006.03.23.13.50.44; author itojun; state Exp; branches 1.4.4.1 1.4.6.1 1.4.14.1 1.4.20.1 1.4.24.1; next 1.3; 1.3 date 2005.11.29.21.08.13; author christos; state Exp; branches; next 1.2; 1.2 date 2005.09.01.14.02.01; author rpaulo; state Exp; branches 1.2.2.1; next 1.1; 1.1 date 2005.08.30.10.58.33; author tron; state Exp; branches; next ; 1.10.6.1 date 2024.03.11.17.25.20; author martin; state Exp; branches; next ; commitid YA8j8f7wtg79zL1F; 1.7.22.1 date 2020.03.27.08.48.23; author sborrill; state Exp; branches; next ; commitid jUSOqt2rJBJj912C; 1.7.30.1 date 2020.04.08.14.03.56; author martin; state Exp; branches; next ; commitid Qli2aW9E74UFuA3C; 1.7.32.1 date 2020.03.27.08.43.42; author sborrill; state Exp; branches; next 1.7.32.2; commitid 70Wm28yRHq0N712C; 1.7.32.2 date 2024.03.11.17.37.42; author martin; state Exp; branches; next ; commitid YBwg2fSk4WcoDL1F; 1.6.6.1 date 2014.05.22.11.27.18; author yamt; state Exp; branches; next ; commitid spVi6gj5ReXSGwBx; 1.6.12.1 date 2013.06.23.06.26.21; author tls; state Exp; branches; next ; commitid OnlO1cBgtQRcIHUw; 1.5.2.1 date 2011.01.16.13.00.02; author bouyer; state Exp; branches; next ; 1.5.6.1 date 2011.01.16.13.00.34; author bouyer; state Exp; branches; next ; 1.5.10.1 date 2011.01.16.13.00.39; author bouyer; state Exp; branches; next ; 1.4.4.1 date 2008.07.24.22.33.22; author ghen; state Exp; branches; next ; 1.4.6.1 date 2008.09.04.08.46.41; author skrll; state Exp; branches; next ; 1.4.14.1 date 2008.07.24.22.34.12; author ghen; state Exp; branches; next ; 1.4.20.1 date 2008.10.05.20.11.18; author mjf; state Exp; branches; next ; 1.4.24.1 date 2008.09.18.04.41.08; author wrstuden; state Exp; branches; next ; 1.2.2.1 date 2005.09.01.14.02.01; author tron; state dead; branches; next 1.2.2.2; 1.2.2.2 date 2005.09.04.19.57.50; author tron; state Exp; branches; next ; desc @@ 1.11 log @remove obsolete option "dnssec-enable" @ text @# $NetBSD: named.conf,v 1.10 2020/10/11 22:14:55 jnemeth Exp $ # boot file for secondary name server # Note that there should be one primary entry for each SOA record. # If you cannot get DNSSEC to work, and you see the following message: # DNSKEY: verify failed due to bad signature (keyid=19036): \ # RRSIG validity period has not begun # Fix your clock. You can comment out the dnssec entries temporarily to # get to an ntp server. options { directory "/etc/namedb"; dnssec-validation auto; managed-keys-directory "keys"; bindkeys-file "bind.keys"; allow-recursion { localhost; localnets; }; max-udp-size 1220; edns-udp-size 1220; # # This forces all queries to come from port 53; might be # needed for firewall traversals but should be avoided if # at all possible because of the risk of spoofing attacks. # #query-source address * port 53; }; zone "." { type hint; file "root.cache"; }; zone "localhost" { type master; file "localhost"; }; zone "127.IN-ADDR.ARPA" { type master; file "127"; }; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" { type master; file "loopback.v6"; }; # example secondary server config: # # zone "Berkeley.EDU" { # type slave; # file "berkeley.edu.cache"; # masters { # 128.32.130.11; # 128.32.133.1; # }; # }; # zone "32.128.IN-ADDR.ARPA" { # type slave; # file "128.32.cache"; # masters { # 128.32.130.11; # 128.32.133.1; # }; # }; # example primary server config: # # zone "Berkeley.EDU" { # type master; # file "berkeley.edu"; # }; # zone "32.128.IN-ADDR.ARPA" { # type master; # file "128.32"; # }; @ 1.10 log @Also edns-udp-size. @ text @d1 1 a1 1 # $NetBSD: named.conf,v 1.9 2020/10/11 22:11:36 jnemeth Exp $ a12 1 dnssec-enable yes; @ 1.10.6.1 log @Pull up following revision(s) (requested by christos in ticket #622): etc/named.conf: revision 1.11 usr.sbin/postinstall/postinstall.in: revision 1.59 external/mpl/bind/dist/lib/isc/netmgr/netmgr-int.h: revision 1.11 usr.sbin/postinstall/postinstall.in: revision 1.60 usr.sbin/postinstall/postinstall.in: revision 1.61 Make sure that the extra field is maximally aligned since it is used for other struct storage. - fix named.conf (remove dnssec-enable option) - use proper local variables instead of adding _ or other prefixes. - centralize rm use - use grep -q instead of > /dev/null - reduce constant duplication no local in loops, simplify eval (thanks kre) postinstall: fix endless loop (since 2024-03-07) remove obsolete option "dnssec-enable" @ text @d1 1 a1 1 # $NetBSD: named.conf,v 1.10 2020/10/11 22:14:55 jnemeth Exp $ d13 1 @ 1.9 log @Set max-udp-size as per DNS flag day 2020, see https://www.isc.org/blogs/dns-flag-day-2020-2/ . @ text @d1 1 a1 1 # $NetBSD: named.conf,v 1.8 2020/03/21 20:20:59 christos Exp $ d19 1 @ 1.8 log @remove obsolete option @ text @d1 1 a1 1 # $NetBSD: named.conf,v 1.7 2013/04/25 20:28:05 christos Exp $ d18 1 @ 1.7 log @- read the root keys from our file - explain what happens if we get clock skew @ text @d1 1 a1 1 # $NetBSD: named.conf,v 1.6 2010/08/24 13:18:58 christos Exp $ a14 1 dnssec-lookaside auto; @ 1.7.30.1 log @Merge changes from current as of 20200406 @ text @d1 1 a1 1 # $NetBSD$ d15 1 @ 1.7.22.1 log @Pull up the following revisions(s) (requested by christos in ticket #1524): etc/named.conf: revision 1.8 Stop using obsolete dnssec-lookaside (implies use of dlv.isc.org, which no longer serves any useful purpose). @ text @d1 1 a1 1 # $NetBSD: named.conf,v 1.7 2013/04/25 20:28:05 christos Exp $ d15 1 @ 1.7.32.1 log @Pull up the following revisions(s) (requested by christos in ticket #806): etc/named.conf: revision 1.8 Stop using obsolete dnssec-lookaside (implies use of dlv.isc.org, which no longer serves any useful purpose). @ text @d1 1 a1 1 # $NetBSD: named.conf,v 1.7 2013/04/25 20:28:05 christos Exp $ d15 1 @ 1.7.32.2 log @Pull up following revision(s) (requested by christos in ticket #1813): etc/named.conf: revision 1.11 usr.sbin/postinstall/postinstall.in: revision 1.59 external/mpl/bind/dist/lib/isc/netmgr/netmgr-int.h: revision 1.11 Make sure that the extra field is maximally aligned since it is used for other struct storage. - fix named.conf (remove dnssec-enable option) - use proper local variables instead of adding _ or other prefixes. - centralize rm use - use grep -q instead of > /dev/null - reduce constant duplication remove obsolete option "dnssec-enable" @ text @d1 1 a1 1 # $NetBSD: named.conf,v 1.7.32.1 2020/03/27 08:43:42 sborrill Exp $ d13 1 @ 1.6 log @Enable dnssec, and populate managed-keys.bind @ text @d1 1 a1 1 # $NetBSD: named.conf,v 1.5 2008/07/23 05:47:48 dholland Exp $ d5 5 d14 1 a14 1 dnssec-validation yes; d17 1 @ 1.6.6.1 log @sync with head. for a reference, the tree before this commit was tagged as yamt-pagecache-tag8. this commit was splitted into small chunks to avoid a limitation of cvs. ("Protocol error: too many arguments") @ text @d1 1 a1 1 # $NetBSD: named.conf,v 1.6 2010/08/24 13:18:58 christos Exp $ a4 5 # If you cannot get DNSSEC to work, and you see the following message: # DNSKEY: verify failed due to bad signature (keyid=19036): \ # RRSIG validity period has not begun # Fix your clock. You can comment out the dnssec entries temporarily to # get to an ntp server. d9 1 a9 1 dnssec-validation auto; a11 1 bindkeys-file "bind.keys"; @ 1.6.12.1 log @resync from head @ text @d1 1 a1 1 # $NetBSD$ a4 5 # If you cannot get DNSSEC to work, and you see the following message: # DNSKEY: verify failed due to bad signature (keyid=19036): \ # RRSIG validity period has not begun # Fix your clock. You can comment out the dnssec entries temporarily to # get to an ntp server. d9 1 a9 1 dnssec-validation auto; a11 1 bindkeys-file "bind.keys"; @ 1.5 log @The default named.conf should not contain a query-source statement. Comment it out and describe what it's for and why not to use it. @ text @d1 1 a1 1 # $NetBSD: named.conf,v 1.4 2006/03/23 13:50:44 itojun Exp $ d8 4 @ 1.5.10.1 log @Pull up following revision(s) (requested by spz in ticket #1528): etc/named.conf: revision 1.6 etc/mtree/special: revision 1.133 Enable dnssec, and populate managed-keys.bind Add directory for bind's managed keys. @ text @d1 1 a1 1 # $NetBSD$ a7 4 dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; managed-keys-directory "keys"; @ 1.5.6.1 log @Pull up following revision(s) (requested by spz in ticket #1528): etc/named.conf: revision 1.6 etc/mtree/special: revision 1.133 Enable dnssec, and populate managed-keys.bind Add directory for bind's managed keys. @ text @d1 1 a1 1 # $NetBSD$ a7 4 dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; managed-keys-directory "keys"; @ 1.5.2.1 log @Pull up following revision(s) (requested by spz in ticket #1528): etc/named.conf: revision 1.6 etc/mtree/special: revision 1.133 Enable dnssec, and populate managed-keys.bind Add directory for bind's managed keys. @ text @d1 1 a1 1 # $NetBSD$ a7 4 dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; managed-keys-directory "keys"; @ 1.4 log @disable recursion by attackers (yes, attackers do use recursion to perform DoS). @ text @d1 1 a1 1 # $NetBSD: named.conf,v 1.3 2005/11/29 21:08:13 christos Exp $ a7 1 query-source address * port 53; d9 7 @ 1.4.20.1 log @Sync with HEAD. @ text @d1 1 a1 1 # $NetBSD$ d8 1 a9 7 # # This forces all queries to come from port 53; might be # needed for firewall traversals but should be avoided if # at all possible because of the risk of spoofing attacks. # #query-source address * port 53; @ 1.4.24.1 log @Sync with wrstuden-revivesa-base-2. @ text @d1 1 a1 1 # $NetBSD: named.conf,v 1.4 2006/03/23 13:50:44 itojun Exp $ d8 1 a9 7 # # This forces all queries to come from port 53; might be # needed for firewall traversals but should be avoided if # at all possible because of the risk of spoofing attacks. # #query-source address * port 53; @ 1.4.6.1 log @Sync with netbsd-4. @ text @d1 1 a1 1 # $NetBSD: named.conf,v 1.4.4.1 2008/07/24 22:33:22 ghen Exp $ d8 1 a9 7 # # This forces all queries to come from port 53; might be # needed for firewall traversals but should be avoided if # at all possible because of the risk of spoofing attacks. # #query-source address * port 53; @ 1.4.14.1 log @Pull up following revision(s) (requested by dholland in ticket #1169): etc/named.conf: revision 1.5 The default named.conf should not contain a query-source statement. Comment it out and describe what it's for and why not to use it. @ text @d1 1 a1 1 # $NetBSD$ d8 1 a9 7 # # This forces all queries to come from port 53; might be # needed for firewall traversals but should be avoided if # at all possible because of the risk of spoofing attacks. # #query-source address * port 53; @ 1.4.4.1 log @Pull up following revision(s) (requested by dholland in ticket #1169): etc/named.conf: revision 1.5 The default named.conf should not contain a query-source statement. Comment it out and describe what it's for and why not to use it. @ text @d1 1 a1 1 # $NetBSD$ d8 1 a9 7 # # This forces all queries to come from port 53; might be # needed for firewall traversals but should be avoided if # at all possible because of the risk of spoofing attacks. # #query-source address * port 53; @ 1.3 log @set the query source address to 53; with this setup, the vanilla config file will work in most situations. @ text @d1 1 a1 1 # $NetBSD: named.conf,v 1.2 2005/09/01 14:02:01 rpaulo Exp $ d9 1 @ 1.2 log @Remove the localhost ip6.int example since, as per RFC 4159, ip6.int is now depreciated. Discussedon tech-net. @ text @d1 1 a1 1 # $NetBSD: named.conf,v 1.1 2005/08/30 10:58:33 tron Exp $ d8 1 @ 1.2.2.1 log @file named.conf was added on branch netbsd-3 on 2005-09-04 19:57:50 +0000 @ text @d1 60 @ 1.2.2.2 log @Pull up following revision(s) (requested by jwise in ticket #725): etc/named.conf: revision 1.1 etc/namedb/named.conf: file removal etc/namedb/Makefile: revision 1.2 etc/Makefile: revision 1.314 distrib/sets/lists/etc/mi: revision 1.159 Move "named.conf" example configuration to "/etc" because that is where named(8) looks for it. You can now really get a caching name server by simply setting "named=yes" in "/etc/rc.conf" as documented in The NetBSD Guide. This fixes PR bin/30662 by Christian Hattemer. @ text @a0 65 # $NetBSD: named.conf,v 1.2.2.1 2005/09/04 19:57:50 tron Exp $ # boot file for secondary name server # Note that there should be one primary entry for each SOA record. options { directory "/etc/namedb"; }; zone "." { type hint; file "root.cache"; }; zone "localhost" { type master; file "localhost"; }; zone "127.IN-ADDR.ARPA" { type master; file "127"; }; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.int" { type master; file "loopback.v6"; }; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" { type master; file "loopback.v6"; }; # example secondary server config: # # zone "Berkeley.EDU" { # type slave; # file "berkeley.edu.cache"; # masters { # 128.32.130.11; # 128.32.133.1; # }; # }; # zone "32.128.IN-ADDR.ARPA" { # type slave; # file "128.32.cache"; # masters { # 128.32.130.11; # 128.32.133.1; # }; # }; # example primary server config: # # zone "Berkeley.EDU" { # type master; # file "berkeley.edu"; # }; # zone "32.128.IN-ADDR.ARPA" { # type master; # file "128.32"; # }; @ 1.1 log @Move "named.conf" example configuration to "/etc" because that is where named(8) looks for it. You can now really get a caching name server by simply setting "named=yes" in "/etc/rc.conf" as documented in The NetBSD Guide. This fixes PR bin/30662 by Christian Hattemer. @ text @d1 1 a1 1 # $NetBSD: named.conf,v 1.8 2002/02/26 08:48:35 itojun Exp $ a24 5 zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.int" { type master; file "loopback.v6"; }; @