Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-4]: src/dist/bind/bin/named Pull up revisions 1.1-1.2 (new) (re...
details: https://anonhg.NetBSD.org/src/rev/82f731aee4c3
branches: netbsd-1-4
changeset: 469782:82f731aee4c3
user: he <he%NetBSD.org@localhost>
date: Sat Dec 04 16:54:04 1999 +0000
description:
Pull up revisions 1.1-1.2 (new) (requested by christos and veego):
Update to BIND 8.2.2-P5.
diffstat:
dist/bind/bin/named/named.conf | 457 +++++++++++++++++++++++++++++++++++++++++
1 files changed, 457 insertions(+), 0 deletions(-)
diffs (truncated from 461 to 300 lines):
diff -r 9f29bde73a82 -r 82f731aee4c3 dist/bind/bin/named/named.conf
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/dist/bind/bin/named/named.conf Sat Dec 04 16:54:04 1999 +0000
@@ -0,0 +1,457 @@
+/* $NetBSD: named.conf,v 1.2.2.2 1999/12/04 16:54:04 he Exp $ */
+/*
+ * This is a worthless, nonrunnable example of a named.conf file that has
+ * every conceivable syntax element in use. We use it to test the parser.
+ * It could also be used as a conceptual template for users of new features.
+ */
+
+/*
+ * C-style comments are OK
+ */
+
+// So are C++-style comments
+
+# So are shell-style comments
+
+// watch out for ";" -- it's important!
+
+options {
+ directory "."; // use current directory
+ named-xfer "/usr/libexec/named-xfer"; // _PATH_XFER
+ dump-file "named_dump.db"; // _PATH_DUMPFILE
+ pid-file "/var/run/named.pid"; // _PATH_PIDFILE
+ statistics-file "named.stats"; // _PATH_STATS
+ memstatistics-file "named.memstats"; // _PATH_MEMSTATS
+ check-names master fail;
+ check-names slave warn;
+ check-names response ignore;
+ host-statistics no;
+ deallocate-on-exit no; // Painstakingly deallocate all
+ // objects when exiting instead of
+ // letting the OS clean up for us.
+ // Useful a memory leak is suspected.
+ // Final statistics are written to the
+ // memstatistics-file.
+ datasize default;
+ stacksize default;
+ coresize default;
+ files unlimited;
+ recursion yes;
+ fetch-glue yes;
+ fake-iquery no;
+ notify yes; // send NOTIFY messages. You can set
+ // notify on a zone-by-zone
+ // basis in the "zone" statement
+ // see (below)
+ max-serial-queries 4; // number of parallel SOA queries
+ // we can have outstanding for master
+ // zone change testing purposes
+ auth-nxdomain yes; // always set AA on NXDOMAIN.
+ // don't set this to 'no' unless
+ // you know what you're doing -- older
+ // servers won't like it.
+ multiple-cnames no; // if yes, then a name my have more
+ // than one CNAME RR. This use
+ // is non-standard and is not
+ // recommended, but it is available
+ // because previous releases supported
+ // it and it was used by large sites
+ // for load balancing.
+ allow-query { any; };
+ allow-transfer { any; };
+ transfers-in 10; // DEFAULT_XFERS_RUNNING, cannot be
+ // set > than MAX_XFERS_RUNNING (20)
+ transfers-per-ns 2; // DEFAULT_XFERS_PER_NS
+ transfers-out 0; // not implemented
+ max-transfer-time-in 120; // MAX_XFER_TIME; the default number
+ // of minutes an inbound zone transfer
+ // may run. May be set on a per-zone
+ // basis.
+ /*
+ * The "transfer-format" option specifies the way outbound zone
+ * transfers (i.e. from us to them) are formatted. Two values are
+ * allowed:
+ *
+ * one-answer Each RR gets its own DNS message.
+ * This format is not very efficient,
+ * but is widely understood. All
+ * versions of BIND prior to 8.1 generate
+ * this format for outbound zone
+ * and require it on inbound transfers.
+ *
+ * many-answers As many RRs as will fit are put into
+ * each DNS message. This format is
+ * the most efficient, but is only known
+ * to work with BIND 8. Patches to
+ * BIND 4.9.5 named-xfer that enable it
+ * to understand 'many-answers' will be
+ * available.
+ *
+ * If you are going to be doing zone transfers to older servers, you
+ * shouldn't use 'many-answers'. 'transfer-format' may also be set
+ * on a host-by-host basis using the 'server' statement (see below).
+ */
+ transfer-format one-answer;
+ query-source address * port *;
+ /*
+ * The "forward" option is only meaningful if you've defined
+ * forwarders. "first" gives the normal BIND
+ * forwarding behavior, i.e. ask the forwarders first, and if that
+ * doesn't work then do the full lookup. You can also say
+ * "forward only;" which is what used to be specified with
+ * "slave" or "options forward-only". "only" will never attempt
+ * a full lookup; only the forwarders will be used.
+ */
+ forward first;
+ forwarders { }; // default is no forwarders
+ /*
+ * Here's a forwarders example that isn't trivial
+ */
+ /*
+ forwarders {
+ 1.2.3.4;
+ 5.6.7.8;
+ };
+ */
+ topology { localhost; localnets; }; // prefer local nameservers
+ /*
+ * Here's a more complicated topology example; it's commented out
+ * because only one topology block is allowed.
+ *
+ topology {
+ 10/8; // prefer network 10.0.0.0
+ // netmask 255.0.0.0 most
+ !1.2.3/24; // don't like 1.2.3.0 netmask
+ // 255.255.255.0 at all
+ { 1.2/16; 3/8; }; // like 1.2.0.0 netmask 255.255.0.0
+ // and 3.0.0.0 netmask 255.0.0.0
+ // equally well, but less than 10/8
+ };
+ */
+
+ listen-on port 53 { any; }; // listen for queries on port 53 on
+ // any interface on the system
+ // (i.e. all interfaces). The
+ // "port 53" is optional; if you
+ // don't specify a port, port 53
+ // is assumed.
+ /*
+ * Multiple listen-on statements are allowed. Here's a more
+ * complicated example:
+ */
+ /*
+ listen-on { 5.6.7.8; }; // listen on port 53 on interface
+ // 5.6.7.8
+ listen-on port 1234 { // listen on port 1234 on any
+ !1.2.3.4; // interface on network 1.2.3
+ 1.2.3/24; // netmask 255.255.255.0, except for
+ }; // interface 1.2.3.4.
+ */
+
+ /*
+ * Interval Timers
+ */
+ cleaning-interval 60; // clean the cache of expired RRs
+ // every 'cleaning-interval' minutes
+ interface-interval 60; // scan for new or deleted interfaces
+ // every 'interface-interval' minutes
+ statistics-interval 60; // log statistics every
+ // 'statistics-interval' minutes
+ /*
+ * IXFR options
+ */
+ maintain-ixfr-base no; // If yes, keep transaction log file for IXFR
+ max-ixfr-log-size 20; // Not implemented, maximum size the
+ // IXFR transaction log file to grow
+};
+
+/*
+ * Control listeners, for "ndc". Every nameserver needs at least one.
+ */
+controls {
+ inet * port 52 allow { any; }; // a bad idea
+ unix "/var/run/ndc" perm 0600 owner 0 group 0; // the default
+};
+
+zone "master.demo.zone" {
+ type master; // what used to be called "primary"
+ file "master.demo.zone";
+ check-names fail;
+ allow-update { none; };
+ allow-transfer { any; };
+ allow-query { any; };
+ // notify yes; // send NOTIFY messages for this
+ // zone? The global option is used
+ // if "notify" is not specified
+ // here.
+ also-notify { }; // don't notify any nameservers other
+ // than those on the NS list for this
+ // zone
+};
+
+zone "slave.demo.zone" {
+ type slave; // what used to be called "secondary"
+ file "slave.demo.zone";
+ ixfr-base "slave.demo.zone.ixfr"; // File name for IXFR transaction log file
+ masters {
+ 1.2.3.4; // where to zone transfer from
+ 5.6.7.8;
+ };
+ transfer-source 10.0.0.53; // fixes multihoming problems
+ check-names warn;
+ allow-update { none; };
+ allow-transfer { any; };
+ allow-query { any; };
+ max-transfer-time-in 120; // if not set, global option is used.
+ also-notify { }; // don't notify any nameservers other
+ // than those on the NS list for this
+ // zone
+};
+
+zone "stub.demo.zone" {
+ type stub; // stub zones are like slave zones,
+ // except that only the NS records
+ // are transferred.
+ file "stub.demo.zone";
+ masters {
+ 1.2.3.4; // where to zone transfer from
+ 5.6.7.8;
+ };
+ check-names warn;
+ allow-update { none; };
+ allow-transfer { any; };
+ allow-query { any; };
+ max-transfer-time-in 120; // if not set, global option is used.
+};
+
+zone "." {
+ type hint; // used to be specified w/ "cache"
+ file "cache.db";
+ pubkey 257 255 1 "AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP/rick6gvEer5VcDEkLR5Q==";
+};
+
+trusted-keys {
+ . 257 255 1 "AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP/rick6gvEer5VcDEkLR5Q==";
+};
+
+
+acl can_query { !1.2.3/24; any; }; // network 1.2.3.0 mask 255.255.255.0
+ // is disallowed; rest are OK
+acl can_axfr { 1.2.3.4; can_query; }; // host 1.2.3.4 and any host allowed
+ // by can_query are OK
+
+zone "non-default-acl.demo.zone" {
+ type master;
+ file "foo";
+ allow-query { can_query; };
+ allow-transfer { can_axfr; };
+ allow-update {
+ 1.2.3.4;
+ 5.6.7.8;
+ };
+};
+
+key sample_key { // for TSIG
+ algorithm hmac-md5; // hmac-md5 is the supported algorithm
+ secret "abcdefgh"; // base 64 encoded secret
+};
+
+key key2 {
+ algorithm hmac-md5;
+ secret "87654321";
+};
+
+acl key_acl { key sample_key; }; // a request signed with sample_key
+
+server 1.2.3.4 {
+ bogus no; // if yes, we won't query or listen
+ // to this server
+ transfer-format one-answer; // set transfer format for this
+ // server (see the description of
+ // 'transfer-format' above)
+ // if not specified, the global option
+ // will be used
+ transfers 0; // not implemented
+ keys { sample_key; key2; }; // for TSIG; sign requests to this
+ // server with this key
+ support-ixfr yes; // for IXFR supported by server
+ // if yes, the listed server talks IXFR
+};
+
+logging {
+ /*
+ * All log output goes to one or more "channels"; you can make as
+ * many of them as you want.
+ */
+
+ channel syslog_errors { // this channel will send errors or
+ syslog user; // or worse to syslog (user facility)
+ severity error;
+ };
+
+ /*
+ * Channels have a severity level. Messages at severity levels
+ * greater than or equal to the channel's level will be logged on
+ * the channel. In order of decreasing severity, the levels are:
+ *
Home |
Main Index |
Thread Index |
Old Index