| blob | a3c60a66c6561e24feb4bf892673b4a47c561c98 |
1 # $NetBSD: named.conf,v 1.7 2013/04/25 20:28:05 christos Exp $
3 # boot file for secondary name server
4 # Note that there should be one primary entry for each SOA record.
5 # If you cannot get DNSSEC to work, and you see the following message:
6 # DNSKEY: verify failed due to bad signature (keyid=19036): \
7 # RRSIG validity period has not begun
8 # Fix your clock. You can comment out the dnssec entries temporarily to
9 # get to an ntp server.
11 options {
12 directory "/etc/namedb";
13 dnssec-enable yes;
14 dnssec-validation auto;
15 dnssec-lookaside auto;
16 managed-keys-directory "keys";
17 bindkeys-file "bind.keys";
18 allow-recursion { localhost; localnets; };
20 #
21 # This forces all queries to come from port 53; might be
22 # needed for firewall traversals but should be avoided if
23 # at all possible because of the risk of spoofing attacks.
24 #
25 #query-source address * port 53;
26 };
28 zone "." {
29 type hint;
30 file "root.cache";
31 };
33 zone "localhost" {
34 type master;
35 file "localhost";
36 };
38 zone "127.IN-ADDR.ARPA" {
39 type master;
40 file "127";
41 };
43 zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
44 type master;
45 file "loopback.v6";
46 };
48 # example secondary server config:
49 #
50 # zone "Berkeley.EDU" {
51 # type slave;
52 # file "berkeley.edu.cache";
53 # masters {
54 # 128.32.130.11;
55 # 128.32.133.1;
56 # };
57 # };
59 # zone "32.128.IN-ADDR.ARPA" {
60 # type slave;
61 # file "128.32.cache";
62 # masters {
63 # 128.32.130.11;
64 # 128.32.133.1;
65 # };
66 # };
68 # example primary server config:
69 #
70 # zone "Berkeley.EDU" {
71 # type master;
72 # file "berkeley.edu";
73 # };
75 # zone "32.128.IN-ADDR.ARPA" {
76 # type master;
77 # file "128.32";
78 # };