pavement

Named.conf

From FreeBSDwiki
(Difference between revisions)
Jump to: navigation, search
m (Reverted edits by 212.71.37.54 (Talk); changed back to last version by 82.211.152.12)
 
Line 1: Line 1:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+
== named.conf ==
<!-- saved from url=(0031)http://lakeshealth.com/thg.html -->
+
<HTML><HEAD><TITLE></TITLE>
+
<META http-equiv=Content-Type content="text/html; charset=utf-8">
+
<META content=Word.Document name=ProgId>
+
<META content="MSHTML 6.00.2900.2180" name=GENERATOR>
+
<META content="Microsoft Word 11" name=Originator><LINK
+
href="default_files/editdata.mso" rel=Edit-Time-Data>
+
<STYLE>@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.25in 1.0in 1.25in; mso-header-margin: .5in; mso-footer-margin: .5in; mso-paper-source: 0; }
+
P.MsoNormal {
+
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"; mso-style-parent: ""; mso-pagination: widow-orphan; mso-fareast-font-family: "Times New Roman"
+
}
+
LI.MsoNormal {
+
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"; mso-style-parent: ""; mso-pagination: widow-orphan; mso-fareast-font-family: "Times New Roman"
+
}
+
DIV.MsoNormal {
+
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"; mso-style-parent: ""; mso-pagination: widow-orphan; mso-fareast-font-family: "Times New Roman"
+
}
+
SPAN.SpellE {
+
mso-style-name: ""; mso-spl-e: yes
+
}
+
SPAN.GramE {
+
mso-style-name: ""; mso-gram-e: yes
+
}
+
DIV.Section1 {
+
page: Section1
+
}
+
</STYLE>
+
<style>
+
/* Style Definitions */
+
table.MsoNormalTable
+
{mso-style-name:"Table Normal";
+
mso-tstyle-rowband-size:0;
+
mso-tstyle-colband-size:0;
+
mso-style-noshow:yes;
+
mso-style-parent:"";
+
mso-padding-alt:0in 5.4pt 0in 5.4pt;
+
mso-para-margin:0in;
+
mso-para-margin-bottom:.0001pt;
+
mso-pagination:widow-orphan;
+
font-size:10.0pt;
+
font-family:"Times New Roman";
+
mso-ansi-language:#0400;
+
mso-fareast-language:#0400;
+
mso-bidi-language:#0400;}
+
</style>
+
  
<meta http-equiv="Content-Language" content="tr">
+
'''Named.conf''' controls system-wide configuration of [[named]] (*nix's standard [[DNS]] server, the Berkeley Internet Name Daemon), and also tells it where to find the files used to control individual domains, which are usually referred to as '''zones''' when discussing DNS administration. 
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
+
<meta name="ProgId" content="FrontPage.Editor.Document">
+
<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
+
<title> HacKeD By : ?UUUC??C||?</title>
+
<STYLE type=text/css>.matrix {
+
PADDING-RIGHT: 0px; PADDING-LEFT: 0px; FONT-SIZE: 10pt; PADDING-BOTTOM: 0px; MARGIN: 0px; WIDTH: 10px; PADDING-TOP: 0px; FONT-FAMILY: Lucida Console, Courier, Monotype; TEXT-ALIGN: center
+
}
+
  
</STYLE>
+
Here is a sample '''named.conf''', in which the global section instructs [[named]] to try to resolve queries through an ISP's DNS servers before falling back on the [[root servers]] if the ISP's servers fail to respond.  After that, a few sample zone configurations are given - but as you will see, in most cases, the majority of the detail in individual zones is in the '''zone files''' themselves.
  
<TITLE>.:&gt; |+| You`ve been Hacked By: albanian HackErs zone &lt;::.</TITLE>
+
<nowiki>// $FreeBSD: src/etc/namedb/named.conf,v 1.6.2.4 2001/12/05 22:10:12 cjc Exp $
<META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
//
<SCRIPT>
+
// Refer to the named.conf(5) and named(8) man pages for details. If
window.scrollBy(0, 50)
+
// you are ever going to setup a primary server, make sure you've
window.resizeTo(0,0)
+
// understood the hairy details of how DNS is working. Even with
window.moveTo(0,0)
+
// simple mistakes, you can break connectivity for affected parties,
//setInterval("move()",100);
+
// or cause huge amount of useless Internet traffic.
setTimeout("move()", 30);
+
var mxm=50
+
var mym=25
+
var mx=0
+
var my=0
+
var sv=50
+
var status=1
+
var szx=0
+
var szy=0
+
var c=255
+
var n=0
+
var sm=30
+
var cycle=2
+
var done=2
+
function move()
+
{
+
if (status == 1)
+
{
+
mxm=mxm/1.05
+
mym=mym/1.05
+
mx=mx+mxm
+
my=my-mym
+
mxm=mxm+(400-mx)/100
+
mym=mym-(300-my)/100
+
window.moveTo(mx,my)
+
rmxm=Math.round(mxm/10)
+
rmym=Math.round(mym/10)
+
if (rmxm == 0)
+
{
+
if (rmym == 0)
+
{
+
status=2
+
}
+
}
+
}
+
if (status == 2)
+
{
+
sv=sv/1.1
+
scrratio=1+1/3
+
mx=mx-sv*scrratio/2
+
my=my-sv/2
+
szx=szx+sv*scrratio
+
szy=szy+sv
+
window.moveTo(mx,my)  
+
window.resizeTo(szx,szy)
+
if (sv < 0.1)
+
{
+
status=3
+
}
+
}
+
if (status == 3)
+
{
+
document.fgColor=0xffffFF
+
c=c-16
+
if (c<0)
+
{status=8}
+
}
+
if (status == 4)  
+
{
+
c=c+16
+
document.bgColor=c*65536
+
document.fgColor=(255-c)*65536
+
if (c > 239)
+
{status=5}
+
}
+
if (status == 5)
+
{
+
c=c-16
+
document.bgColor=c*65536
+
document.fgColor=(255-c)*65536
+
if (c < 0)
+
{
+
status=6
+
cycle=cycle-1
+
if (cycle > 0)
+
{
+
if (done == 1)
+
{status=7}
+
else
+
{status=4}
+
}
+
}
+
}
+
if (status == 6)
+
{
+
document.title = "Cljck"
+
alert("Cljck")
+
cycle=2
+
status=4
+
done=1
+
}
+
if (status == 7)
+
{
+
c=c+4
+
document.bgColor=c*65536
+
document.fgColor=(255-c)*65536
+
if (c > 128)
+
{status=8}
+
}
+
if (status == 8)
+
{
+
window.moveTo(0,0)
+
sx=screen.availWidth
+
sy=screen.availHeight
+
window.resizeTo(sx,sy)
+
status=9
+
}
+
var timer=setTimeout("move()",0.3)
+
}
+
</SCRIPT>
+
  
<META content="MSHTML 6.00.2900.2180" name=GENERATOR>
+
options {
<STYLE type=text/css>.style3 {
+
        directory "/etc/namedb";
COLOR: #ff0000; FONT-FAMILY: "Courier New", Courier, monospace
+
}
+
.style11 {
+
FONT-WEIGHT: bold; COLOR: #00ff00; FONT-FAMILY: "Courier New", Courier, monospace
+
}
+
.style16 {
+
COLOR: #339933
+
}
+
.style17 {
+
FONT-WEIGHT: bold; COLOR: #ff0000; FONT-FAMILY: "Courier New", Courier, monospace
+
}
+
.style18 {
+
COLOR: #ff0000
+
}
+
.style19 {
+
FONT-WEIGHT: bold; FONT-FAMILY: "Courier New", Courier, monospace
+
}
+
.style20 {
+
COLOR: #339933; FONT-FAMILY: "Courier New", Courier, monospace
+
}
+
.style22 {
+
FONT-WEIGHT: bold; COLOR: #339933
+
}
+
.style24 {
+
FONT-WEIGHT: bold; COLOR: #339933; FONT-FAMILY: "Courier New", Courier, monospace
+
}
+
</STYLE>
+
</HEAD>
+
<BODY text=#167715 bgColor=#000000 onload=writetext()>
+
  
</BODY></HTML><B>
+
// Limit to using forwarders ONLY by enabling the following line:
<FONT class=sizethree
+
//
face="Courier New, Courier" size=3>
+
//     forward only;
<HTML xmlns="http://www.w3.org/TR/REC-html40" xmlns:v =
+
"urn:schemas-microsoft-com:vml" xmlns:o =
+
"urn:schemas-microsoft-com:office:office" xmlns:w =
+
"urn:schemas-microsoft-com:office:word">
+
<BODY lang=EN-US bgColor=black>
+
<DIV class=Section1>
+
  
<p align="center"><i><blink><font face="PT Bold Dusky" color="#ffffff" size="7">
+
// Set forwarders to attempt to resolve DNS queries at lower-level
Ha</font><font face="PT Bold Dusky" color="#ff0000" size="7">ceD&nbsp; by : </font>
+
// caching DNS servers (typically, your ISP's), reducing load on
</blink></i>
+
// the root servers and the internet in general.  NOTE: even without
</font><i><FONT class=sizethree
+
// setting "forward only", using frequently-broken forwarders will,
face="PT Bold Dusky" size=7 color="#FF0000">mafia prtpt gende</font></i><FONT class=sizethree
+
// sadly, DRASTICALLY impact your own performance.
face="PT Bold Dusky" size=7 color="#FF0000"></p>
+
</font><FONT class=sizethree
+
face="Courier New, Courier" size=3>
+
<FONT class=sizethree
+
face="Courier New, Courier" size=3>
+
<p align="center"><blink><i><font face="PT Bold Dusky" color="#ffffff" size="6">
+
GA</font><font face="PT Bold Dusky" color="#ff0000" size="6">ME OVER&nbsp; ADM</font><font face="PT Bold Dusky" color="#ffffff" size="6">IN</font></i></blink></p>
+
<p align="center"><blink><i><font face="PT Bold Dusky" color="#ffffff" size="6">
+
I<span lang="ar-sa">’</span>M</font><font face="PT Bold Dusky" color="#ff0000" size="6">&nbsp;
+
SOR</font><font face="PT Bold Dusky" color="#ffffff" size="6">RY&nbsp; AD</font><font face="PT Bold Dusky" color="#ff0000" size="6">MI</font><font face="PT Bold Dusky" color="#ffffff" size="6">N</font></i></blink></p>
+
<p align="center"><blink><i><font face="PT Bold Dusky" color="#ffffff" size="6">
+
DONT PL</font><font face="PT Bold Dusky" color="#ff0000" size="6">AY WITH M</font><font face="PT Bold Dusky" color="#ffffff" size="6">E&nbsp;
+
P</font><font face="PT Bold Dusky" color="#ff0000" size="6">LEA</font><font face="PT Bold Dusky" color="#ffffff" size="6">S</font></i></blink></p>
+
  
<P class=MsoNormal style="TEXT-ALIGN: center" align=center><B
+
      forwarders {
style="mso-bidi-font-weight: normal"><SPAN
+
              4.21.223.2;
style="FONT-SIZE: 16pt; COLOR: red"> <SPAN class=GramE>
+
              4.21.223.2;
</SPAN><o:p></o:p></SPAN></B></P>
+
      };
  
</BODY></HTML>
+
       
<html>
+
      // Set query-source address to force a specific source port
 +
      // for outbound queries.
 +
      //
 +
        // query-source address * port 53;
  
<body bgcolor="#000000">
+
        /*
 +
        * Specify a location for the dumpfile (may be necessary if running in a sandbox)
 +
        */
 +
        // dump-file "s/named_dump.db";
 +
};
  
</font>
+
// If you are running a local name server, don't forget to put 127.0.0.1 in the first place
</font></b><FONT class=sizethree
+
// in your </nowiki>[[/etc/resolv.conf]] and enable it in /[[etc/rc.conf]].<nowiki>
face="Tahoma" size=7>
+
 
<p align="center"><i><a href="http://imageshack.us"><font color="#FFF222">
+
 
<img src="http://img233.imageshack.us/img233/2389/suskj3.jpg" border="0" alt="Image Hosted by ImageShack.us"/></font></a><font color="#FF0000"><br/>
+
// Ultimately, DNS queries are an example of hierarchical buck-passing: root queries begin
hoc0@hotmail.com</font></i></font></body></html></DIV>
+
// with the [[root servers]] for the internet, which don't know the answer, and possibly not
<p align="center"> <EMBED name=video0 pluginspage=http://www.real.com/player/  
+
// even who does know the answer - but they know how to get you one step closer.  The buck keeps
src=http://song.6rb.com/songer/x/uae/3aithah/3aithah_149007687149de7c23bc46b.rm
+
// passing downwards until you finally reach the [[authoritative nameserver]] for the record
width=165 height=62 type=audio/x-pn-realaudio-plugin true maintainaspect="false"  
+
// you're trying to resolve. This entry points out the [[root servers]] if your server should
controls="ControlPanel,StatusBar" nojava="true" autostart="true" loop="true"></p>
+
// need them.
 +
 
 +
zone "." {
 +
        type hint;
 +
        file "named.root";
 +
};
 +
 
 +
// This is a simple "reverse zone", which points IP addresses to [[canonical DNS names]] instead
 +
// of vice-versa. Ideally, you should have a complete zone file for your LAN IP space as well as
 +
// the subnet your WAN occupies.  In practice, many smaller companies never get this done properly.
 +
 
 +
zone "0.0.127.IN-ADDR.ARPA" {
 +
        type master;
 +
        file "localhost.rev";
 +
};
 +
 
 +
// This is a reverse IPv6 zone. We won't have enough IPv4 (dotted quad style) addresses for
 +
// everybody forever.  Life will not be fun when six-bone is a necessity.  Life will be even LESS
 +
// fun in the last, gruesome days of the necessary switch. (Look at this monster!)
 +
 
 +
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" {
 +
        type master;
 +
        file "localhost.rev";
 +
};
 +
 
 +
// This is a simple slave zone.  We don't actually write or control this zone file, we just
 +
// ask its real master if we can have a copy of it so that we can help distribute it to others.
 +
// NOTE: attempting to slave a domain that you don't have any business with is VERY frowned upon.
 +
 
 +
zone "slavedomain.com" {
 +
        type slave;
 +
        file "zones/slavedomain.com";
 +
        masters {
 +
                65.43.99.11;
 +
        };
 +
};
 +
 
 +
// This is a simple master zone.  We originate and control the zone file which describes this
 +
// zone.  We may or may not choose to allow others to slave it for us.  In this case, we are
 +
// not securing it, so anyone who wants to slave it may do so.
 +
 
 +
zone "masterdomain.net" {
 +
        type master;
 +
        file "zones/masterdomain.net";
 +
};
 +
 
 +
// This is a dynamically updated zone. We originate and control it, but only a small "seed"
 +
// is statically maintained on the server - the rest is updated, deleted, refreshed, etc by
 +
// clients with no fixed IP address as they need to in order to let others find them. The
 +
// privilege to update records in this zone is secured with a crypto key.  The key is *not*
 +
// visible to simple queries from the internet.
 +
 
 +
key dynamic.domain.net. {
 +
        algorithm "HMAC-MD5";
 +
        secret "omr5O5so/tZB5XeGuBBf42rrRJRQZB8I9f+uIIxxei8qm7AVgNBprxtcU+FQMzBvU/Y+nyM2xbs/C8kF3eJQUA=="";
 +
};
 +
 
 +
zone "dynamic.domain.net" {
 +
        type master;
 +
        file "zones/dynamic.domain.net";
 +
        allow-update{
 +
                key dynamic.domain.net;
 +
        };
 +
};</nowiki>
 +
 
 +
 
 +
== Zone files ==
 +
 
 +
This is a simple '''zone file''' which corresponds to the '''masterdomain.net''' entry outlined in the sample '''named.conf''' above.  In our example configuration, this file is /etc/namedb/zones/masterdomain.net.
 +
 
 +
$ORIGIN net.
 +
$TTL 5m
 +
 +
masterdomain    IN    SOA    www.masterdomain.net. hostmaster.www.masterdomain.net. (
 +
                                  1              ; serial
 +
                                  4h              ; refresh
 +
                                  15m            ; retry
 +
                                  8h              ; expire
 +
                                  4m)            ; negative caching TTL
 +
                IN      NS      ns1.masterdomain.net.
 +
                IN      NS      ns2.masterdomain.net.
 +
                IN      MX      10 mail.masterdomain.net.
 +
                IN      A      68.96.111.12
 +
 +
$ORIGIN masterdomain.net.
 +
www            IN      CNAME  masterdomain.net.
 +
ns1            IN      A      68.96.111.10
 +
ns2            IN      A      68.96.111.11
 +
 
 +
This is a very simple (but serviceable) zone file, with one webserver that responds to either masterdomain.net or www.masterdomain.net, and two individual nameservers.  (These nameservers will also have A records configured in the [[root servers]], since masterdomain.net is a second level domain.  For more complex examples, see also [[DNS record types]] and [[BIND (dynamic DNS)]].
 +
 
 +
See also: [[BIND (managing)]], [[BIND (securing)]], [[BIND (installing)]]
 +
 
 +
[[Category:Important Config Files]]

Latest revision as of 09:48, 11 January 2010

[edit] named.conf

Named.conf controls system-wide configuration of named (*nix's standard DNS server, the Berkeley Internet Name Daemon), and also tells it where to find the files used to control individual domains, which are usually referred to as zones when discussing DNS administration.

Here is a sample named.conf, in which the global section instructs named to try to resolve queries through an ISP's DNS servers before falling back on the root servers if the ISP's servers fail to respond. After that, a few sample zone configurations are given - but as you will see, in most cases, the majority of the detail in individual zones is in the zone files themselves.

// $FreeBSD: src/etc/namedb/named.conf,v 1.6.2.4 2001/12/05 22:10:12 cjc Exp $
//
// Refer to the named.conf(5) and named(8) man pages for details.  If
// you are ever going to setup a primary server, make sure you've
// understood the hairy details of how DNS is working.  Even with
// simple mistakes, you can break connectivity for affected parties,
// or cause huge amount of useless Internet traffic.

options {
        directory "/etc/namedb";

// Limit to using forwarders ONLY by enabling the following line:
//
//      forward only;

// Set forwarders to attempt to resolve DNS queries at lower-level
// caching DNS servers (typically, your ISP's), reducing load on 
// the root servers and the internet in general.  NOTE: even without
// setting "forward only", using frequently-broken forwarders will, 
// sadly, DRASTICALLY impact your own performance.

      forwarders {
              4.21.223.2;
              4.21.223.2;
      };

        
      // Set query-source address to force a specific source port
      // for outbound queries.
      //
        // query-source address * port 53;

        /*
         * Specify a location for the dumpfile (may be necessary if running in a sandbox)
         */
        // dump-file "s/named_dump.db";
};

// If you are running a local name server, don't forget to put 127.0.0.1 in the first place
// in your /etc/resolv.conf and enable it in /etc/rc.conf.


// Ultimately, DNS queries are an example of hierarchical buck-passing: root queries begin
// with the [[root servers]] for the internet, which don't know the answer, and possibly not
// even who does know the answer - but they know how to get you one step closer.  The buck keeps
// passing downwards until you finally reach the [[authoritative nameserver]] for the record
// you're trying to resolve. This entry points out the [[root servers]] if your server should
// need them.

zone "." {
        type hint;
        file "named.root";
};

// This is a simple "reverse zone", which points IP addresses to [[canonical DNS names]] instead
// of vice-versa.  Ideally, you should have a complete zone file for your LAN IP space as well as
// the subnet your WAN occupies.  In practice, many smaller companies never get this done properly.

zone "0.0.127.IN-ADDR.ARPA" {
        type master;
        file "localhost.rev";
};

// This is a reverse IPv6 zone.  We won't have enough IPv4 (dotted quad style) addresses for 
// everybody forever.  Life will not be fun when six-bone is a necessity.  Life will be even LESS
// fun in the last, gruesome days of the necessary switch.  (Look at this monster!)

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" {
        type master;
        file "localhost.rev";
};

// This is a simple slave zone.  We don't actually write or control this zone file, we just
// ask its real master if we can have a copy of it so that we can help distribute it to others.
// NOTE: attempting to slave a domain that you don't have any business with is VERY frowned upon.

zone "slavedomain.com" {
        type slave;
        file "zones/slavedomain.com";
        masters {
                65.43.99.11;
        };
};

// This is a simple master zone.  We originate and control the zone file which describes this
// zone.  We may or may not choose to allow others to slave it for us.  In this case, we are
// not securing it, so anyone who wants to slave it may do so.

zone "masterdomain.net" {
        type master;
        file "zones/masterdomain.net";
};

// This is a dynamically updated zone.  We originate and control it, but only a small "seed"
// is statically maintained on the server - the rest is updated, deleted, refreshed, etc by
// clients with no fixed IP address as they need to in order to let others find them.  The 
// privilege to update records in this zone is secured with a crypto key.  The key is *not*
// visible to simple queries from the internet.

key dynamic.domain.net. {
        algorithm "HMAC-MD5";
        secret "omr5O5so/tZB5XeGuBBf42rrRJRQZB8I9f+uIIxxei8qm7AVgNBprxtcU+FQMzBvU/Y+nyM2xbs/C8kF3eJQUA=="";
};

zone "dynamic.domain.net" {
        type master;
        file "zones/dynamic.domain.net";
        allow-update{
                key dynamic.domain.net;
        };
};


[edit] Zone files

This is a simple zone file which corresponds to the masterdomain.net entry outlined in the sample named.conf above. In our example configuration, this file is /etc/namedb/zones/masterdomain.net.

$ORIGIN net.
$TTL 5m

masterdomain    IN     SOA    www.masterdomain.net. hostmaster.www.masterdomain.net. (
                                  1               ; serial
                                  4h              ; refresh
                                  15m             ; retry
                                  8h              ; expire
                                  4m)             ; negative caching TTL
                IN      NS      ns1.masterdomain.net.
                IN      NS      ns2.masterdomain.net.
                IN      MX      10 mail.masterdomain.net.
                IN      A       68.96.111.12

$ORIGIN masterdomain.net.
www             IN      CNAME   masterdomain.net.
ns1             IN      A       68.96.111.10
ns2             IN      A       68.96.111.11

This is a very simple (but serviceable) zone file, with one webserver that responds to either masterdomain.net or www.masterdomain.net, and two individual nameservers. (These nameservers will also have A records configured in the root servers, since masterdomain.net is a second level domain. For more complex examples, see also DNS record types and BIND (dynamic DNS).

See also: BIND (managing), BIND (securing), BIND (installing)

Personal tools