- fixed named.conf.sample file (#437569)F-9-start

2 files changed, 14 insertions, 16 deletions

diff --git a/bind.spec b/bind.spec
index 248ba31..c73cc25 100644
--- a/bind.spec
+++ b/bind.spec
@@ -18,7 +18,7 @@ Summary: 	The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
 Name: 		bind
 License: 	ISC
 Version: 	9.5.0
-Release: 	29.2.%{RELEASEVER}%{?dist}
+Release: 	29.3.%{RELEASEVER}%{dist}
 Epoch:   	32
 Url: 		http://www.isc.org/products/BIND/
 Buildroot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -396,7 +396,7 @@ for f in my.internal.zone.db slaves/my.slave.internal.zone.db slaves/my.ddns.int
   echo '@ in soa localhost. root 1 3H 15M 1W 1D
   ns localhost.' > sample/var/named/$f; 
 done
-/usr/bin/tail -n '+'`/bin/egrep -n '\\$Id: bind.spec,v 1.254 2008/03/14 12:48:09 atkac Exp $/+1/' | bc` bin/rndc/rndc.conf | sed '/Sample rndc configuration file./{p;i\
+/usr/bin/tail -n '+'`/bin/egrep -n '\\$Id: bind.spec,v 1.255 2008/04/02 12:43:32 atkac Exp $/+1/' | bc` bin/rndc/rndc.conf | sed '/Sample rndc configuration file./{p;i\
  *\
  * NOTE: you only need to create this file if it is to\
  * differ from the following default contents:
@@ -647,6 +647,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_sbindir}/bind-chroot-admin
 
 %changelog
+* Wed Apr 02 2008 Adam Tkac <atkac redhat com> 32:9.5.0-29.3.b2
+- fixed named.conf.sample file (#437569)
+
 * Fri Mar 14 2008 Adam Tkac <atkac redhat com> 32:9.5.0-29.2.b2
 - fixed URLs
 
diff --git a/named.conf.sample b/named.conf.sample
index c8d88bb..6474e7b 100644
--- a/named.conf.sample
+++ b/named.conf.sample
@@ -9,12 +9,6 @@
 //
 options
 {
-	/* make named use port 53 for the source of all queries, to allow
-         * firewalls to block all ports except 53:
-         */
-	query-source    port 53;	
-	query-source-v6 port 53;
-	
 	// Put files that named is allowed to write in the data/ directory:
 	directory "/var/named"; // the default
 	dump-file 		"data/cache_dump.db";
@@ -52,14 +46,13 @@ view "localhost_resolver"
  * If all you want is a caching-only nameserver, then you need only define this view:
  */
 	match-clients 		{ localhost; };
-	match-destinations	{ localhost; };
 	recursion yes;
 	# all views must contain the root hints zone:
 	include "/etc/named.root.hints";
 
         /* these are zones that contain definitions for all the localhost
          * names and addresses, as recommended in RFC1912 - these names should
-	 * ONLY be served to localhost clients:
+	 * not leak to the other nameservers:
 	 */
 	include "/etc/named.rfc1912.zones";
 };
@@ -69,13 +62,16 @@ view "internal"
    that connect via your directly attached LAN interfaces - "localnets" .
  */
 	match-clients		{ localnets; };
-	match-destinations	{ localnets; };
 	recursion yes;
 	// all views must contain the root hints zone:
 	include "/etc/named.root.hints";
 
-        // include "named.rfc1912.zones";
-	// you should not serve your rfc1912 names to non-localhost clients.
+
+        /* these are zones that contain definitions for all the localhost
+         * names and addresses, as recommended in RFC1912 - these names should
+	 * not leak to the other nameservers:
+	 */
+	include "/etc/named.rfc1912.zones";
  
 	// These are your "authoritative" internal zones, and would probably
 	// also be included in the "localhost_resolver" view above :
@@ -105,10 +101,9 @@ key ddns_key
 view    "external"
 {
 /* This view will contain zones you want to serve only to "external" clients
- * that have addresses that are not on your directly attached LAN interface subnets:
+ * that have addresses that are not match any above view:
  */
-	match-clients		{ !localnets; !localhost; };
-	match-destinations	{ !localnets; !localhost; };
+	match-clients		{ any; };
 
 	recursion no;
 	// you'd probably want to deny recursion to external clients, so you don't