diff options
| author | Adam Tkac <atkac@fedoraproject.org> | 2008-04-02 12:43:33 +0000 |
|---|---|---|
| committer | Adam Tkac <atkac@fedoraproject.org> | 2008-04-02 12:43:33 +0000 |
| commit | 95fd5e6c3e35a197573c8b6f583d3fad37eeedd3 (patch) | |
| tree | 9481b8cef9adf3a03aec4fbf1d3c8f21876f6300 | |
| parent | dcb87f0cf74cf4871b217163adcbbf00270dfadf (diff) | |
| download | bind-95fd5e6c3e35a197573c8b6f583d3fad37eeedd3.tar.gz bind-95fd5e6c3e35a197573c8b6f583d3fad37eeedd3.tar.xz bind-95fd5e6c3e35a197573c8b6f583d3fad37eeedd3.zip | |
- fixed named.conf.sample file (#437569)F-9-split
| -rw-r--r-- | bind.spec | 5 | ||||
| -rw-r--r-- | named.conf.sample | 23 |
2 files changed, 13 insertions, 15 deletions
@@ -18,7 +18,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: ISC Version: 9.5.0 -Release: 29.2.%{RELEASEVER}%{?dist} +Release: 29.3.%{RELEASEVER}%{dist} Epoch: 32 Url: http://www.isc.org/products/BIND/ Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -647,6 +647,9 @@ rm -rf ${RPM_BUILD_ROOT} %{_sbindir}/bind-chroot-admin %changelog +* Wed Apr 02 2008 Adam Tkac <atkac redhat com> 32:9.5.0-29.3.b2 +- fixed named.conf.sample file (#437569) + * Fri Mar 14 2008 Adam Tkac <atkac redhat com> 32:9.5.0-29.2.b2 - fixed URLs diff --git a/named.conf.sample b/named.conf.sample index c8d88bb..6474e7b 100644 --- a/named.conf.sample +++ b/named.conf.sample @@ -9,12 +9,6 @@ // options { - /* make named use port 53 for the source of all queries, to allow - * firewalls to block all ports except 53: - */ - query-source port 53; - query-source-v6 port 53; - // Put files that named is allowed to write in the data/ directory: directory "/var/named"; // the default dump-file "data/cache_dump.db"; @@ -52,14 +46,13 @@ view "localhost_resolver" * If all you want is a caching-only nameserver, then you need only define this view: */ match-clients { localhost; }; - match-destinations { localhost; }; recursion yes; # all views must contain the root hints zone: include "/etc/named.root.hints"; /* these are zones that contain definitions for all the localhost * names and addresses, as recommended in RFC1912 - these names should - * ONLY be served to localhost clients: + * not leak to the other nameservers: */ include "/etc/named.rfc1912.zones"; }; @@ -69,13 +62,16 @@ view "internal" that connect via your directly attached LAN interfaces - "localnets" . */ match-clients { localnets; }; - match-destinations { localnets; }; recursion yes; // all views must contain the root hints zone: include "/etc/named.root.hints"; - // include "named.rfc1912.zones"; - // you should not serve your rfc1912 names to non-localhost clients. + + /* these are zones that contain definitions for all the localhost + * names and addresses, as recommended in RFC1912 - these names should + * not leak to the other nameservers: + */ + include "/etc/named.rfc1912.zones"; // These are your "authoritative" internal zones, and would probably // also be included in the "localhost_resolver" view above : @@ -105,10 +101,9 @@ key ddns_key view "external" { /* This view will contain zones you want to serve only to "external" clients - * that have addresses that are not on your directly attached LAN interface subnets: + * that have addresses that are not match any above view: */ - match-clients { !localnets; !localhost; }; - match-destinations { !localnets; !localhost; }; + match-clients { any; }; recursion no; // you'd probably want to deny recursion to external clients, so you don't |