// This is the primary configuration file for the BIND DNS server named. // for the FreeSWAN testing Virtual Machine "carrot", at 192.1.2.130. // beet is the root name server, this is a TLD name server. // $Id: named.conf,v 1.4 2002/11/16 02:59:47 mcr Exp $ options { directory "/etc/bind"; // If there is a firewall between you and nameservers you want // to talk to, you might need to uncomment the query-source // directive below. Previous versions of BIND always asked // questions using port 53, but BIND 8.1 and later use an unprivileged // port by default. // query-source address * port 53; // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. // forwarders { // 0.0.0.0; // }; auth-nxdomain no; # conform to RFC1035 }; // define a key - you should really change the secret since // all Debian boxes everywhere will have the same secret key "key" { algorithm hmac-md5; secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K"; }; // fortunately, using this control statement, we restrict access // to the control port 953/tcp to only the localhost and we // configure named to listen to 953 only on the lo interface controls { inet 127.0.0.1 allow { 127.0.0.1; } keys { "key"; }; }; // prime the server with knowledge of the root servers zone "." { type hint; file "/etc/bind/db.hint"; }; // be authoritative for the localhost forward and reverse zones, and for // broadcast zones as per RFC 1912 zone "localhost" { type master; file "/etc/bind/db.local"; }; zone "root-servers.net" { type master; file "/etc/bind/db.root-servers.net..signed"; }; // this is machine carrot, which has, according to testing/doc/dns_hier.fig, // the following domains: // . (taken care of above) // org. // in-addr.arpa. // uml.freeswan.org. // 0.192.in-addr.arpa. // 1.192.in-addr.arpa. // arpa. zone zone "in-addr.arpa" { type master; file "/etc/bind/db.in-addr.arpa..signed"; }; // private networks zone "0.192.in-addr.arpa" { type master; file "/etc/bind/db.0.192.in-addr.arpa..signed"; }; // public networks zone "1.192.in-addr.arpa" { type master; file "/etc/bind/db.1.192.in-addr.arpa..signed"; }; // TLD zone "org" { type master; file "/etc/bind/db.org..signed"; }; // the local piece of freeswan.org. zone "uml.freeswan.org" { type master; file "/etc/bind/db.uml.freeswan.org..signed"; }; // add entries for other zones below here