a proper & complete bind port will show up. discussed with many for yearsOPENBSD_5_7
@ -1,15 +0,0 @@ | |||
; $OpenBSD: db.localhost,v 1.4 2008/01/03 21:20:25 jakob Exp $ | |||
$ORIGIN localhost. | |||
$TTL 6h | |||
@ IN SOA localhost. root.localhost. ( | |||
1 ; serial | |||
1h ; refresh | |||
30m ; retry | |||
7d ; expiration | |||
1h ) ; minimum | |||
NS localhost. | |||
A 127.0.0.1 | |||
AAAA ::1 |
@ -1,14 +0,0 @@ | |||
; $OpenBSD: db.loopback,v 1.4 2008/01/03 21:20:25 jakob Exp $ | |||
$ORIGIN 127.in-addr.arpa. | |||
$TTL 6h | |||
@ IN SOA localhost. root.localhost. ( | |||
1 ; serial | |||
1h ; refresh | |||
30m ; retry | |||
7d ; expiration | |||
1h ) ; minimum | |||
NS localhost. | |||
1.0.0 PTR localhost. |
@ -1,14 +0,0 @@ | |||
; $OpenBSD: db.loopback6.arpa,v 1.5 2009/11/02 21:12:56 jakob Exp $ | |||
$ORIGIN 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. | |||
$TTL 6h | |||
@ IN SOA localhost. root.localhost. ( | |||
1 ; serial | |||
1h ; refresh | |||
30m ; retry | |||
7d ; expiration | |||
1h ) ; minimum | |||
NS localhost. | |||
PTR localhost. |
@ -1,79 +0,0 @@ | |||
// $OpenBSD: named-dual.conf,v 1.11 2009/11/02 21:12:56 jakob Exp $ | |||
// | |||
// Example file for a named configuration with dual views, | |||
// one processing recursive queries only and one processing | |||
// authoritative-only queries. | |||
// Update this list to include only the networks for which you want | |||
// to execute recursive queries. The default setting allows all hosts | |||
// on any IPv4 networks for which the system has an interface, and | |||
// the IPv6 localhost address. | |||
// | |||
acl clients { | |||
localnets; | |||
::1; | |||
}; | |||
options { | |||
version ""; // remove this to allow version queries | |||
listen-on { any; }; | |||
listen-on-v6 { any; }; | |||
empty-zones-enable yes; | |||
}; | |||
logging { | |||
category lame-servers { null; }; | |||
}; | |||
view "recursive" { | |||
match-clients { clients; }; | |||
match-recursive-only yes; | |||
allow-recursion { clients; }; | |||
zone "." { | |||
type hint; | |||
file "etc/root.hint"; | |||
}; | |||
zone "localhost" { | |||
type master; | |||
file "standard/localhost"; | |||
allow-transfer { localhost; }; | |||
}; | |||
zone "127.in-addr.arpa" { | |||
type master; | |||
file "standard/loopback"; | |||
allow-transfer { localhost; }; | |||
}; | |||
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" { | |||
type master; | |||
file "standard/loopback6.arpa"; | |||
allow-transfer { localhost; }; | |||
}; | |||
}; | |||
view "authoritative" { | |||
recursion no; | |||
additional-from-auth no; | |||
additional-from-cache no; | |||
// Master zones | |||
// | |||
//zone "myzone.net" { | |||
// type master; | |||
// file "master/myzone.net"; | |||
//}; | |||
// Slave zones | |||
// | |||
//zone "otherzone.net" { | |||
// type slave; | |||
// file "slave/otherzone.net"; | |||
// masters { 192.168.1.10; [...;] }; | |||
//}; | |||
}; |
@ -1,71 +0,0 @@ | |||
// $OpenBSD: named-simple.conf,v 1.10 2009/11/02 21:12:56 jakob Exp $ | |||
// | |||
// Example file for a simple named configuration, processing both | |||
// recursive and authoritative queries using one cache. | |||
// Update this list to include only the networks for which you want | |||
// to execute recursive queries. The default setting allows all hosts | |||
// on any IPv4 networks for which the system has an interface, and | |||
// the IPv6 localhost address. | |||
// | |||
acl clients { | |||
localnets; | |||
::1; | |||
}; | |||
options { | |||
version ""; // remove this to allow version queries | |||
listen-on { any; }; | |||
listen-on-v6 { any; }; | |||
empty-zones-enable yes; | |||
allow-recursion { clients; }; | |||
}; | |||
logging { | |||
category lame-servers { null; }; | |||
}; | |||
// Standard zones | |||
// | |||
zone "." { | |||
type hint; | |||
file "etc/root.hint"; | |||
}; | |||
zone "localhost" { | |||
type master; | |||
file "standard/localhost"; | |||
allow-transfer { localhost; }; | |||
}; | |||
zone "127.in-addr.arpa" { | |||
type master; | |||
file "standard/loopback"; | |||
allow-transfer { localhost; }; | |||
}; | |||
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" { | |||
type master; | |||
file "standard/loopback6.arpa"; | |||
allow-transfer { localhost; }; | |||
}; | |||
// Master zones | |||
// | |||
//zone "myzone.net" { | |||
// type master; | |||
// file "master/myzone.net"; | |||
//}; | |||
// Slave zones | |||
// | |||
//zone "otherzone.net" { | |||
// type slave; | |||
// file "slave/otherzone.net"; | |||
// masters { 192.0.2.1; [...;] }; | |||
//}; |
@ -1,90 +0,0 @@ | |||
; $OpenBSD: root.hint,v 1.10 2013/01/03 18:37:19 gonzalo Exp $ | |||
; | |||
; This file holds the information on root name servers needed to | |||
; initialize cache of Internet domain name servers | |||
; (e.g. reference this file in the "cache . <file>" | |||
; configuration file of BIND domain name servers). | |||
; | |||
; This file is made available by InterNIC | |||
; under anonymous FTP as | |||
; file /domain/named.cache | |||
; on server FTP.INTERNIC.NET | |||
; -OR- RS.INTERNIC.NET | |||
; | |||
; last update: Jan 3, 2013 | |||
; related version of root zone: 2013010300 | |||
; | |||
; formerly NS.INTERNIC.NET | |||
; | |||
. 3600000 IN NS A.ROOT-SERVERS.NET. | |||
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 | |||
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30 | |||
; | |||
; FORMERLY NS1.ISI.EDU | |||
; | |||
. 3600000 NS B.ROOT-SERVERS.NET. | |||
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 | |||
; | |||
; FORMERLY C.PSI.NET | |||
; | |||
. 3600000 NS C.ROOT-SERVERS.NET. | |||
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 | |||
; | |||
; FORMERLY TERP.UMD.EDU | |||
; | |||
. 3600000 NS D.ROOT-SERVERS.NET. | |||
D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13 | |||
D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D | |||
; | |||
; FORMERLY NS.NASA.GOV | |||
; | |||
. 3600000 NS E.ROOT-SERVERS.NET. | |||
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 | |||
; | |||
; FORMERLY NS.ISC.ORG | |||
; | |||
. 3600000 NS F.ROOT-SERVERS.NET. | |||
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 | |||
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F | |||
; | |||
; FORMERLY NS.NIC.DDN.MIL | |||
; | |||
. 3600000 NS G.ROOT-SERVERS.NET. | |||
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 | |||
; | |||
; FORMERLY AOS.ARL.ARMY.MIL | |||
; | |||
. 3600000 NS H.ROOT-SERVERS.NET. | |||
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 | |||
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235 | |||
; | |||
; FORMERLY NIC.NORDU.NET | |||
; | |||
. 3600000 NS I.ROOT-SERVERS.NET. | |||
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 | |||
I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FE::53 | |||
; | |||
; OPERATED BY VERISIGN, INC. | |||
; | |||
. 3600000 NS J.ROOT-SERVERS.NET. | |||
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 | |||
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30 | |||
; | |||
; OPERATED BY RIPE NCC | |||
; | |||
. 3600000 NS K.ROOT-SERVERS.NET. | |||
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 | |||
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1 | |||
; | |||
; OPERATED BY ICANN | |||
; | |||
. 3600000 NS L.ROOT-SERVERS.NET. | |||
L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 | |||
L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42 | |||
; | |||
; OPERATED BY WIDE | |||
; | |||
. 3600000 NS M.ROOT-SERVERS.NET. | |||
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 | |||
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35 | |||
; End of File |
@ -1,11 +0,0 @@ | |||
#!/bin/sh | |||
# | |||
# $OpenBSD: named,v 1.1 2011/07/06 18:55:36 robert Exp $ | |||
daemon="/usr/sbin/named" | |||
. /etc/rc.d/rc.subr | |||
pexp="named: \[priv\]" | |||
rc_cmd $1 |
@ -1,94 +0,0 @@ | |||
# $OpenBSD: usr_sbin_named,v 1.8 2014/07/20 04:29:07 deraadt Exp $ | |||
# | |||
# Policy for named that uses named user and chroots to /var/named | |||
# This policy works for the default configuration of named. | |||
# | |||
Policy: /usr/sbin/named, Emulation: native | |||
native-__sysctl: permit | |||
native-accept: permit | |||
native-bind: sockaddr match "inet-*:0" then permit | |||
native-bind: sockaddr match "inet-*:53" then permit | |||
native-bind: sockaddr match "inet-*:953" then permit | |||
native-break: permit | |||
native-chdir: filename eq "/" then permit | |||
native-chroot: filename eq "/var/named" then permit | |||
native-close: permit | |||
native-closefrom: permit | |||
native-connect: sockaddr match "inet-*" then permit | |||
native-dup2: permit | |||
native-exit: permit | |||
native-fcntl: permit | |||
native-fork: permit | |||
native-fsread: filename sub "<non-existent filename>" then deny[enoent] | |||
native-fsread: filename eq "/etc/malloc.conf" then permit | |||
native-fsread: filename eq "/dev/arandom" then permit | |||
native-fsread: filename eq "/etc/group" then permit | |||
native-fsread: filename eq "/etc/named.conf" then permit | |||
native-fsread: filename eq "/etc/named.keys" then permit | |||
native-fsread: filename eq "/etc/pwd.db" then permit | |||
native-fsread: filename eq "/etc/rndc.key" then permit | |||
native-fsread: filename eq "/etc/root.hint" then permit | |||
native-fsread: filename eq "/etc/spwd.db" then deny[eperm] | |||
native-fsread: filename match "/master" then permit | |||
native-fsread: filename match "/slave" then permit | |||
native-fsread: filename match "/standard" then permit | |||
native-fsread: filename match "/usr/lib" then permit | |||
native-fsread: filename eq "/usr/libexec/ld.so" then permit | |||
native-fsread: filename match "/usr/share/nls" then permit | |||
native-fsread: filename match "/usr/share/zoneinfo" then permit | |||
native-fsread: filename eq "/var/run/ld.so.hints" then permit | |||
native-fsread: filename eq "/var/run/named.pid" then permit | |||
native-fstat: permit | |||
native-fswrite: filename sub "<non-existent filename>" then deny[enoent] | |||
native-fswrite: filename eq "/dev/null" then permit | |||
native-fswrite: filename match "/master/*" then permit | |||
native-fswrite: filename match "/slave/*" then permit | |||
native-fswrite: filename eq "/var/run/named.pid" then permit | |||
native-fswrite: filename match "/var/tmp/*" then permit | |||
native-fsync: permit | |||
native-getentropy: permit | |||
native-getpid: permit | |||
native-getppid: permit | |||
native-getrlimit: permit | |||
native-getsockname: permit | |||
native-getsockopt: permit | |||
native-gettimeofday: permit | |||
native-getuid: permit | |||
native-geteuid: permit | |||
native-issetugid: permit | |||
native-kill: permit | |||
native-listen: permit | |||
native-lseek: permit | |||
native-minherit: permit | |||
native-mmap: permit | |||
native-mprotect: permit | |||
native-mquery: permit | |||
native-munmap: permit | |||
native-nanosleep: permit | |||
native-pipe: permit | |||
native-pread: permit | |||
native-read: permit | |||
native-recvmsg: permit | |||
native-rename: filename match "/slave/*" and filename[1] match "/slave/*" then permit | |||
native-select: permit | |||
native-sendmsg: permit | |||
native-sendsyslog: permit | |||
native-sendto: true then permit | |||
native-setegid: gid eq "70" then permit | |||
native-seteuid: uid eq "70" and uname eq "named" then permit | |||
native-setgid: gid eq "70" then permit | |||
native-setgroups: permit | |||
native-setresgid: permit | |||
native-setresuid: permit | |||
native-setrlimit: permit | |||
native-setsid: permit | |||
native-setsockopt: permit | |||
native-setuid: uid eq "70" and uname eq "named" then permit | |||
native-sigaction: permit | |||
native-sigprocmask: permit | |||
native-sigreturn: permit | |||
native-socket: permit | |||
native-socketpair: permit | |||
native-utimes: permit | |||
native-wait4: permit | |||
native-write: permit |