rpms/bind/devel bind.spec,1.254,1.255 named.conf.sample,1.2,1.3

Adam Tkac (atkac) fedora-extras-commits at redhat.com
Wed Apr 2 12:44:09 UTC 2008 

Author: atkac

Update of /cvs/pkgs/rpms/bind/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11115

Modified Files:
	bind.spec named.conf.sample 
Log Message:
- fixed named.conf.sample file (#437569)



Index: bind.spec
===================================================================
RCS file: /cvs/pkgs/rpms/bind/devel/bind.spec,v
retrieving revision 1.254
retrieving revision 1.255
diff -u -r1.254 -r1.255
--- bind.spec	14 Mar 2008 12:48:09 -0000	1.254
+++ bind.spec	2 Apr 2008 12:43:32 -0000	1.255
@@ -18,7 +18,7 @@
 Name: 		bind
 License: 	ISC
 Version: 	9.5.0
-Release: 	29.2.%{RELEASEVER}%{?dist}
+Release: 	29.3.%{RELEASEVER}%{dist}
 Epoch:   	32
 Url: 		http://www.isc.org/products/BIND/
 Buildroot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -647,6 +647,9 @@
 %{_sbindir}/bind-chroot-admin
 
 %changelog
+* Wed Apr 02 2008 Adam Tkac <atkac redhat com> 32:9.5.0-29.3.b2
+- fixed named.conf.sample file (#437569)
+
 * Fri Mar 14 2008 Adam Tkac <atkac redhat com> 32:9.5.0-29.2.b2
 - fixed URLs
 


Index: named.conf.sample
===================================================================
RCS file: /cvs/pkgs/rpms/bind/devel/named.conf.sample,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- named.conf.sample	14 Jun 2006 05:26:43 -0000	1.2
+++ named.conf.sample	2 Apr 2008 12:43:33 -0000	1.3
@@ -9,12 +9,6 @@
 //
 options
 {
-	/* make named use port 53 for the source of all queries, to allow
-         * firewalls to block all ports except 53:
-         */
-	query-source    port 53;	
-	query-source-v6 port 53;
-	
 	// Put files that named is allowed to write in the data/ directory:
 	directory "/var/named"; // the default
 	dump-file 		"data/cache_dump.db";
@@ -52,14 +46,13 @@
  * If all you want is a caching-only nameserver, then you need only define this view:
  */
 	match-clients 		{ localhost; };
-	match-destinations	{ localhost; };
 	recursion yes;
 	# all views must contain the root hints zone:
 	include "/etc/named.root.hints";
 
         /* these are zones that contain definitions for all the localhost
          * names and addresses, as recommended in RFC1912 - these names should
-	 * ONLY be served to localhost clients:
+	 * not leak to the other nameservers:
 	 */
 	include "/etc/named.rfc1912.zones";
 };
@@ -69,13 +62,16 @@
    that connect via your directly attached LAN interfaces - "localnets" .
  */
 	match-clients		{ localnets; };
-	match-destinations	{ localnets; };
 	recursion yes;
 	// all views must contain the root hints zone:
 	include "/etc/named.root.hints";
 
-        // include "named.rfc1912.zones";
-	// you should not serve your rfc1912 names to non-localhost clients.
+
+        /* these are zones that contain definitions for all the localhost
+         * names and addresses, as recommended in RFC1912 - these names should
+	 * not leak to the other nameservers:
+	 */
+	include "/etc/named.rfc1912.zones";
  
 	// These are your "authoritative" internal zones, and would probably
 	// also be included in the "localhost_resolver" view above :
@@ -105,10 +101,9 @@
 view    "external"
 {
 /* This view will contain zones you want to serve only to "external" clients
- * that have addresses that are not on your directly attached LAN interface subnets:
+ * that have addresses that are not match any above view:
  */
-	match-clients		{ !localnets; !localhost; };
-	match-destinations	{ !localnets; !localhost; };
+	match-clients		{ any; };
 
 	recursion no;
 	// you'd probably want to deny recursion to external clients, so you don't

More information about the fedora-extras-commits mailing list