# How to create a named.conf file



## frankpeng (May 7, 2013)

Hi, Gurus!

I want to make a DNS server on my FreeBSD 9.1 64 bit. In order to make a fresh one, I delete the file in /etc/namedb/named.conf.

Then I went to /usr/ports/dns/bind99.
`# make -DBATCH install clean`

When I come back to /etc/namedb/, nothing is there.

Whatever I do, I can never get the named.conf file back. I did a `make buildworld && make buildkernel && make installkernel && make installworld`. Still could not get it back. Please help.
Thanks!


----------



## wblock@ (May 7, 2013)

Don't use BATCH.  The port has options to overwrite the base, or you can run it as a normal port with the config files in /usr/local/etc.  See src.conf(5) to prevent the base BIND from being built.


----------



## gordon@ (May 7, 2013)

If you want to restore the default files that are in /etc, look in /usr/src/etc. It mirrors the path in /etc.


----------



## ShelLuser (May 7, 2013)

I have to ask: why insist on using a Port version while the base version is set up just as good? In fact, I personally would prefer the base version, especially since it's already fully set up to be used in a chrooted manner.

Not saying that chroot is the solution to all security issues, but it sure helps a lot.

And considering how the default config file is already primed with the root zones for both IPv4 as well as IPv6 I can't imagine why you wouldn't use this one?

I'm well aware that Bind 9.9 provides some new features, but most of them are so specific that I doubt you'd even need them (this is also a bit of prejudice on my part because I'd imagine that if you'd pick the port fully because of some specific features you'd also have little trouble rebuilding the config file, the setup is relatively sub-standard, no offense intended).

Even so, the FreeBSD handbook to the rescue once again. Please note that in this section most of the named.conf file has been quoted, and can be used to rebuild your own named.conf.


----------



## kpa (May 7, 2013)

Just so you know, there are plans to decouple BIND from the base system alltogether. The reasoning is that good part of the security advisories are BIND related and a caching resolver or an authoritative name server is not exactly an essential part of the base system.


----------



## tanked (May 7, 2013)

I remember reading a post on the mailing list, probably last year, where one of the devs said the base BIND was only meant for internal testing, if you're going to deploy production BIND servers then you should use the latest port.


----------

