Bind: Difference between revisions
Jump to navigation
Jump to search
| Line 1: | Line 1: | ||
= Configuration = | = Configuration = | ||
== named.conf == | |||
For an internet DNS server: | |||
<pre> | |||
//Tripany | |||
include "/etc/bind/slaves.conf"; | |||
// Recursion is allowing other hosts to look up domain names not hosted / cached by this bind server | |||
acl "recursehosts" { | |||
127.0.0.1; 212.61.33.42; localhost; 82.94.91.75; 82.92.214.79; 195.64.90.139; 82.94.91.75; 31.160.12.68; 188.204.140.220; | |||
}; | |||
include "/etc/bind/named.conf.options"; | |||
view "recursehosts" { | |||
match-clients { recursehosts; }; | |||
recursion yes; | |||
allow-transfer { "slaves"; }; | |||
include "/etc/bind/named.conf.local"; | |||
include "/etc/bind/named.conf.default-zones"; | |||
include "/etc/bind/named.conf.db"; | |||
}; | |||
view "outside" { | |||
match-clients { any; }; | |||
recursion no; | |||
allow-transfer { "slaves"; }; | |||
zone "." { | |||
type hint; | |||
file "/etc/bind/db.root"; | |||
}; | |||
// edns-udp-size 1400; | |||
include "/etc/bind/named.conf.db"; | |||
}; | |||
</pre> | |||
Otherwise use default | |||
== named.conf.options == | == named.conf.options == | ||
| Line 161: | Line 200: | ||
8 IN PTR tripenclosure.ops.tripnet.int. | 8 IN PTR tripenclosure.ops.tripnet.int. | ||
9 IN PTR soap.tripnet.int. | 9 IN PTR soap.tripnet.int. | ||
</pre> | |||
== slaves.conf == | |||
<pre> | |||
// Slave servers | |||
acl "slaves" { | |||
// | |||
87.233.134.184; // Moondust machine | |||
213.193.253.120; // ns-01.etryx.com | |||
213.239.175.248; // ns-02.etryx.com | |||
// 82.92.214.79; // old ns2.euhost.nl | |||
// 82.95.80.17; // old ns2.euhost.nl | |||
212.61.33.42; | |||
// 82.94.91.75; // tripany.com machine | |||
// 31.160.12.69; // ns2.euhost.nl | |||
188.204.140.220; // ns2.euhost.nl | |||
127.0.0.1; | |||
localhost; | |||
}; | |||
</pre> | </pre> | ||
Revision as of 11:04, 10 June 2013
Configuration
named.conf
For an internet DNS server:
//Tripany
include "/etc/bind/slaves.conf";
// Recursion is allowing other hosts to look up domain names not hosted / cached by this bind server
acl "recursehosts" {
127.0.0.1; 212.61.33.42; localhost; 82.94.91.75; 82.92.214.79; 195.64.90.139; 82.94.91.75; 31.160.12.68; 188.204.140.220;
};
include "/etc/bind/named.conf.options";
view "recursehosts" {
match-clients { recursehosts; };
recursion yes;
allow-transfer { "slaves"; };
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/etc/bind/named.conf.db";
};
view "outside" {
match-clients { any; };
recursion no;
allow-transfer { "slaves"; };
zone "." {
type hint;
file "/etc/bind/db.root";
};
// edns-udp-size 1400;
include "/etc/bind/named.conf.db";
};
Otherwise use default
named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
213.75.63.36;
213.75.63.70;
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
# Turned off because most DNSSEC secured zones are incorrectly configured. This leads to flooding of the syslog with (no valid RRSIG) errors
# dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
# Turned off because KPN doesn't support ipv6. This leads to flooding of the syslog with (network unreachable) errors
# listen-on-v6 { any; };
# Not needed because Debian default directory is now linked to /var/named by hand
# directory "/var/named";
};
For an internet nameserver add:
allow-recursion { recursehosts; };
allow-query-cache { recursehosts; };
named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "ops.tripnet.int" in {
type master;
file "soa/ops.tripnet.int";
notify yes;
};
zone "net.tripnet.int" in {
type master;
file "soa/net.tripnet.int";
notify yes;
};
zone "internal.tripnet.int" in {
type master;
file "soa/internal.tripnet.int";
notify yes;
allow-update {localhost;};
};
zone "tripnet.int" in {
type master;
file "soa/tripnet.int";
notify yes;
};
zone "0.0.10.in-addr.arpa" in {
type master;
file "rev/10.0.0.rev";
notify yes;
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "rev/localhost.rev";
};
zone "0.168.192.in-addr.arpa" in {
type master;
file "rev/192.168.0.rev";
notify yes;
};
zone "1.168.192.in-addr.arpa" in {
type master;
file "rev/192.168.1.rev";
notify yes;
allow-update {localhost;};
};
zone "100.168.192.in-addr.arpa" in {
type master;
file "rev/192.168.100.rev";
notify yes;
allow-update {localhost;};
};
example /var/named/soa/internal.tripnet.int
@ IN SOA router.tripnet.int. root.router.tripnet.int. (
2001072027 ; serial, todays date + todays serial
10800 ; refresh
3600 ; retry
604800 ; expire
86400 ) ; minimum TTL
;
IN NS router.tripnet.int.
IN NS tripserv.tripnet.int.
IN MX 10 router.tripnet.int.
;
; Netwerk locaal ip 192.168. netmask 255.255.255.0
;
lindy 10 IN A 192.168.0.20 ;Cl=3
marylene 10 IN A 192.168.0.21 ;Cl=3
amber 10 IN A 192.168.0.22 ;Cl=3
yvette 10 IN A 192.168.0.23 ;Cl=3
crystel 10 IN A 192.168.0.24 ;Cl=3
treske 10 IN A 192.168.0.25 ;Cl=3
sharon 10 IN A 192.168.0.26 ;Cl=3
serena 10 IN A 192.168.0.27 ;Cl=3
treske-ii 10 IN A 192.168.0.28 ;Cl=3
catherine 10 IN A 192.168.0.29 ;Cl=3
marjolein 10 IN A 192.168.0.30 ;Cl=3
maggotbox 10 IN A 192.168.0.31 ;Cl=3
example /var/named/rev/192.168.0.rev
0.168.192.in-addr.arpa. IN SOA router.tripnet.int. root.router.tripnet.int. (
2002083046 ; serial
8H ; refresh
2H ; retry
1W ; expire
1D ; minimum
)
IN NS router.tripnet.int.
IN NS tripserv.tripnet.int.
IN MX 10 router.tripnet.int.
1 IN PTR router.ops.tripnet.int.
2 IN PTR tripserv.ops.tripnet.int.
3 IN PTR tripevo.ops.tripnet.int.
4 IN PTR tripdev.ops.tripnet.int.
5 IN PTR tripraid.ops.tripnet.int.
6 IN PTR tripbook.ops.tripnet.int.
8 IN PTR tripenclosure.ops.tripnet.int.
9 IN PTR soap.tripnet.int.
slaves.conf
// Slave servers
acl "slaves" {
//
87.233.134.184; // Moondust machine
213.193.253.120; // ns-01.etryx.com
213.239.175.248; // ns-02.etryx.com
// 82.92.214.79; // old ns2.euhost.nl
// 82.95.80.17; // old ns2.euhost.nl
212.61.33.42;
// 82.94.91.75; // tripany.com machine
// 31.160.12.69; // ns2.euhost.nl
188.204.140.220; // ns2.euhost.nl
127.0.0.1;
localhost;
};
Adding a new domain
New Domain: www.domain.com
212.61.33.42
Add the following in /etc/bind/named.conf.db
zone "domain.com" in {
type master;
file "soa/domain.com";
notify yes;
};
Add the following in /var/named/soa/domain.com
@ IN SOA ns1.euhost.nl. root.ns1.euhost.nl. (
2011103102 ; serial FORMAT: YYYYMMDDXX
14800 ; refresh
3600 ; retry
604800 ; expire
86400 ; minimum
)
IN NS ns1.euhost.nl.
IN NS ns2.euhost.nl.
IN MX 10 mail.tripany.com.
IN A 188.204.140.195
; Standard
localhost IN A 188.204.140.195
www IN A 188.204.140.195
ftp IN A 188.204.140.195
ssh -l USERNAME ns2.euhost.nl
Add the following in /etc/bind/named.conf.db
zone "domain.com" in {
type master;
file "soa/domain.com";
notify yes;
};
rndc reload;tail -f /var/log/messages
Quit the SSH back to 212.61.33.42
Again: rndc reload;tail -f /var/log/messages