Bind: Difference between revisions
Jump to navigation
Jump to search
Line 1: | Line 1: | ||
= Configuration = | = Configuration = | ||
== named.conf == | |||
For an internet DNS server: | |||
<pre> | |||
//Tripany | |||
include "/etc/bind/slaves.conf"; | |||
// Recursion is allowing other hosts to look up domain names not hosted / cached by this bind server | |||
acl "recursehosts" { | |||
127.0.0.1; 212.61.33.42; localhost; 82.94.91.75; 82.92.214.79; 195.64.90.139; 82.94.91.75; 31.160.12.68; 188.204.140.220; | |||
}; | |||
include "/etc/bind/named.conf.options"; | |||
view "recursehosts" { | |||
match-clients { recursehosts; }; | |||
recursion yes; | |||
allow-transfer { "slaves"; }; | |||
include "/etc/bind/named.conf.local"; | |||
include "/etc/bind/named.conf.default-zones"; | |||
include "/etc/bind/named.conf.db"; | |||
}; | |||
view "outside" { | |||
match-clients { any; }; | |||
recursion no; | |||
allow-transfer { "slaves"; }; | |||
zone "." { | |||
type hint; | |||
file "/etc/bind/db.root"; | |||
}; | |||
// edns-udp-size 1400; | |||
include "/etc/bind/named.conf.db"; | |||
}; | |||
</pre> | |||
Otherwise use default | |||
== named.conf.options == | == named.conf.options == | ||
Line 161: | Line 200: | ||
8 IN PTR tripenclosure.ops.tripnet.int. | 8 IN PTR tripenclosure.ops.tripnet.int. | ||
9 IN PTR soap.tripnet.int. | 9 IN PTR soap.tripnet.int. | ||
</pre> | |||
== slaves.conf == | |||
<pre> | |||
// Slave servers | |||
acl "slaves" { | |||
// | |||
87.233.134.184; // Moondust machine | |||
213.193.253.120; // ns-01.etryx.com | |||
213.239.175.248; // ns-02.etryx.com | |||
// 82.92.214.79; // old ns2.euhost.nl | |||
// 82.95.80.17; // old ns2.euhost.nl | |||
212.61.33.42; | |||
// 82.94.91.75; // tripany.com machine | |||
// 31.160.12.69; // ns2.euhost.nl | |||
188.204.140.220; // ns2.euhost.nl | |||
127.0.0.1; | |||
localhost; | |||
}; | |||
</pre> | </pre> | ||
Revision as of 11:04, 10 June 2013
Configuration
named.conf
For an internet DNS server:
//Tripany include "/etc/bind/slaves.conf"; // Recursion is allowing other hosts to look up domain names not hosted / cached by this bind server acl "recursehosts" { 127.0.0.1; 212.61.33.42; localhost; 82.94.91.75; 82.92.214.79; 195.64.90.139; 82.94.91.75; 31.160.12.68; 188.204.140.220; }; include "/etc/bind/named.conf.options"; view "recursehosts" { match-clients { recursehosts; }; recursion yes; allow-transfer { "slaves"; }; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones"; include "/etc/bind/named.conf.db"; }; view "outside" { match-clients { any; }; recursion no; allow-transfer { "slaves"; }; zone "." { type hint; file "/etc/bind/db.root"; }; // edns-udp-size 1400; include "/etc/bind/named.conf.db"; };
Otherwise use default
named.conf.options
options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. forwarders { 213.75.63.36; 213.75.63.70; }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== # Turned off because most DNSSEC secured zones are incorrectly configured. This leads to flooding of the syslog with (no valid RRSIG) errors # dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 # Turned off because KPN doesn't support ipv6. This leads to flooding of the syslog with (network unreachable) errors # listen-on-v6 { any; }; # Not needed because Debian default directory is now linked to /var/named by hand # directory "/var/named"; };
For an internet nameserver add:
allow-recursion { recursehosts; }; allow-query-cache { recursehosts; };
named.conf.local
// // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; zone "ops.tripnet.int" in { type master; file "soa/ops.tripnet.int"; notify yes; }; zone "net.tripnet.int" in { type master; file "soa/net.tripnet.int"; notify yes; }; zone "internal.tripnet.int" in { type master; file "soa/internal.tripnet.int"; notify yes; allow-update {localhost;}; }; zone "tripnet.int" in { type master; file "soa/tripnet.int"; notify yes; }; zone "0.0.10.in-addr.arpa" in { type master; file "rev/10.0.0.rev"; notify yes; }; zone "0.0.127.in-addr.arpa" in { type master; file "rev/localhost.rev"; }; zone "0.168.192.in-addr.arpa" in { type master; file "rev/192.168.0.rev"; notify yes; }; zone "1.168.192.in-addr.arpa" in { type master; file "rev/192.168.1.rev"; notify yes; allow-update {localhost;}; }; zone "100.168.192.in-addr.arpa" in { type master; file "rev/192.168.100.rev"; notify yes; allow-update {localhost;}; };
example /var/named/soa/internal.tripnet.int
@ IN SOA router.tripnet.int. root.router.tripnet.int. ( 2001072027 ; serial, todays date + todays serial 10800 ; refresh 3600 ; retry 604800 ; expire 86400 ) ; minimum TTL ; IN NS router.tripnet.int. IN NS tripserv.tripnet.int. IN MX 10 router.tripnet.int. ; ; Netwerk locaal ip 192.168. netmask 255.255.255.0 ; lindy 10 IN A 192.168.0.20 ;Cl=3 marylene 10 IN A 192.168.0.21 ;Cl=3 amber 10 IN A 192.168.0.22 ;Cl=3 yvette 10 IN A 192.168.0.23 ;Cl=3 crystel 10 IN A 192.168.0.24 ;Cl=3 treske 10 IN A 192.168.0.25 ;Cl=3 sharon 10 IN A 192.168.0.26 ;Cl=3 serena 10 IN A 192.168.0.27 ;Cl=3 treske-ii 10 IN A 192.168.0.28 ;Cl=3 catherine 10 IN A 192.168.0.29 ;Cl=3 marjolein 10 IN A 192.168.0.30 ;Cl=3 maggotbox 10 IN A 192.168.0.31 ;Cl=3
example /var/named/rev/192.168.0.rev
0.168.192.in-addr.arpa. IN SOA router.tripnet.int. root.router.tripnet.int. ( 2002083046 ; serial 8H ; refresh 2H ; retry 1W ; expire 1D ; minimum ) IN NS router.tripnet.int. IN NS tripserv.tripnet.int. IN MX 10 router.tripnet.int. 1 IN PTR router.ops.tripnet.int. 2 IN PTR tripserv.ops.tripnet.int. 3 IN PTR tripevo.ops.tripnet.int. 4 IN PTR tripdev.ops.tripnet.int. 5 IN PTR tripraid.ops.tripnet.int. 6 IN PTR tripbook.ops.tripnet.int. 8 IN PTR tripenclosure.ops.tripnet.int. 9 IN PTR soap.tripnet.int.
slaves.conf
// Slave servers acl "slaves" { // 87.233.134.184; // Moondust machine 213.193.253.120; // ns-01.etryx.com 213.239.175.248; // ns-02.etryx.com // 82.92.214.79; // old ns2.euhost.nl // 82.95.80.17; // old ns2.euhost.nl 212.61.33.42; // 82.94.91.75; // tripany.com machine // 31.160.12.69; // ns2.euhost.nl 188.204.140.220; // ns2.euhost.nl 127.0.0.1; localhost; };
Adding a new domain
New Domain: www.domain.com
212.61.33.42
Add the following in /etc/bind/named.conf.db
zone "domain.com" in { type master; file "soa/domain.com"; notify yes; };
Add the following in /var/named/soa/domain.com
@ IN SOA ns1.euhost.nl. root.ns1.euhost.nl. ( 2011103102 ; serial FORMAT: YYYYMMDDXX 14800 ; refresh 3600 ; retry 604800 ; expire 86400 ; minimum ) IN NS ns1.euhost.nl. IN NS ns2.euhost.nl. IN MX 10 mail.tripany.com. IN A 188.204.140.195 ; Standard localhost IN A 188.204.140.195 www IN A 188.204.140.195 ftp IN A 188.204.140.195
ssh -l USERNAME ns2.euhost.nl
Add the following in /etc/bind/named.conf.db
zone "domain.com" in { type master; file "soa/domain.com"; notify yes; };
rndc reload;tail -f /var/log/messages
Quit the SSH back to 212.61.33.42
Again: rndc reload;tail -f /var/log/messages