Bind

From Edgar BV Wiki
Jump to navigation Jump to search

Configuration

named.conf

For an internet DNS server:

//Tripany
include "/etc/bind/slaves.conf";
// Recursion is allowing other hosts to look up domain names not hosted / cached by this bind server

acl "recursehosts" {
        127.0.0.1; 212.61.33.42; localhost; 82.94.91.75; 82.92.214.79; 195.64.90.139; 82.94.91.75; 31.160.12.68; 188.204.140.220;
};

include "/etc/bind/named.conf.options";

view "recursehosts" {
        match-clients { recursehosts; };
        recursion yes;
        allow-transfer { "slaves"; };

include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/etc/bind/named.conf.db";
};

view "outside" {
        match-clients { any; };
        recursion no;
        allow-transfer { "slaves"; };

zone "." {
        type hint;
        file "/etc/bind/db.root";
};

// edns-udp-size 1400;
include "/etc/bind/named.conf.db";
};

Otherwise use default

named.conf.options

options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

         forwarders {
                213.75.63.36;
                213.75.63.70;
         };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
# Turned off because most DNSSEC secured zones are incorrectly configured. This leads to flooding of the syslog with (no valid RRSIG) errors
#       dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035

# Turned off because KPN doesn't support ipv6. This leads to flooding of the syslog with (network unreachable) errors
#       listen-on-v6 { any; };

# Not needed because Debian default directory is now linked to /var/named by hand
#        directory "/var/named";
};

For an internet nameserver add:

        allow-recursion { recursehosts; };
        allow-query-cache { recursehosts; };

named.conf.local

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "ops.tripnet.int" in {
    type master;
    file "soa/ops.tripnet.int";
        notify yes;
};

zone "net.tripnet.int" in {
        type master;
        file "soa/net.tripnet.int";
        notify yes;
};

zone "internal.tripnet.int" in {
    type master;
    file "soa/internal.tripnet.int";
        notify yes;
    allow-update {localhost;};
};

zone "tripnet.int" in {
    type master;
    file "soa/tripnet.int";
    notify yes;
};

zone "0.0.10.in-addr.arpa" in {
        type master;
        file "rev/10.0.0.rev";
        notify yes;
};

zone "0.0.127.in-addr.arpa" in {
    type master;
    file "rev/localhost.rev";
};

zone "0.168.192.in-addr.arpa" in {
        type master;
        file "rev/192.168.0.rev";
        notify yes;
};

zone "1.168.192.in-addr.arpa" in {
    type master;
    file "rev/192.168.1.rev";
        notify yes;
    allow-update {localhost;};
};

zone "100.168.192.in-addr.arpa" in {
    type master;
    file "rev/192.168.100.rev";
        notify yes;
    allow-update {localhost;};
};

example /var/named/soa/internal.tripnet.int

@       IN      SOA     router.tripnet.int. root.router.tripnet.int. (
                        2001072027      ; serial, todays date + todays serial
                        10800           ; refresh
                        3600            ; retry
                        604800          ; expire
                        86400 )         ; minimum TTL
;
                        IN NS   router.tripnet.int.
                        IN NS   tripserv.tripnet.int.
                        IN MX 10 router.tripnet.int.
;
; Netwerk locaal ip 192.168. netmask 255.255.255.0
;
lindy   10      IN      A       192.168.0.20    ;Cl=3
marylene 10     IN      A       192.168.0.21    ;Cl=3
amber   10      IN      A       192.168.0.22    ;Cl=3
yvette 10       IN      A       192.168.0.23    ;Cl=3
crystel 10      IN      A       192.168.0.24    ;Cl=3
treske  10      IN      A       192.168.0.25    ;Cl=3
sharon  10      IN      A       192.168.0.26    ;Cl=3
serena  10      IN      A       192.168.0.27    ;Cl=3
treske-ii 10    IN      A       192.168.0.28    ;Cl=3
catherine 10    IN      A       192.168.0.29    ;Cl=3
marjolein 10    IN      A       192.168.0.30    ;Cl=3
maggotbox 10    IN      A       192.168.0.31    ;Cl=3

example /var/named/rev/192.168.0.rev

0.168.192.in-addr.arpa. IN      SOA     router.tripnet.int. root.router.tripnet.int. (
                        2002083046 ; serial
                        8H      ; refresh
                        2H      ; retry
                        1W      ; expire
                        1D      ; minimum
                        )

                        IN  NS  router.tripnet.int.
                        IN  NS  tripserv.tripnet.int.
                        IN  MX  10 router.tripnet.int.

1       IN      PTR     router.ops.tripnet.int.
2       IN      PTR     tripserv.ops.tripnet.int.
3       IN      PTR     tripevo.ops.tripnet.int.
4       IN      PTR     tripdev.ops.tripnet.int.
5       IN      PTR     tripraid.ops.tripnet.int.
6       IN      PTR     tripbook.ops.tripnet.int.
8       IN      PTR     tripenclosure.ops.tripnet.int.
9       IN      PTR     soap.tripnet.int.

slaves.conf

// Slave servers

acl "slaves" {
                //
                87.233.134.184;         // Moondust machine
                213.193.253.120;        // ns-01.etryx.com
                213.239.175.248;        // ns-02.etryx.com
//              82.92.214.79;           // old ns2.euhost.nl
//              82.95.80.17;            // old ns2.euhost.nl
                212.61.33.42;
//              82.94.91.75;            // tripany.com machine
//              31.160.12.69;           // ns2.euhost.nl
                188.204.140.220;        // ns2.euhost.nl
                127.0.0.1;
                localhost;
};

Adding a new domain

New Domain: www.domain.com

212.61.33.42

Add the following in /etc/bind/named.conf.db

zone "domain.com" in {
        type master;
        file "soa/domain.com";
        notify yes;
};

Add the following in /var/named/soa/domain.com

@ IN SOA ns1.euhost.nl. root.ns1.euhost.nl. (
                2011103102      ;       serial     FORMAT: YYYYMMDDXX
                14800           ;       refresh
                3600            ;       retry
                604800          ;       expire
                86400           ;       minimum
)

                IN      NS      ns1.euhost.nl.
                IN      NS      ns2.euhost.nl.

                IN      MX      10 mail.tripany.com.

                IN      A       188.204.140.195  

; Standard
localhost       IN      A       188.204.140.195
www             IN      A       188.204.140.195
ftp             IN      A       188.204.140.195


ssh -l USERNAME ns2.euhost.nl


Add the following in /etc/bind/named.conf.db

zone "domain.com" in {
        type master;
        file "soa/domain.com";
        notify yes;
};


rndc reload;tail -f /var/log/messages


Quit the SSH back to 212.61.33.42


Again: rndc reload;tail -f /var/log/messages