Bind: Difference between revisions

From Edgar BV Wiki
Jump to navigation Jump to search
No edit summary
 
Line 35: Line 35:
#        directory "/var/named";
#        directory "/var/named";
};
};
</pre>
For an internet nameserver add:
<pre>
        allow-recursion { recursehosts; };
        allow-query-cache { recursehosts; };
</pre>
</pre>



Revision as of 11:01, 10 June 2013

Configuration

named.conf.options

options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

         forwarders {
                213.75.63.36;
                213.75.63.70;
         };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
# Turned off because most DNSSEC secured zones are incorrectly configured. This leads to flooding of the syslog with (no valid RRSIG) errors
#       dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035

# Turned off because KPN doesn't support ipv6. This leads to flooding of the syslog with (network unreachable) errors
#       listen-on-v6 { any; };

# Not needed because Debian default directory is now linked to /var/named by hand
#        directory "/var/named";
};

For an internet nameserver add:

        allow-recursion { recursehosts; };
        allow-query-cache { recursehosts; };

named.conf.local

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "ops.tripnet.int" in {
    type master;
    file "soa/ops.tripnet.int";
        notify yes;
};

zone "net.tripnet.int" in {
        type master;
        file "soa/net.tripnet.int";
        notify yes;
};

zone "internal.tripnet.int" in {
    type master;
    file "soa/internal.tripnet.int";
        notify yes;
    allow-update {localhost;};
};

zone "tripnet.int" in {
    type master;
    file "soa/tripnet.int";
    notify yes;
};

zone "0.0.10.in-addr.arpa" in {
        type master;
        file "rev/10.0.0.rev";
        notify yes;
};

zone "0.0.127.in-addr.arpa" in {
    type master;
    file "rev/localhost.rev";
};

zone "0.168.192.in-addr.arpa" in {
        type master;
        file "rev/192.168.0.rev";
        notify yes;
};

zone "1.168.192.in-addr.arpa" in {
    type master;
    file "rev/192.168.1.rev";
        notify yes;
    allow-update {localhost;};
};

zone "100.168.192.in-addr.arpa" in {
    type master;
    file "rev/192.168.100.rev";
        notify yes;
    allow-update {localhost;};
};

example /var/named/soa/internal.tripnet.int

@       IN      SOA     router.tripnet.int. root.router.tripnet.int. (
                        2001072027      ; serial, todays date + todays serial
                        10800           ; refresh
                        3600            ; retry
                        604800          ; expire
                        86400 )         ; minimum TTL
;
                        IN NS   router.tripnet.int.
                        IN NS   tripserv.tripnet.int.
                        IN MX 10 router.tripnet.int.
;
; Netwerk locaal ip 192.168. netmask 255.255.255.0
;
lindy   10      IN      A       192.168.0.20    ;Cl=3
marylene 10     IN      A       192.168.0.21    ;Cl=3
amber   10      IN      A       192.168.0.22    ;Cl=3
yvette 10       IN      A       192.168.0.23    ;Cl=3
crystel 10      IN      A       192.168.0.24    ;Cl=3
treske  10      IN      A       192.168.0.25    ;Cl=3
sharon  10      IN      A       192.168.0.26    ;Cl=3
serena  10      IN      A       192.168.0.27    ;Cl=3
treske-ii 10    IN      A       192.168.0.28    ;Cl=3
catherine 10    IN      A       192.168.0.29    ;Cl=3
marjolein 10    IN      A       192.168.0.30    ;Cl=3
maggotbox 10    IN      A       192.168.0.31    ;Cl=3

example /var/named/rev/192.168.0.rev

0.168.192.in-addr.arpa. IN      SOA     router.tripnet.int. root.router.tripnet.int. (
                        2002083046 ; serial
                        8H      ; refresh
                        2H      ; retry
                        1W      ; expire
                        1D      ; minimum
                        )

                        IN  NS  router.tripnet.int.
                        IN  NS  tripserv.tripnet.int.
                        IN  MX  10 router.tripnet.int.

1       IN      PTR     router.ops.tripnet.int.
2       IN      PTR     tripserv.ops.tripnet.int.
3       IN      PTR     tripevo.ops.tripnet.int.
4       IN      PTR     tripdev.ops.tripnet.int.
5       IN      PTR     tripraid.ops.tripnet.int.
6       IN      PTR     tripbook.ops.tripnet.int.
8       IN      PTR     tripenclosure.ops.tripnet.int.
9       IN      PTR     soap.tripnet.int.

Adding a new domain

New Domain: www.domain.com

212.61.33.42

Add the following in /etc/bind/named.conf.db

zone "domain.com" in {
        type master;
        file "soa/domain.com";
        notify yes;
};

Add the following in /var/named/soa/domain.com

@ IN SOA ns1.euhost.nl. root.ns1.euhost.nl. (
                2011103102      ;       serial     FORMAT: YYYYMMDDXX
                14800           ;       refresh
                3600            ;       retry
                604800          ;       expire
                86400           ;       minimum
)

                IN      NS      ns1.euhost.nl.
                IN      NS      ns2.euhost.nl.

                IN      MX      10 mail.tripany.com.

                IN      A       188.204.140.195  

; Standard
localhost       IN      A       188.204.140.195
www             IN      A       188.204.140.195
ftp             IN      A       188.204.140.195


ssh -l USERNAME ns2.euhost.nl


Add the following in /etc/bind/named.conf.db

zone "domain.com" in {
        type master;
        file "soa/domain.com";
        notify yes;
};


rndc reload;tail -f /var/log/messages


Quit the SSH back to 212.61.33.42


Again: rndc reload;tail -f /var/log/messages