Differences

This shows you the differences between two versions of the page.

--- ubuntu:bind:configure_bind9 [2020/12/09 13:58] – peter
+++ ubuntu:bind:configure_bind9 [2020/12/09 16:06] (current) – peter
@@ Line 2: / Line 2: @@
 [[Ubuntu:Bind:Configure Bind9:My Configuration|My Configuration]]
-===== named.conf =====
-<file bash /etc/bind/named.conf>
-// This is the primary configuration file for the BIND DNS server named.
-//
-// Please read /usr/share/doc/bind9/README.Debian.gz for information on the·
-// structure of BIND configuration files in Debian, *BEFORE* you customize·
-// this configuration file.
-//
-// If you are just adding zones, please do that in /etc/bind/named.conf.local
-include "/etc/bind/named.conf.logging";
-include "/etc/bind/named.conf.options";
-include "/etc/bind/named.conf.local";
-// include "/etc/bind/named.conf.default-zones";
-</file>
 ----
-===== named.conf.logging =====
+===== Configuration Options =====
-<file bash /etc/bind/named.conf.logging>
+BIND9 can be configured in many different ways, mostly:
-//logging {
-//  channel querylog{
-//    file "/var/log/named/querylog";
-//    severity debug 3;
-//    print-category yes;
-//    print-time yes;
-//    print-severity yes;
-//  };
-//  category queries { querylog;};
-//};
-logging {
-  channel default_file {
-    file "/var/log/named/default.log" versions 3 size 5m;
-    severity dynamic;
-//    severity debug 3;
-    print-category yes;
-    print-time yes;
-    print-severity yes;
-  };
-  channel general_file {
-    file "/var/log/named/general.log" versions 3 size 5m;
-    severity dynamic;
-//    severity debug 3;
-    print-category yes;
-    print-time yes;
-    print-severity yes;
-  };
-  channel database_file {
-    file "/var/log/named/database.log" versions 3 size 5m;
-    severity dynamic;
-    print-category yes;
-    print-time yes;
-    print-severity yes;
-  };
-  channel security_file {
-    file "/var/log/named/security.log" versions 3 size 5m;
-    severity dynamic;
-    print-category yes;
-    print-time yes;
-    print-severity yes;
-  };
-  channel config_file {
-    file "/var/log/named/config.log" versions 3 size 5m;
-    severity dynamic;
-    print-category yes;
-    print-time yes;
-    print-severity yes;
-  };
-  channel resolver_file {
-    file "/var/log/named/resolver.log" versions 3 size 5m;
-    severity dynamic;
-    print-time yes;
-  };
-  channel xfer-in_file {
-    file "/var/log/named/xfer-in.log" versions 3 size 5m;
-    severity dynamic;
-    print-category yes;
-    print-time yes;
-    print-severity yes;
-  };
-  channel xfer-out_file {
-    file "/var/log/named/xfer-out.log" versions 3 size 5m;
-    severity dynamic;
-    print-category yes;
-    print-time yes;
-    print-severity yes;
-  };
-  channel notify_file {
-    file "/var/log/named/notify.log" versions 3 size 5m;
-    severity dynamic;
-    print-category yes;
-    print-time yes;
-    print-severity yes;
-  };
-  channel client_file {
-    file "/var/log/named/client.log" versions 3 size 5m;
-    severity dynamic;
-    print-category yes;
-    print-time yes;
-    print-severity yes;
-  };
-  channel unmatched_file {
-    file "/var/log/named/unmatched.log" versions 3 size 5m;
-    severity dynamic;
-    print-category yes;
-    print-time yes;
-    print-severity yes;
-  };
-  channel queries_file {
-    file "/var/log/named/queries.log" versions 3 size 5m;
-//    severity debug 3;
-    severity dynamic;
-    print-category yes;
-    print-time yes;
-    print-severity yes;
-  };
-  channel network_file {
-    file "/var/log/named/network.log" versions 3 size 5m;
-    severity dynamic;
-    print-category yes;
-    print-time yes;
-    print-severity yes;
-  };
-  channel update_file {
-    file "/var/log/named/update.log" versions 3 size 5m;
-    severity dynamic;
-    print-category yes;
-    print-time yes;
-    print-severity yes;
-  };
-  channel dispatch_file {
-    file "/var/log/named/dispatch.log" versions 3 size 5m;
-    severity dynamic;
-    print-category yes;
-    print-time yes;
-    print-severity yes;
-  };
-  channel dnssec_file {
-    file "/var/log/named/dnssec.log" versions 3 size 5m;
-    severity dynamic;
-    print-category yes;
-    print-time yes;
-    print-severity yes;
-  };
-  channel lame-servers_file {
-    file "/var/log/named/lame-servers.log" versions 3 size 5m;
-    severity dynamic;
-    print-category yes;
-    print-time yes;
-    print-severity yes;
-  };
-  category default { default_file; };
-  category general { general_file; };
-  category database { database_file; };
-  category security { security_file; };
-  category config { config_file; };
-  category resolver { resolver_file; };
-  category xfer-in { xfer-in_file; };
-  category xfer-out { xfer-out_file; };
-  category notify { notify_file; };
-  category client { client_file; };
-  category unmatched { unmatched_file; };
-  category queries { queries_file; };
-  category network { network_file; };
-  category update { update_file; };
-  category dispatch { dispatch_file; };
-  category dnssec { dnssec_file; };
-  category lame-servers { lame-servers_file; };
-};
-</file>
+  * **[[Ubuntu:Bind:Configure Bind9:Caching Nameserver|Caching Nameserver]]:**  BIND9 will find the answer to name queries and remember the answer when the domain is queried again.
+  * **[[Ubuntu:Bind:Configure Bind9:Primary Nameserver|Primary Nameserver]]:**  BIND9 reads the data for a zone from a file on its host and is authoritative for that zone.
+  * **[[Ubuntu:Bind:Configure Bind9:Secondary Nameserver|Secondary Nameserver]]:**  BIND9 gets the zone data from another nameserver that is authoritative for the zone.
 ----
-===== named.conf.options =====
+===== Configuration Files =====
-<file bash /etc/bind/named.conf.options>
+The DNS configuration files are stored in **/etc/bind**.
-acl "trusted" {
-.168.1.0/24;
-.168.50.0/24;
-.168.70.0/24;
-.16.0.0/16;
-     localhost;
-     localnets;
-};
-options {
-  directory "/var/cache/bind";
-  // version statement - inhibited for security
-  // (avoids hacking any known weaknesses)»·
-  version "ShareWiz DNS";
-  // If there is a firewall between you and nameservers you want
-  // to talk to, you may need to fix the firewall to allow multiple
-  // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
-  // If your ISP provided one or more IP addresses for stable·
-  // nameservers, you probably want to use them as forwarders.··
-  // Uncomment the following block, and insert the addresses replacing·
-  // the all-0's placeholder.
-  // forwarders {
-  //   0.0.0.0;
-  // };
-  forwarders {
-    // Sure Public DNS
-    //83.137.248.244;
-    //93.187.151.197;
-    // Google Public DNS
-    //8.8.8.8;
-    //8.8.4.4;
-    // OpenDNS
-.67.222.222;
-.67.220.220;
-  };
-  //========================================================================
-  // If named logs error messages about the root key being expired,
-  // you will need to update your keys.  See https://www.isc.org/named-keys
-  //========================================================================
-  #dnssec-validation auto;
-  dnssec-enable no;
-  dnssec-validation no;
-  auth-nxdomain no;    # conform to RFC1035
-  listen-on-v6 { any; };
-  allow-query { any; };
-  allow-transfer { trusted; };
-  #allow-recursion { trusted; };
-};
-</file>
-----
-===== named.conf.local =====
-<file bash /etc/bind/named.conf.local>
-//
-// Do any local configuration here.
-//
-acl slaves {
-//    195.234.42.0/24;    // XName
-//    193.218.105.144/28; // XName
-//    193.24.212.232/29;  // XName
-.227.123.29;  // 1&1  slv2.1and1.co.uk
-};
-// Any IPs added here will not have ads blocked.
-// For Virginia.
-acl allow_ads {
-//    192.168.1.64;
-.168.1.70;
-.168.1.75;
-.168.1.90;
-.168.1.96;
-};
-acl internals {
-.168.1.0/24;
-.168.50.0/24;
-.168.70.0/24;
-.16.0.0/16;
-    !allow_ads;
-.0.0.0/8;
-};
-view "allow_ads" {
-    match-clients { allow_ads; };
-    recursion yes;
-//    type forward;
-//    forwarders {
-//        8.8.8.8;
-//    };
-    include "/etc/bind/named.conf.default-zones";
-};
-view "internal" {
-    match-clients { internals; };
-    recursion yes;
-    zone "sharewiz.net" {
-        type master;
-        file "/etc/bind/internals/db.sharewiz.net";
-        allow-update { none; };
-    };
-    zone "drdizzy.com" {
-        type master;
-        file "/etc/bind/internals/db.drdizzy.com";
-        allow-update { none; };
-    };
-    zone "magicalentertainmentandsound.com" {
-        type master;
-        file "/etc/bind/internals/db.magicalentertainmentandsound.com";
-        allow-update { none; };
-    };
-    # Set zone for reverse
-    zone "1.168.192.in-addr.arpa" {
-        type master;
-        file "/etc/bind/internals/1.168.192.db";
-        allow-update { none; };
-    };
-    include "/etc/bind/ad-blacklist";
-    include "/etc/bind/named.conf.default-zones";
-};
-view "external" {
-    match-clients { any; };
-    allow-query { any; };·
-    recursion no;
-    zone "sharewiz.net" {
-        type master;
-        file "/etc/bind/externals/db.sharewiz.net";
-        allow-transfer { slaves; };
-        allow-update { none; };
-    };
-    zone "drdizzy.com" {
-        type master;
-        file "/etc/bind/externals/db.drdizzy.com";
-        allow-transfer { slaves; };
-        allow-update { none; };
-    };
-    zone "magicalentertainmentandsound.com" {
-        type master;
-        file "/etc/bind/externals/db.magicalentertainmentandsound.com";
-        allow-transfer { slaves; };
-        allow-update { none; };
-    };
-    # Set zone for reverse.
-    zone "35.134.42.5.in-addr.arpa" {
-        type master;
-        file "/etc/bind/externals/35.134.42.5.db";
-        allow-update { none; };
-    };
-};
-</file>
-----
-===== ad-blacklist =====
-<file bind ad-blacklist>
-// For more information about this list, see: https://pgl.yoyo.org/adservers/
-// ----
-// last updated:    Tue, 27 Feb 2018 18:17:25 GMT
-// entries:         2595
-// format:          bindconfig
-// credits:         Peter Lowe - pgl@yoyo.org - https://pgl.yoyo.org/
-// this URL:        http://pgl.yoyo.org/adservers/serverlist.php?hostformat=bindconfig&showintro=0&mimetype=plaintext
-// other formats:   https://pgl.yoyo.org/adservers/formats.php
-zone "101com.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
-zone "101order.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
-zone "123found.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
-zone "123freeavatars.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
-zone "180hits.de" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
-zone "180searchassistant.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
-zone "207.net" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
-zone "20a840a14a0ef7d6.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
-zone "247media.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
-zone "24log.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
-zone "24log.de" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
-zone "24pm-affiliation.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
-zone "2mdn.net" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
-zone "2o7.net" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
-zone "360yield.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
-zone "3lift.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
-zone "4affiliate.net" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
-zone "4d5.net" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
-zone "50websads.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
-zone "518ad.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
-zone "51yes.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
-zone "600z.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
-zone "777partner.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
-zone "77tracking.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
-zone "7bpeople.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
-zone "7f1au20glg.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
-...
-</file>
-----
-===== Internals - ad-null.zone =====
-<file bind /etc/bind/internals/ad-null.zone>
-; Ads get redirected to 127.0.0.1
-$TTL      86400
-@         IN      SOA     ads.sharewiz.net. root.sharewiz.net. (
-                       2017030601 ; Serial
-; Refresh
-; Retry
-; Expire
-; Negative Cache TTL
-);
-; define the name server
-          IN      NS      ns1.sharewiz.net.
-; define the hostnames
-@         IN      A       127.0.0.1
-*         IN      A       127.0.0.1
-</file>
-----
-===== Internals - 1.168.192.db =====
-<file bind /etc/bind/internals/1.168.192.db>
-; sharewiz.net
-$TTL    86400
-@       IN      SOA     ns1.sharewiz.net. root.sharewiz.net. (
-                     2020031901 ; Serial
-; Refresh
-; Retry
-                        2419200 ; Expire
-; Negative Cache TTL
-);
-; define the name server
-        IN      NS      ns1.sharewiz.net.·
-ns1     IN      A       5.42.134.35
-; define the range of this domain
-        IN      PTR     sharewiz.net.
-        IN      A       255.255.255.0
-; define the hostnames
-       IN      PTR     gateway.sharewiz.net.
-       IN      PTR     router.sharewiz.net.
-       IN      PTR     server1.sharewiz.net.
-       IN      PTR     mail.sharewiz.net.
-       IN      PTR     ftp.sharewiz.net.
-       IN      PTR     webmail.sharewiz.net.
-       IN      PTR     wiki.sharewiz.net.
-       IN      PTR     www.sharewiz.net.
-      IN      PTR     unifi.sharewiz.net.
-      IN      PTR     ap1.sharewiz.net.
-      IN      PTR     peter.sharewiz.net.
-      IN      PTR     virginia.sharewiz.net.
-      IN      PTR     felix.sharewiz.net.
-      IN      PTR     felix2.sharewiz.net.
-      IN      PTR     extender.sharewiz.net.
-     IN      PTR     printer.sharewiz.net.
-; define drdizzy.com
-        IN      PTR     drdizzy.com.
-        IN      PTR     www.drdizzy.com.
-; define magicalentertainmentandsound.com
-        IN      PTR     magicalentertainmentandsound.com.
-        IN      PTR     www.magicalentertainmentandsound.com.
-</file>
-----
-===== Internals - db.sharewiz.net =====
-<file bind /etc/bind/internals/db.sharewiz.net>
-; sharewiz.net
-$TTL      86400
-@         IN      SOA     ns1.sharewiz.net. root.sharewiz.net. (
-                       2020031901 ; Serial
-; Refresh
-; Retry
-                          2419200 ; Expire
-; Negative Cache TTL
-);
-; define the name server
-          IN      NS      ns1.sharewiz.net.
-; define the name server IP address
-          IN      A       192.168.1.2
-; define the mail exchanger
-          IN      MX      10 mail.sharewiz.net.
-mail      IN      A       192.168.1.2
-; define the hostnames
-gateway   IN      A       192.168.1.1
-router    IN      A       192.168.1.1
-ns1       IN      A       192.168.1.2
-ftp       IN      A       192.168.1.2
-server1   IN      A       192.168.1.2
-webmail   IN      A       192.168.1.2
-wiki      IN      A       192.168.1.2
-www       IN      A       192.168.1.2
-;www       CNAME   @
-*         IN      A       192.168.1.2
-@         IN      A       192.168.1.2
-nas       IN      A       192.168.1.5
-switch    IN      A       192.168.1.20
-shield    IN      A       192.168.1.64
-peter     IN      A       192.168.1.69
-virginia  IN      A       192.168.1.70
-felix     IN      A       192.168.1.80
-felix2    IN      A       192.168.1.90
-printer   IN      A       192.168.1.100
-extender  IN      A       192.168.1.250
-; define the SPF
-sharewiz.net.        IN      TXT     "v=spf1 a ip4:5.42.134.35 -all"
-;sharewiz.net.        IN      SPF     "v=spf1 a ip4:5.42.134.35 -all"
-; define the DMARC
-;_dmarc  IN      TXT     "v=DMARC1;p=none;rua=mailto:peter@sharewiz.net;ruf=mailto:peter@sharewiz.net"
-_dmarc.sharewiz.net. IN TXT "v=DMARC1; p=none; sp=none; rua=mailto:peter@sharewiz.net; ruf=mailto:peter@sharewiz.net; rf=afrf; pct=100; ri=86400"
-</file>
-----
-===== Externals - 35.134.42.5.db =====
-<file bind /etc/bind/externals/35.134.42.5.db>
-; sharewiz.net
-$TTL    86400
-@       IN      SOA     ns1.sharewiz.net. root.sharewiz.net. (
-                     2016101801 ; Serial
-; Refresh
-; Retry
-                        2419200 ; Expire
-; Negative Cache TTL
-);
-; define the name server
-;        IN      NS      ns1.server1.net.
-        IN      NS      ns1.sharewiz.net.
-ns1     IN      A       5.42.134.35
-;        IN      NS      ns1.drdizzy.com.
-; define the range of this domain
-        IN      PTR     sharewiz.net.
-;        IN      A       255.255.255.248
-; define the hostnames
-        IN      PTR     ns1.sharewiz.net.
-        IN      PTR     router.sharewiz.net.
-        IN      PTR     server1.sharewiz.net.
-        IN      PTR     mail.sharewiz.net.
-        IN      PTR     ftp.sharewiz.net.
-        IN      PTR     web.sharewiz.net.
-        IN      PTR     webmail.sharewiz.net.
-        IN      PTR     www.sharewiz.net.
-; define drdizzy.com
-        IN      PTR     drdizzy.com.
-        IN      PTR     www.drdizzy.com.
-; define magicalentertainmentandsound.com
-        IN      PTR     magicalentertainmentandsound.com.
-        IN      PTR     www.magicalentertainmentandsound.com.
-</file>
-----
-===== Externals - db.sharewiz.net =====
+The primary configuration file is **/etc/bind/named.conf**, which in the layout provided by the package just includes these files.
-<file bash /etc/bind/externals/db.sharewiz.net>
+  * **/etc/bind/named.conf.options:**  Global DNS options.
-; sharewiz.net
+  * **/etc/bind/named.conf.local:**  For your zones.
-$TTL    86400
+  * **/etc/bind/named.conf.default-zones:**  Default zones such as localhost, its reverse, and the root hints.
-@       IN      SOA     ns1.sharewiz.net. root.sharewiz.net. (
-                     2016101605 ; Serial
-; Refresh
-; Retry
-                        2419200 ; Expire
-; Negative Cache TTL
-);
-; define the name server
+<WRAP info>
-        IN      NS      ns1.sharewiz.net.
+**NOTE:**  The root nameservers used to be described in the file **/etc/bind/db.root**.
-;»IN»·NS»·slv2.1and1.co.uk.
-; define the name server IP address
+This is now provided instead by the **/usr/share/dns/root.hints** file shipped with the dns-root-data package, and is referenced in the **named.conf.default-zones** configuration file mentioned above.
-        IN      A       5.42.134.35
-; define the mail exchanger
+</WRAP>
-        IN      MX      10 mail.sharewiz.net.
-mail    IN      A       5.42.134.35
-; define the hostnames
+<WRAP info>
-ns1     IN      A       5.42.134.35
+**NOTE:**  BIND9 can be configured to be a caching name server, primary, and secondary at the same time: it all depends on the zones it is serving.
-ftp     IN      A       5.42.134.35
-router  IN      A       5.42.134.35
-server1 IN      A       5.42.134.35
-webmail IN      A       5.42.134.35
-www     IN      A       5.42.134.35
-;www     CNAME   @
-*»      IN»·    A»      5.42.134.35
-; define the SPF
+A server can be the **Start of Authority (SOA)** for one zone, while providing secondary service for another zone.
-sharewiz.net.»IN»·TXT»"v=spf1 a ip4:5.42.134.35 -all"
-;sharewiz.net.»·IN»·SPF»"v=spf1 a ip4:5.42.134.35 -all"
-; define the SenderID
+All the while providing caching services for hosts on the local LAN.
-;sharewiz.net. IN  TXT "spf2.0/pra a include:mail.sharewiz.net -all"
+</WRAP>
-; define the DMARC
-;_dmarc  IN»TXT»"v=DMARC1;p=none;rua=mailto:peter@sharewiz.net;ruf=mailto:peter@sharewiz.net"
-_dmarc.sharewiz.net. IN TXT "v=DMARC1; p=none; sp=none; rua=mailto:peter@sharewiz.net; ruf=mailto:peter@sharewiz.net; rf=afrf; pct=100; ri=86400"
-</file>