Wiki

User Tools

Site Tools

Trace:
ubuntu:bind:setup_bind9

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
ubuntu:bind:setup_bind9 [2019/11/26 21:16] – created peterubuntu:bind:setup_bind9 [2020/11/28 11:07] (current) – [named.conf.options] peter
Line 1: Line 1:
 ====== Ubuntu - Bind - Setup Bind9 ====== ====== Ubuntu - Bind - Setup Bind9 ======
 +
 +===== named.conf =====
  
 <file bash /etc/bind/named.conf> <file bash /etc/bind/named.conf>
 // This is the primary configuration file for the BIND DNS server named. // This is the primary configuration file for the BIND DNS server named.
 // //
-// Please read /usr/share/doc/bind9/README.Debian.gz for information on the  +// Please read /usr/share/doc/bind9/README.Debian.gz for information on the· 
-// structure of BIND configuration files in Debian, *BEFORE* you customize +// structure of BIND configuration files in Debian, *BEFORE* you customize·
 // this configuration file. // this configuration file.
 // //
 // If you are just adding zones, please do that in /etc/bind/named.conf.local // If you are just adding zones, please do that in /etc/bind/named.conf.local
  
 +include "/etc/bind/named.conf.logging";
 include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.options";
 include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.local";
-#include "/etc/bind/named.conf.default-zones";+// include "/etc/bind/named.conf.default-zones";
 </file> </file>
  
 ---- ----
 +
 +===== named.conf.logging =====
 +
 +<file bash /etc/bind/named.conf.logging>
 +//logging {
 +//  channel querylog{
 +//    file "/var/log/named/querylog";
 +//    severity debug 3;
 +//    print-category yes;
 +//    print-time yes;
 +//    print-severity yes;
 +//  };
 +//  category queries { querylog;};
 +//};
 +
 +
 +
 +logging {
 +  channel default_file {
 +    file "/var/log/named/default.log" versions 3 size 5m;
 +    severity dynamic;
 +//    severity debug 3;
 +    print-category yes;
 +    print-time yes;
 +    print-severity yes;
 +  };
 +  channel general_file {
 +    file "/var/log/named/general.log" versions 3 size 5m;
 +    severity dynamic;
 +//    severity debug 3;
 +    print-category yes;
 +    print-time yes;
 +    print-severity yes;
 +  };
 +  channel database_file {
 +    file "/var/log/named/database.log" versions 3 size 5m;
 +    severity dynamic;
 +    print-category yes;
 +    print-time yes;
 +    print-severity yes;
 +  };
 +  channel security_file {
 +    file "/var/log/named/security.log" versions 3 size 5m;
 +    severity dynamic;
 +    print-category yes;
 +    print-time yes;
 +    print-severity yes;
 +  };
 +  channel config_file {
 +    file "/var/log/named/config.log" versions 3 size 5m;
 +    severity dynamic;
 +    print-category yes;
 +    print-time yes;
 +    print-severity yes;
 +  };
 +  channel resolver_file {
 +    file "/var/log/named/resolver.log" versions 3 size 5m;
 +    severity dynamic;
 +    print-time yes;
 +  };
 +  channel xfer-in_file {
 +    file "/var/log/named/xfer-in.log" versions 3 size 5m;
 +    severity dynamic;
 +    print-category yes;
 +    print-time yes;
 +    print-severity yes;
 +  };
 +  channel xfer-out_file {
 +    file "/var/log/named/xfer-out.log" versions 3 size 5m;
 +    severity dynamic;
 +    print-category yes;
 +    print-time yes;
 +    print-severity yes;
 +  };
 +  channel notify_file {
 +    file "/var/log/named/notify.log" versions 3 size 5m;
 +    severity dynamic;
 +    print-category yes;
 +    print-time yes;
 +    print-severity yes;
 +  };
 +  channel client_file {
 +    file "/var/log/named/client.log" versions 3 size 5m;
 +    severity dynamic;
 +    print-category yes;
 +    print-time yes;
 +    print-severity yes;
 +  };
 +  channel unmatched_file {
 +    file "/var/log/named/unmatched.log" versions 3 size 5m;
 +    severity dynamic;
 +    print-category yes;
 +    print-time yes;
 +    print-severity yes;
 +  };
 +  channel queries_file {
 +    file "/var/log/named/queries.log" versions 3 size 5m;
 +//    severity debug 3;
 +    severity dynamic;
 +    print-category yes;
 +    print-time yes;
 +    print-severity yes;
 +  };
 +  channel network_file {
 +    file "/var/log/named/network.log" versions 3 size 5m;
 +    severity dynamic;
 +    print-category yes;
 +    print-time yes;
 +    print-severity yes;
 +  };
 +  channel update_file {
 +    file "/var/log/named/update.log" versions 3 size 5m;
 +    severity dynamic;
 +    print-category yes;
 +    print-time yes;
 +    print-severity yes;
 +  };
 +  channel dispatch_file {
 +    file "/var/log/named/dispatch.log" versions 3 size 5m;
 +    severity dynamic;
 +    print-category yes;
 +    print-time yes;
 +    print-severity yes;
 +  };
 +  channel dnssec_file {
 +    file "/var/log/named/dnssec.log" versions 3 size 5m;
 +    severity dynamic;
 +    print-category yes;
 +    print-time yes;
 +    print-severity yes;
 +  };
 +  channel lame-servers_file {
 +    file "/var/log/named/lame-servers.log" versions 3 size 5m;
 +    severity dynamic;
 +    print-category yes;
 +    print-time yes;
 +    print-severity yes;
 +  };
 +
 +  category default { default_file; };
 +  category general { general_file; };
 +  category database { database_file; };
 +  category security { security_file; };
 +  category config { config_file; };
 +  category resolver { resolver_file; };
 +  category xfer-in { xfer-in_file; };
 +  category xfer-out { xfer-out_file; };
 +  category notify { notify_file; };
 +  category client { client_file; };
 +  category unmatched { unmatched_file; };
 +  category queries { queries_file; };
 +  category network { network_file; };
 +  category update { update_file; };
 +  category dispatch { dispatch_file; };
 +  category dnssec { dnssec_file; };
 +  category lame-servers { lame-servers_file; };
 +};
 +</file>
 +
 +
 +----
 +
 +===== named.conf.options =====
  
 <file bash /etc/bind/named.conf.options> <file bash /etc/bind/named.conf.options>
 acl "trusted" { acl "trusted" {
      192.168.1.0/24;      192.168.1.0/24;
 +     192.168.50.0/24;
 +     192.168.70.0/24;
 +     172.16.0.0/16;
      localhost;      localhost;
      localnets;      localnets;
Line 29: Line 198:
  
   // version statement - inhibited for security   // version statement - inhibited for security
-    // (avoids hacking any known weaknesses) +  // (avoids hacking any known weaknesses)· 
-    version "ShareWiz DNS";+  version "ShareWiz DNS";
  
   // If there is a firewall between you and nameservers you want   // If there is a firewall between you and nameservers you want
Line 42: Line 211:
  
   // forwarders {   // forwarders {
-  //  0.0.0.0;+  //   0.0.0.0;
   // };   // };
 +
   forwarders {   forwarders {
-                // Sure Public DNS +    // Sure Public DNS. 
-                83.137.248.244; +    //83.137.248.244; 
-                93.187.151.197;+    //93.187.151.197;
  
-                // Google Public DNS +    // Google Public DNS. 
-                //8.8.8.8; +    //8.8.8.8; 
-                //8.8.4.4;+    //8.8.4.4;
  
-                // OpenDNS +    // OpenDNS. 
-                //208.67.222.222; +    //208.67.222.222; 
-                //208.67.220.220;+    //208.67.220.220
 +     
 +    // Pi-Hole. 
 +    192.168.1.26; 
 +    192.168.1.25;
   };   };
  
  
   //========================================================================   //========================================================================
-  // If BIND logs error messages about the root key being expired, +  // If named logs error messages about the root key being expired, 
-  // you will need to update your keys.  See https://www.isc.org/bind-keys+  // you will need to update your keys.  See https://www.isc.org/named-keys
   //========================================================================   //========================================================================
   #dnssec-validation auto;   #dnssec-validation auto;
Line 72: Line 246:
   allow-query { any; };   allow-query { any; };
   allow-transfer { trusted; };   allow-transfer { trusted; };
-  allow-recursion { trusted; }; +  #allow-recursion { trusted; }; 
-};           +};
 </file> </file>
  
 ---- ----
 +
 +===== named.conf.local =====
  
 <file bash /etc/bind/named.conf.local> <file bash /etc/bind/named.conf.local>
 // //
-// Do any local configuration here+// Do any local configuration here.
 // //
  
Line 89: Line 265:
 //    193.24.212.232/29;  // XName //    193.24.212.232/29;  // XName
     212.227.123.29;  // 1& slv2.1and1.co.uk     212.227.123.29;  // 1& slv2.1and1.co.uk
 +};
 +
 +// Any IPs added here will not have ads blocked.
 +// For Virginia.
 +acl allow_ads {
 +//    192.168.1.64;
 +    192.168.1.70;
 +    192.168.1.75;
 +    192.168.1.90;
 +    192.168.1.96;
 }; };
  
 acl internals { acl internals {
     192.168.1.0/24;     192.168.1.0/24;
 +    192.168.50.0/24;
 +    192.168.70.0/24;
 +    172.16.0.0/16;
 +    !allow_ads;
     127.0.0.0/8;     127.0.0.0/8;
 +};
 +
 +view "allow_ads" {
 +    match-clients { allow_ads; };
 +    recursion yes;
 +
 +//    type forward;
 +//    forwarders {
 +//        8.8.8.8;
 +//    };
 +
 +    include "/etc/bind/named.conf.default-zones";
 }; };
  
Line 106: Line 308:
     };     };
  
-//    zone "drdizzy.com"+    zone "drdizzy.com"
-//        type master; +        type master; 
-//        file "/etc/bind/internals/db.drdizzy.com"; +        file "/etc/bind/internals/db.drdizzy.com"; 
-//        allow-update { none; }; +        allow-update { none; }; 
-//    };+    }; 
 + 
 +    zone "magicalentertainmentandsound.com"
 +        type master; 
 +        file "/etc/bind/internals/db.magicalentertainmentandsound.com"; 
 +        allow-update { none; }; 
 +    };
  
     # Set zone for reverse     # Set zone for reverse
Line 119: Line 327:
     };     };
  
 +    include "/etc/bind/ad-blacklist";
     include "/etc/bind/named.conf.default-zones";     include "/etc/bind/named.conf.default-zones";
 }; };
Line 124: Line 333:
 view "external" { view "external" {
     match-clients { any; };     match-clients { any; };
-    allow-query { any; };+    allow-query { any; };·
     recursion no;     recursion no;
 +
     zone "sharewiz.net" {     zone "sharewiz.net" {
         type master;         type master;
Line 133: Line 343:
     };     };
  
-//    zone "drdizzy.com"+    zone "drdizzy.com"
-//        type master; +        type master; 
-//        file "/etc/bind/externals/db.drdizzy.com"; +        file "/etc/bind/externals/db.drdizzy.com"; 
-//        allow-transfer { slaves; }; +        allow-transfer { slaves; }; 
-//        allow-update { none; }; +        allow-update { none; }; 
-//    };+    }; 
 + 
 +    zone "magicalentertainmentandsound.com"
 +        type master; 
 +        file "/etc/bind/externals/db.magicalentertainmentandsound.com"; 
 +        allow-transfer { slaves; }; 
 +        allow-update { none; }; 
 +    };
  
     # Set zone for reverse.     # Set zone for reverse.
Line 150: Line 367:
  
 ---- ----
 +
 +===== ad-blacklist =====
 +
 +<file bind ad-blacklist>
 +// For more information about this list, see: https://pgl.yoyo.org/adservers/
 +// ----
 +// last updated:    Tue, 27 Feb 2018 18:17:25 GMT
 +// entries:         2595
 +// format:          bindconfig
 +// credits:         Peter Lowe - pgl@yoyo.org - https://pgl.yoyo.org/
 +// this URL:        http://pgl.yoyo.org/adservers/serverlist.php?hostformat=bindconfig&showintro=0&mimetype=plaintext
 +// other formats:   https://pgl.yoyo.org/adservers/formats.php
 +
 +zone "101com.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "101order.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "123found.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "123freeavatars.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "180hits.de" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "180searchassistant.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "207.net" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "20a840a14a0ef7d6.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "247media.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "24log.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "24log.de" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "24pm-affiliation.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "2mdn.net" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "2o7.net" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "360yield.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "3lift.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "4affiliate.net" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "4d5.net" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "50websads.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "518ad.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "51yes.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "600z.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "777partner.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "77tracking.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "7bpeople.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "7f1au20glg.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +...
 +</file>
 +
 +----
 +
 +===== Internals - ad-null.zone =====
 +
 +<file bind /etc/bind/internals/ad-null.zone>
 +; Ads get redirected to 127.0.0.1
 +  
 +$TTL      86400
 +@         IN      SOA     ads.sharewiz.net. root.sharewiz.net. (
 +                       2017030601 ; Serial
 +                            86400 ; Refresh
 +                              300 ; Retry
 +                           604800 ; Expire
 +                             3600 ; Negative Cache TTL
 +);
 +
 +; define the name server
 +          IN      NS      ns1.sharewiz.net.
 +; define the hostnames
 +@         IN      A       127.0.0.1
 +*         IN      A       127.0.0.1
 +</file>
 +
 +----
 +
 +===== Internals - 1.168.192.db =====
 +
 +<file bind /etc/bind/internals/1.168.192.db>
 +; sharewiz.net
 +$TTL    86400
 +@       IN      SOA     ns1.sharewiz.net. root.sharewiz.net. (
 +                     2020031901 ; Serial
 +                           3600 ; Refresh
 +                           1800 ; Retry
 +                        2419200 ; Expire
 +                          86400 ; Negative Cache TTL
 +);
 +
 +; define the name server
 +        IN      NS      ns1.sharewiz.net.·
 +ns1     IN      A       5.42.134.35
 +
 +; define the range of this domain
 +        IN      PTR     sharewiz.net.
 +        IN      A       255.255.255.0
 +
 +; define the hostnames
 +1       IN      PTR     gateway.sharewiz.net.
 +1       IN      PTR     router.sharewiz.net.
 +2       IN      PTR     server1.sharewiz.net.
 +2       IN      PTR     mail.sharewiz.net.
 +2       IN      PTR     ftp.sharewiz.net.
 +2       IN      PTR     webmail.sharewiz.net.
 +2       IN      PTR     wiki.sharewiz.net.
 +2       IN      PTR     www.sharewiz.net.
 +10      IN      PTR     unifi.sharewiz.net.
 +15      IN      PTR     ap1.sharewiz.net.
 +69      IN      PTR     peter.sharewiz.net.
 +70      IN      PTR     virginia.sharewiz.net.
 +80      IN      PTR     felix.sharewiz.net.
 +90      IN      PTR     felix2.sharewiz.net.
 +99      IN      PTR     extender.sharewiz.net.
 +100     IN      PTR     printer.sharewiz.net.
 +
 +; define drdizzy.com
 +        IN      PTR     drdizzy.com.
 +        IN      PTR     www.drdizzy.com.
 +
 +; define magicalentertainmentandsound.com
 +        IN      PTR     magicalentertainmentandsound.com.
 +        IN      PTR     www.magicalentertainmentandsound.com.
 +</file>
 +
 +
 +----
 +
 +===== Internals - db.sharewiz.net =====
 +
 +<file bind /etc/bind/internals/db.sharewiz.net>
 +; sharewiz.net
 +$TTL      86400
 +@         IN      SOA     ns1.sharewiz.net. root.sharewiz.net. (
 +                       2020031901 ; Serial
 +                             3600 ; Refresh
 +                             1800 ; Retry
 +                          2419200 ; Expire
 +                            86400 ; Negative Cache TTL
 +);
 +
 +; define the name server
 +          IN      NS      ns1.sharewiz.net.
 +
 +; define the name server IP address
 +          IN      A       192.168.1.2
 +
 +; define the mail exchanger
 +          IN      MX      10 mail.sharewiz.net.
 +mail      IN      A       192.168.1.2
 +
 +; define the hostnames
 +gateway   IN      A       192.168.1.1
 +router    IN      A       192.168.1.1
 +ns1       IN      A       192.168.1.2
 +ftp       IN      A       192.168.1.2
 +server1   IN      A       192.168.1.2
 +webmail   IN      A       192.168.1.2
 +wiki      IN      A       192.168.1.2
 +www       IN      A       192.168.1.2
 +;www       CNAME   @
 +*         IN      A       192.168.1.2
 +@         IN      A       192.168.1.2
 +nas       IN      A       192.168.1.5
 +switch    IN      A       192.168.1.20
 +shield    IN      A       192.168.1.64
 +peter     IN      A       192.168.1.69
 +virginia  IN      A       192.168.1.70
 +felix     IN      A       192.168.1.80
 +felix2    IN      A       192.168.1.90
 +printer   IN      A       192.168.1.100
 +extender  IN      A       192.168.1.250
 +
 +; define the SPF
 +sharewiz.net.        IN      TXT     "v=spf1 a ip4:5.42.134.35 -all"
 +;sharewiz.net.        IN      SPF     "v=spf1 a ip4:5.42.134.35 -all"
 +
 +; define the DMARC
 +;_dmarc  IN      TXT     "v=DMARC1;p=none;rua=mailto:peter@sharewiz.net;ruf=mailto:peter@sharewiz.net"
 +_dmarc.sharewiz.net. IN TXT "v=DMARC1; p=none; sp=none; rua=mailto:peter@sharewiz.net; ruf=mailto:peter@sharewiz.net; rf=afrf; pct=100; ri=86400"
 +</file>
 +
 +----
 +
 +===== Externals - 35.134.42.5.db =====
  
 <file bind /etc/bind/externals/35.134.42.5.db> <file bind /etc/bind/externals/35.134.42.5.db>
Line 155: Line 547:
 $TTL    86400 $TTL    86400
 @       IN      SOA     ns1.sharewiz.net. root.sharewiz.net. ( @       IN      SOA     ns1.sharewiz.net. root.sharewiz.net. (
-                     2016061001 ; Serial+                     2016101801 ; Serial
                            3600 ; Refresh                            3600 ; Refresh
                            1800 ; Retry                            1800 ; Retry
Line 166: Line 558:
 ;        IN      NS      ns1.server1.net. ;        IN      NS      ns1.server1.net.
         IN      NS      ns1.sharewiz.net.         IN      NS      ns1.sharewiz.net.
 +ns1     IN      A       5.42.134.35
 ;        IN      NS      ns1.drdizzy.com. ;        IN      NS      ns1.drdizzy.com.
  
Line 174: Line 567:
 ; define the hostnames ; define the hostnames
         IN      PTR     ns1.sharewiz.net.         IN      PTR     ns1.sharewiz.net.
 +        IN      PTR     router.sharewiz.net.
         IN      PTR     server1.sharewiz.net.         IN      PTR     server1.sharewiz.net.
         IN      PTR     mail.sharewiz.net.         IN      PTR     mail.sharewiz.net.
Line 180: Line 574:
         IN      PTR     webmail.sharewiz.net.         IN      PTR     webmail.sharewiz.net.
         IN      PTR     www.sharewiz.net.         IN      PTR     www.sharewiz.net.
 +
 +; define drdizzy.com
 +        IN      PTR     drdizzy.com.
 +        IN      PTR     www.drdizzy.com.
 +
 +; define magicalentertainmentandsound.com
 +        IN      PTR     magicalentertainmentandsound.com.
 +        IN      PTR     www.magicalentertainmentandsound.com.
 </file> </file>
  
 ---- ----
 +
 +===== Externals - db.sharewiz.net =====
  
 <file bash /etc/bind/externals/db.sharewiz.net> <file bash /etc/bind/externals/db.sharewiz.net>
Line 188: Line 592:
 $TTL    86400 $TTL    86400
 @       IN      SOA     ns1.sharewiz.net. root.sharewiz.net. ( @       IN      SOA     ns1.sharewiz.net. root.sharewiz.net. (
-                     2016061001 ; Serial+                     2016101605 ; Serial
                            3600 ; Refresh                            3600 ; Refresh
                            1800 ; Retry                            1800 ; Retry
Line 197: Line 601:
 ; define the name server ; define the name server
         IN      NS      ns1.sharewiz.net.         IN      NS      ns1.sharewiz.net.
-IN  NS  slv2.1and1.co.uk.+;»IN»·NS»·slv2.1and1.co.uk.
  
 ; define the name server IP address ; define the name server IP address
Line 209: Line 613:
 ns1     IN      A       5.42.134.35 ns1     IN      A       5.42.134.35
 ftp     IN      A       5.42.134.35 ftp     IN      A       5.42.134.35
 +router  IN      A       5.42.134.35
 server1 IN      A       5.42.134.35 server1 IN      A       5.42.134.35
 webmail IN      A       5.42.134.35 webmail IN      A       5.42.134.35
 www     IN      A       5.42.134.35 www     IN      A       5.42.134.35
-      IN      A       5.42.134.35+;www     CNAME   @ 
 +*»      IN»·    A»      5.42.134.35
  
 ; define the SPF ; define the SPF
-sharewiz.net. IN  TXT "v=spf1 a ip4:5.42.134.35 -all" +sharewiz.net.»IN»·TXT»"v=spf1 a ip4:5.42.134.35 -all" 
-;sharewiz.net.  IN  SPF "v=spf1 a ip4:5.42.134.35 -all"+;sharewiz.net.»·IN»·SPF»"v=spf1 a ip4:5.42.134.35 -all"
  
 ; define the SenderID ; define the SenderID
 ;sharewiz.net. IN  TXT "spf2.0/pra a include:mail.sharewiz.net -all" ;sharewiz.net. IN  TXT "spf2.0/pra a include:mail.sharewiz.net -all"
 +
 +; define the DMARC
 +;_dmarc  IN»TXT»"v=DMARC1;p=none;rua=mailto:peter@sharewiz.net;ruf=mailto:peter@sharewiz.net"
 +_dmarc.sharewiz.net. IN TXT "v=DMARC1; p=none; sp=none; rua=mailto:peter@sharewiz.net; ruf=mailto:peter@sharewiz.net; rf=afrf; pct=100; ri=86400"
 </file> </file>
  
ubuntu/bind/setup_bind9.1574802965.txt.gz · Last modified: 2020/07/15 09:30 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki