Differences

This shows you the differences between two versions of the page.

--- ubuntu:bind:setup_bind9 [2020/05/11 17:27] – peter
+++ ubuntu:bind:setup_bind9 [2020/11/28 11:07] (current) – [named.conf.options] peter
@@ Line 180: / Line 180: @@
 ----
+===== named.conf.options =====
 <file bash /etc/bind/named.conf.options>
@@ Line 193: / Line 195: @@
 options {
-»·directory "/var/cache/bind";
+  directory "/var/cache/bind";
-»·// version statement - inhibited for security
+  // version statement - inhibited for security
-  »·// (avoids hacking any known weaknesses)»·
+  // (avoids hacking any known weaknesses)·
-  »·version "ShareWiz DNS";
+  version "ShareWiz DNS";
-»·// If there is a firewall between you and nameservers you want
+  // If there is a firewall between you and nameservers you want
-»·// to talk to, you may need to fix the firewall to allow multiple
+  // to talk to, you may need to fix the firewall to allow multiple
-»·// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+  // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
-»·// If your ISP provided one or more IP addresses for stable·
+  // If your ISP provided one or more IP addresses for stable
-»·// nameservers, you probably want to use them as forwarders.··
+  // nameservers, you probably want to use them as forwarders.
-»·// Uncomment the following block, and insert the addresses replacing·
+  // Uncomment the following block, and insert the addresses replacing
-»·// the all-0's placeholder.
+  // the all-0's placeholder.
-»·// forwarders {
+  // forwarders {
-»·// »0.0.0.0;
+  //   0.0.0.0;
-»·// };
+  // };
-»·forwarders {
-                // Sure Public DNS
-                //83.137.248.244;
-                //93.187.151.197;
-                // Google Public DNS
+  forwarders {
-                //8.8.8.8;
+    // Sure Public DNS.
-                //8.8.4.4;
+    //83.137.248.244;
+    //93.187.151.197;
-                // OpenDNS
+    // Google Public DNS.
-.67.222.222;
+    //8.8.8.8;
-.67.220.220;
+    //8.8.4.4;
-»·};
+    // OpenDNS.
+    //208.67.222.222;
+    //208.67.220.220;
+    // Pi-Hole.
+.168.1.26;
+.168.1.25;
+  };
-»·//========================================================================
-»·// If named logs error messages about the root key being expired,
-»·// you will need to update your keys.  See https://www.isc.org/named-keys
-»·//========================================================================
-»·#dnssec-validation auto;
-»·dnssec-enable no;·
-»·dnssec-validation no;
-»·auth-nxdomain no;    # conform to RFC1035
+  //========================================================================
-»·listen-on-v6 { any; };
+  // If named logs error messages about the root key being expired,
+  // you will need to update your keys.  See https://www.isc.org/named-keys
+  //========================================================================
+  #dnssec-validation auto;
+  dnssec-enable no;
+  dnssec-validation no;
-»·allow-query { any; };
+  auth-nxdomain no;    # conform to RFC1035
- »allow-transfer { trusted; };
+  listen-on-v6 { any; };
- »#allow-recursion { trusted; };
+  allow-query { any; };
+  allow-transfer { trusted; };
+  #allow-recursion { trusted; };
 };
 </file>
 ----
+===== named.conf.local =====
 <file bash /etc/bind/named.conf.local>
 //
-// Do any local configuration here
+// Do any local configuration here.
 //
@@ Line 256: / Line 265: @@
 //    193.24.212.232/29;  // XName
 .227.123.29;  // 1&1  slv2.1and1.co.uk
+};
+// Any IPs added here will not have ads blocked.
+// For Virginia.
+acl allow_ads {
+//    192.168.1.64;
+.168.1.70;
+.168.1.75;
+.168.1.90;
+.168.1.96;
 };
 acl internals {
 .168.1.0/24;
+.168.50.0/24;
+.168.70.0/24;
+.16.0.0/16;
+    !allow_ads;
 .0.0.0/8;
+};
+view "allow_ads" {
+    match-clients { allow_ads; };
+    recursion yes;
+//    type forward;
+//    forwarders {
+//        8.8.8.8;
+//    };
+    include "/etc/bind/named.conf.default-zones";
 };
@@ Line 273: / Line 308: @@
     };
-//    zone "drdizzy.com" {
+    zone "drdizzy.com" {
-//        type master;
+        type master;
-//        file "/etc/bind/internals/db.drdizzy.com";
+        file "/etc/bind/internals/db.drdizzy.com";
-//        allow-update { none; };
+        allow-update { none; };
-//    };
+    };
+    zone "magicalentertainmentandsound.com" {
+        type master;
+        file "/etc/bind/internals/db.magicalentertainmentandsound.com";
+        allow-update { none; };
+    };
     # Set zone for reverse
@@ Line 286: / Line 327: @@
     };
+    include "/etc/bind/ad-blacklist";
     include "/etc/bind/named.conf.default-zones";
 };
@@ Line 291: / Line 333: @@
 view "external" {
     match-clients { any; };
-    allow-query { any; };
+    allow-query { any; };·
     recursion no;
     zone "sharewiz.net" {
         type master;
@@ Line 300: / Line 343: @@
     };
-//    zone "drdizzy.com" {
+    zone "drdizzy.com" {
-//        type master;
+        type master;
-//        file "/etc/bind/externals/db.drdizzy.com";
+        file "/etc/bind/externals/db.drdizzy.com";
-//        allow-transfer { slaves; };
+        allow-transfer { slaves; };
-//        allow-update { none; };
+        allow-update { none; };
-//    };
+    };
+    zone "magicalentertainmentandsound.com" {
+        type master;
+        file "/etc/bind/externals/db.magicalentertainmentandsound.com";
+        allow-transfer { slaves; };
+        allow-update { none; };
+    };
     # Set zone for reverse.
@@ Line 317: / Line 367: @@
 ----
+===== ad-blacklist =====
+<file bind ad-blacklist>
+// For more information about this list, see: https://pgl.yoyo.org/adservers/
+// ----
+// last updated:    Tue, 27 Feb 2018 18:17:25 GMT
+// entries:         2595
+// format:          bindconfig
+// credits:         Peter Lowe - pgl@yoyo.org - https://pgl.yoyo.org/
+// this URL:        http://pgl.yoyo.org/adservers/serverlist.php?hostformat=bindconfig&showintro=0&mimetype=plaintext
+// other formats:   https://pgl.yoyo.org/adservers/formats.php
+zone "101com.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
+zone "101order.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
+zone "123found.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
+zone "123freeavatars.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
+zone "180hits.de" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
+zone "180searchassistant.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
+zone "207.net" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
+zone "20a840a14a0ef7d6.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
+zone "247media.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
+zone "24log.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
+zone "24log.de" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
+zone "24pm-affiliation.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
+zone "2mdn.net" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
+zone "2o7.net" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
+zone "360yield.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
+zone "3lift.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
+zone "4affiliate.net" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
+zone "4d5.net" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
+zone "50websads.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
+zone "518ad.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
+zone "51yes.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
+zone "600z.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
+zone "777partner.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
+zone "77tracking.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
+zone "7bpeople.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
+zone "7f1au20glg.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
+...
+</file>
+----
+===== Internals - ad-null.zone =====
+<file bind /etc/bind/internals/ad-null.zone>
+; Ads get redirected to 127.0.0.1
+$TTL      86400
+@         IN      SOA     ads.sharewiz.net. root.sharewiz.net. (
+                       2017030601 ; Serial
+; Refresh
+; Retry
+; Expire
+; Negative Cache TTL
+);
+; define the name server
+          IN      NS      ns1.sharewiz.net.
+; define the hostnames
+@         IN      A       127.0.0.1
+*         IN      A       127.0.0.1
+</file>
+----
+===== Internals - 1.168.192.db =====
+<file bind /etc/bind/internals/1.168.192.db>
+; sharewiz.net
+$TTL    86400
+@       IN      SOA     ns1.sharewiz.net. root.sharewiz.net. (
+                     2020031901 ; Serial
+; Refresh
+; Retry
+                        2419200 ; Expire
+; Negative Cache TTL
+);
+; define the name server
+        IN      NS      ns1.sharewiz.net.·
+ns1     IN      A       5.42.134.35
+; define the range of this domain
+        IN      PTR     sharewiz.net.
+        IN      A       255.255.255.0
+; define the hostnames
+       IN      PTR     gateway.sharewiz.net.
+       IN      PTR     router.sharewiz.net.
+       IN      PTR     server1.sharewiz.net.
+       IN      PTR     mail.sharewiz.net.
+       IN      PTR     ftp.sharewiz.net.
+       IN      PTR     webmail.sharewiz.net.
+       IN      PTR     wiki.sharewiz.net.
+       IN      PTR     www.sharewiz.net.
+      IN      PTR     unifi.sharewiz.net.
+      IN      PTR     ap1.sharewiz.net.
+      IN      PTR     peter.sharewiz.net.
+      IN      PTR     virginia.sharewiz.net.
+      IN      PTR     felix.sharewiz.net.
+      IN      PTR     felix2.sharewiz.net.
+      IN      PTR     extender.sharewiz.net.
+     IN      PTR     printer.sharewiz.net.
+; define drdizzy.com
+        IN      PTR     drdizzy.com.
+        IN      PTR     www.drdizzy.com.
+; define magicalentertainmentandsound.com
+        IN      PTR     magicalentertainmentandsound.com.
+        IN      PTR     www.magicalentertainmentandsound.com.
+</file>
+----
+===== Internals - db.sharewiz.net =====
+<file bind /etc/bind/internals/db.sharewiz.net>
+; sharewiz.net
+$TTL      86400
+@         IN      SOA     ns1.sharewiz.net. root.sharewiz.net. (
+                       2020031901 ; Serial
+; Refresh
+; Retry
+                          2419200 ; Expire
+; Negative Cache TTL
+);
+; define the name server
+          IN      NS      ns1.sharewiz.net.
+; define the name server IP address
+          IN      A       192.168.1.2
+; define the mail exchanger
+          IN      MX      10 mail.sharewiz.net.
+mail      IN      A       192.168.1.2
+; define the hostnames
+gateway   IN      A       192.168.1.1
+router    IN      A       192.168.1.1
+ns1       IN      A       192.168.1.2
+ftp       IN      A       192.168.1.2
+server1   IN      A       192.168.1.2
+webmail   IN      A       192.168.1.2
+wiki      IN      A       192.168.1.2
+www       IN      A       192.168.1.2
+;www       CNAME   @
+*         IN      A       192.168.1.2
+@         IN      A       192.168.1.2
+nas       IN      A       192.168.1.5
+switch    IN      A       192.168.1.20
+shield    IN      A       192.168.1.64
+peter     IN      A       192.168.1.69
+virginia  IN      A       192.168.1.70
+felix     IN      A       192.168.1.80
+felix2    IN      A       192.168.1.90
+printer   IN      A       192.168.1.100
+extender  IN      A       192.168.1.250
+; define the SPF
+sharewiz.net.        IN      TXT     "v=spf1 a ip4:5.42.134.35 -all"
+;sharewiz.net.        IN      SPF     "v=spf1 a ip4:5.42.134.35 -all"
+; define the DMARC
+;_dmarc  IN      TXT     "v=DMARC1;p=none;rua=mailto:peter@sharewiz.net;ruf=mailto:peter@sharewiz.net"
+_dmarc.sharewiz.net. IN TXT "v=DMARC1; p=none; sp=none; rua=mailto:peter@sharewiz.net; ruf=mailto:peter@sharewiz.net; rf=afrf; pct=100; ri=86400"
+</file>
+----
+===== Externals - 35.134.42.5.db =====
 <file bind /etc/bind/externals/35.134.42.5.db>
@@ Line 322: / Line 547: @@
 $TTL    86400
 @       IN      SOA     ns1.sharewiz.net. root.sharewiz.net. (
-                     2016061001 ; Serial
+                     2016101801 ; Serial
 ; Refresh
 ; Retry
@@ Line 333: / Line 558: @@
 ;        IN      NS      ns1.server1.net.
         IN      NS      ns1.sharewiz.net.
+ns1     IN      A       5.42.134.35
 ;        IN      NS      ns1.drdizzy.com.
@@ Line 341: / Line 567: @@
 ; define the hostnames
         IN      PTR     ns1.sharewiz.net.
+        IN      PTR     router.sharewiz.net.
         IN      PTR     server1.sharewiz.net.
         IN      PTR     mail.sharewiz.net.
@@ Line 347: / Line 574: @@
         IN      PTR     webmail.sharewiz.net.
         IN      PTR     www.sharewiz.net.
+; define drdizzy.com
+        IN      PTR     drdizzy.com.
+        IN      PTR     www.drdizzy.com.
+; define magicalentertainmentandsound.com
+        IN      PTR     magicalentertainmentandsound.com.
+        IN      PTR     www.magicalentertainmentandsound.com.
 </file>
 ----
+===== Externals - db.sharewiz.net =====
 <file bash /etc/bind/externals/db.sharewiz.net>
@@ Line 355: / Line 592: @@
 $TTL    86400
 @       IN      SOA     ns1.sharewiz.net. root.sharewiz.net. (
-                     2016061001 ; Serial
+                     2016101605 ; Serial
 ; Refresh
 ; Retry
@@ Line 364: / Line 601: @@
 ; define the name server
         IN      NS      ns1.sharewiz.net.
-; IN  NS  slv2.1and1.co.uk.
+;»IN»·NS»·slv2.1and1.co.uk.
 ; define the name server IP address
@@ Line 376: / Line 613: @@
 ns1     IN      A       5.42.134.35
 ftp     IN      A       5.42.134.35
+router  IN      A       5.42.134.35
 server1 IN      A       5.42.134.35
 webmail IN      A       5.42.134.35
 www     IN      A       5.42.134.35
-*       IN      A       5.42.134.35
+;www     CNAME   @
+*»      IN»·    A»      5.42.134.35
 ; define the SPF
-sharewiz.net. IN  TXT "v=spf1 a ip4:5.42.134.35 -all"
+sharewiz.net.»IN»·TXT»"v=spf1 a ip4:5.42.134.35 -all"
-;sharewiz.net.  IN  SPF "v=spf1 a ip4:5.42.134.35 -all"
+;sharewiz.net.»·IN»·SPF»"v=spf1 a ip4:5.42.134.35 -all"
 ; define the SenderID
 ;sharewiz.net. IN  TXT "spf2.0/pra a include:mail.sharewiz.net -all"
+; define the DMARC
+;_dmarc  IN»TXT»"v=DMARC1;p=none;rua=mailto:peter@sharewiz.net;ruf=mailto:peter@sharewiz.net"
+_dmarc.sharewiz.net. IN TXT "v=DMARC1; p=none; sp=none; rua=mailto:peter@sharewiz.net; ruf=mailto:peter@sharewiz.net; rf=afrf; pct=100; ri=86400"
 </file>