Wiki

User Tools

Site Tools

Trace: ports introduction blank_a_cd-rw scripts windows setup_bind9
ubuntu:bind:setup_bind9

This is an old revision of the document!

Table of Contents

Ubuntu - Bind - Setup Bind9

named.conf

/etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the·
// structure of BIND configuration files in Debian, *BEFORE* you customize·
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
 
include "/etc/bind/named.conf.logging";
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
// include "/etc/bind/named.conf.default-zones";

named.conf.logging

/etc/bind/named.conf.logging
//logging {
//  channel querylog{
//    file "/var/log/named/querylog";
//    severity debug 3;
//    print-category yes;
//    print-time yes;
//    print-severity yes;
//  };
//  category queries { querylog;};
//};
 
 
 
logging {
  channel default_file {
    file "/var/log/named/default.log" versions 3 size 5m;
    severity dynamic;
//    severity debug 3;
    print-category yes;
    print-time yes;
    print-severity yes;
  };
  channel general_file {
    file "/var/log/named/general.log" versions 3 size 5m;
    severity dynamic;
//    severity debug 3;
    print-category yes;
    print-time yes;
    print-severity yes;
  };
  channel database_file {
    file "/var/log/named/database.log" versions 3 size 5m;
    severity dynamic;
    print-category yes;
    print-time yes;
    print-severity yes;
  };
  channel security_file {
    file "/var/log/named/security.log" versions 3 size 5m;
    severity dynamic;
    print-category yes;
    print-time yes;
    print-severity yes;
  };
  channel config_file {
    file "/var/log/named/config.log" versions 3 size 5m;
    severity dynamic;
    print-category yes;
    print-time yes;
    print-severity yes;
  };
  channel resolver_file {
    file "/var/log/named/resolver.log" versions 3 size 5m;
    severity dynamic;
    print-time yes;
  };
  channel xfer-in_file {
    file "/var/log/named/xfer-in.log" versions 3 size 5m;
    severity dynamic;
    print-category yes;
    print-time yes;
    print-severity yes;
  };
  channel xfer-out_file {
    file "/var/log/named/xfer-out.log" versions 3 size 5m;
    severity dynamic;
    print-category yes;
    print-time yes;
    print-severity yes;
  };
  channel notify_file {
    file "/var/log/named/notify.log" versions 3 size 5m;
    severity dynamic;
    print-category yes;
    print-time yes;
    print-severity yes;
  };
  channel client_file {
    file "/var/log/named/client.log" versions 3 size 5m;
    severity dynamic;
    print-category yes;
    print-time yes;
    print-severity yes;
  };
  channel unmatched_file {
    file "/var/log/named/unmatched.log" versions 3 size 5m;
    severity dynamic;
    print-category yes;
    print-time yes;
    print-severity yes;
  };
  channel queries_file {
    file "/var/log/named/queries.log" versions 3 size 5m;
//    severity debug 3;
    severity dynamic;
    print-category yes;
    print-time yes;
    print-severity yes;
  };
  channel network_file {
    file "/var/log/named/network.log" versions 3 size 5m;
    severity dynamic;
    print-category yes;
    print-time yes;
    print-severity yes;
  };
  channel update_file {
    file "/var/log/named/update.log" versions 3 size 5m;
    severity dynamic;
    print-category yes;
    print-time yes;
    print-severity yes;
  };
  channel dispatch_file {
    file "/var/log/named/dispatch.log" versions 3 size 5m;
    severity dynamic;
    print-category yes;
    print-time yes;
    print-severity yes;
  };
  channel dnssec_file {
    file "/var/log/named/dnssec.log" versions 3 size 5m;
    severity dynamic;
    print-category yes;
    print-time yes;
    print-severity yes;
  };
  channel lame-servers_file {
    file "/var/log/named/lame-servers.log" versions 3 size 5m;
    severity dynamic;
    print-category yes;
    print-time yes;
    print-severity yes;
  };
 
  category default { default_file; };
  category general { general_file; };
  category database { database_file; };
  category security { security_file; };
  category config { config_file; };
  category resolver { resolver_file; };
  category xfer-in { xfer-in_file; };
  category xfer-out { xfer-out_file; };
  category notify { notify_file; };
  category client { client_file; };
  category unmatched { unmatched_file; };
  category queries { queries_file; };
  category network { network_file; };
  category update { update_file; };
  category dispatch { dispatch_file; };
  category dnssec { dnssec_file; };
  category lame-servers { lame-servers_file; };
};
/etc/bind/named.conf.options
acl "trusted" {
     192.168.1.0/24;
     192.168.50.0/24;
     192.168.70.0/24;
     172.16.0.0/16;
     localhost;
     localnets;
};
 
 
options {
»·directory "/var/cache/bind";
 
»·// version statement - inhibited for security
  »·// (avoids hacking any known weaknesses)»·
  »·version "ShareWiz DNS";
 
»·// If there is a firewall between you and nameservers you want
»·// to talk to, you may need to fix the firewall to allow multiple
»·// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
 
»·// If your ISP provided one or more IP addresses for stable·
»·// nameservers, you probably want to use them as forwarders.··
»·// Uncomment the following block, and insert the addresses replacing·
»·// the all-0's placeholder.
 
»·// forwarders {
»·// »0.0.0.0;
»·// };
»·forwarders {
                // Sure Public DNS
                //83.137.248.244;
                //93.187.151.197;
 
                // Google Public DNS
                //8.8.8.8;
                //8.8.4.4;
 
                // OpenDNS
                208.67.222.222;
                208.67.220.220;
»·};
 
 
»·//========================================================================
»·// If named logs error messages about the root key being expired,
»·// you will need to update your keys.  See https://www.isc.org/named-keys
»·//========================================================================
»·#dnssec-validation auto;
»·dnssec-enable no;·
»·dnssec-validation no;
 
»·auth-nxdomain no;    # conform to RFC1035
»·listen-on-v6 { any; };
 
»·allow-query { any; };
 »allow-transfer { trusted; };
 »#allow-recursion { trusted; };
};
/etc/bind/named.conf.local
//
// Do any local configuration here
//
 
 
acl slaves {
//    195.234.42.0/24;    // XName
//    193.218.105.144/28; // XName
//    193.24.212.232/29;  // XName
    212.227.123.29;  // 1&1  slv2.1and1.co.uk
};
 
acl internals {
    192.168.1.0/24;
    127.0.0.0/8;
};
 
view "internal" {
    match-clients { internals; };
    recursion yes;
 
    zone "sharewiz.net" {
        type master;
        file "/etc/bind/internals/db.sharewiz.net";
        allow-update { none; };
    };
 
//    zone "drdizzy.com" {
//        type master;
//        file "/etc/bind/internals/db.drdizzy.com";
//        allow-update { none; };
//    };
 
    # Set zone for reverse
    zone "1.168.192.in-addr.arpa" {
        type master;
        file "/etc/bind/internals/1.168.192.db";
        allow-update { none; };
    };
 
    include "/etc/bind/named.conf.default-zones";
};
 
view "external" {
    match-clients { any; };
    allow-query { any; };
    recursion no;
    zone "sharewiz.net" {
        type master;
        file "/etc/bind/externals/db.sharewiz.net";
        allow-transfer { slaves; };
        allow-update { none; };
    };
 
//    zone "drdizzy.com" {
//        type master;
//        file "/etc/bind/externals/db.drdizzy.com";
//        allow-transfer { slaves; };
//        allow-update { none; };
//    };
 
    # Set zone for reverse.
    zone "35.134.42.5.in-addr.arpa" {
        type master;
        file "/etc/bind/externals/35.134.42.5.db";
        allow-update { none; };
    };
};
/etc/bind/externals/35.134.42.5.db
; sharewiz.net
$TTL    86400
@       IN      SOA     ns1.sharewiz.net. root.sharewiz.net. (
                     2016061001 ; Serial
                           3600 ; Refresh
                           1800 ; Retry
                        2419200 ; Expire
                          86400 ; Negative Cache TTL
 
);
 
; define the name server
;        IN      NS      ns1.server1.net.
        IN      NS      ns1.sharewiz.net.
;        IN      NS      ns1.drdizzy.com.
 
; define the range of this domain
        IN      PTR     sharewiz.net.
;        IN      A       255.255.255.248
 
; define the hostnames
        IN      PTR     ns1.sharewiz.net.
        IN      PTR     server1.sharewiz.net.
        IN      PTR     mail.sharewiz.net.
        IN      PTR     ftp.sharewiz.net.
        IN      PTR     web.sharewiz.net.
        IN      PTR     webmail.sharewiz.net.
        IN      PTR     www.sharewiz.net.
/etc/bind/externals/db.sharewiz.net
; sharewiz.net
$TTL    86400
@       IN      SOA     ns1.sharewiz.net. root.sharewiz.net. (
                     2016061001 ; Serial
                           3600 ; Refresh
                           1800 ; Retry
                        2419200 ; Expire
                          86400 ; Negative Cache TTL
);
 
; define the name server
        IN      NS      ns1.sharewiz.net.
; IN  NS  slv2.1and1.co.uk.
 
; define the name server IP address
        IN      A       5.42.134.35
 
; define the mail exchanger
        IN      MX      10 mail.sharewiz.net.
mail    IN      A       5.42.134.35
 
; define the hostnames
ns1     IN      A       5.42.134.35
ftp     IN      A       5.42.134.35
server1 IN      A       5.42.134.35
webmail IN      A       5.42.134.35
www     IN      A       5.42.134.35
*       IN      A       5.42.134.35
 
; define the SPF
sharewiz.net. IN  TXT "v=spf1 a ip4:5.42.134.35 -all"
;sharewiz.net.  IN  SPF "v=spf1 a ip4:5.42.134.35 -all"
 
; define the SenderID
;sharewiz.net. IN  TXT "spf2.0/pra a include:mail.sharewiz.net -all"
ubuntu/bind/setup_bind9.1589218070.txt.gz · Last modified: 2020/07/15 09:30 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki