ubuntu:bind:setup_bind9
This is an old revision of the document!
Table of Contents
Ubuntu - Bind - Setup Bind9
named.conf
- /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named. // // Please read /usr/share/doc/bind9/README.Debian.gz for information on the· // structure of BIND configuration files in Debian, *BEFORE* you customize· // this configuration file. // // If you are just adding zones, please do that in /etc/bind/named.conf.local include "/etc/bind/named.conf.logging"; include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; // include "/etc/bind/named.conf.default-zones";
named.conf.logging
- /etc/bind/named.conf.logging
//logging { // channel querylog{ // file "/var/log/named/querylog"; // severity debug 3; // print-category yes; // print-time yes; // print-severity yes; // }; // category queries { querylog;}; //}; logging { channel default_file { file "/var/log/named/default.log" versions 3 size 5m; severity dynamic; // severity debug 3; print-category yes; print-time yes; print-severity yes; }; channel general_file { file "/var/log/named/general.log" versions 3 size 5m; severity dynamic; // severity debug 3; print-category yes; print-time yes; print-severity yes; }; channel database_file { file "/var/log/named/database.log" versions 3 size 5m; severity dynamic; print-category yes; print-time yes; print-severity yes; }; channel security_file { file "/var/log/named/security.log" versions 3 size 5m; severity dynamic; print-category yes; print-time yes; print-severity yes; }; channel config_file { file "/var/log/named/config.log" versions 3 size 5m; severity dynamic; print-category yes; print-time yes; print-severity yes; }; channel resolver_file { file "/var/log/named/resolver.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel xfer-in_file { file "/var/log/named/xfer-in.log" versions 3 size 5m; severity dynamic; print-category yes; print-time yes; print-severity yes; }; channel xfer-out_file { file "/var/log/named/xfer-out.log" versions 3 size 5m; severity dynamic; print-category yes; print-time yes; print-severity yes; }; channel notify_file { file "/var/log/named/notify.log" versions 3 size 5m; severity dynamic; print-category yes; print-time yes; print-severity yes; }; channel client_file { file "/var/log/named/client.log" versions 3 size 5m; severity dynamic; print-category yes; print-time yes; print-severity yes; }; channel unmatched_file { file "/var/log/named/unmatched.log" versions 3 size 5m; severity dynamic; print-category yes; print-time yes; print-severity yes; }; channel queries_file { file "/var/log/named/queries.log" versions 3 size 5m; // severity debug 3; severity dynamic; print-category yes; print-time yes; print-severity yes; }; channel network_file { file "/var/log/named/network.log" versions 3 size 5m; severity dynamic; print-category yes; print-time yes; print-severity yes; }; channel update_file { file "/var/log/named/update.log" versions 3 size 5m; severity dynamic; print-category yes; print-time yes; print-severity yes; }; channel dispatch_file { file "/var/log/named/dispatch.log" versions 3 size 5m; severity dynamic; print-category yes; print-time yes; print-severity yes; }; channel dnssec_file { file "/var/log/named/dnssec.log" versions 3 size 5m; severity dynamic; print-category yes; print-time yes; print-severity yes; }; channel lame-servers_file { file "/var/log/named/lame-servers.log" versions 3 size 5m; severity dynamic; print-category yes; print-time yes; print-severity yes; }; category default { default_file; }; category general { general_file; }; category database { database_file; }; category security { security_file; }; category config { config_file; }; category resolver { resolver_file; }; category xfer-in { xfer-in_file; }; category xfer-out { xfer-out_file; }; category notify { notify_file; }; category client { client_file; }; category unmatched { unmatched_file; }; category queries { queries_file; }; category network { network_file; }; category update { update_file; }; category dispatch { dispatch_file; }; category dnssec { dnssec_file; }; category lame-servers { lame-servers_file; }; };
named.conf.options
- /etc/bind/named.conf.options
acl "trusted" { 192.168.1.0/24; 192.168.50.0/24; 192.168.70.0/24; 172.16.0.0/16; localhost; localnets; }; options { directory "/var/cache/bind"; // version statement - inhibited for security // (avoids hacking any known weaknesses)»· version "ShareWiz DNS"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable· // nameservers, you probably want to use them as forwarders.·· // Uncomment the following block, and insert the addresses replacing· // the all-0's placeholder. // forwarders { // 0.0.0.0; // }; forwarders { // Sure Public DNS //83.137.248.244; //93.187.151.197; // Google Public DNS //8.8.8.8; //8.8.4.4; // OpenDNS 208.67.222.222; 208.67.220.220; }; //======================================================================== // If named logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/named-keys //======================================================================== #dnssec-validation auto; dnssec-enable no; dnssec-validation no; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; allow-query { any; }; allow-transfer { trusted; }; #allow-recursion { trusted; }; };
named.conf.local
- /etc/bind/named.conf.local
// // Do any local configuration here. // acl slaves { // 195.234.42.0/24; // XName // 193.218.105.144/28; // XName // 193.24.212.232/29; // XName 212.227.123.29; // 1&1 slv2.1and1.co.uk }; // Any IPs added here will not have ads blocked. // For Virginia. acl allow_ads { // 192.168.1.64; 192.168.1.70; 192.168.1.75; 192.168.1.90; 192.168.1.96; }; acl internals { 192.168.1.0/24; 192.168.50.0/24; 192.168.70.0/24; 172.16.0.0/16; !allow_ads; 127.0.0.0/8; }; view "allow_ads" { match-clients { allow_ads; }; recursion yes; // type forward; // forwarders { // 8.8.8.8; // }; include "/etc/bind/named.conf.default-zones"; }; view "internal" { match-clients { internals; }; recursion yes; zone "sharewiz.net" { type master; file "/etc/bind/internals/db.sharewiz.net"; allow-update { none; }; }; zone "drdizzy.com" { type master; file "/etc/bind/internals/db.drdizzy.com"; allow-update { none; }; }; zone "magicalentertainmentandsound.com" { type master; file "/etc/bind/internals/db.magicalentertainmentandsound.com"; allow-update { none; }; }; # Set zone for reverse zone "1.168.192.in-addr.arpa" { type master; file "/etc/bind/internals/1.168.192.db"; allow-update { none; }; }; include "/etc/bind/ad-blacklist"; include "/etc/bind/named.conf.default-zones"; }; view "external" { match-clients { any; }; allow-query { any; };· recursion no; zone "sharewiz.net" { type master; file "/etc/bind/externals/db.sharewiz.net"; allow-transfer { slaves; }; allow-update { none; }; }; zone "drdizzy.com" { type master; file "/etc/bind/externals/db.drdizzy.com"; allow-transfer { slaves; }; allow-update { none; }; }; zone "magicalentertainmentandsound.com" { type master; file "/etc/bind/externals/db.magicalentertainmentandsound.com"; allow-transfer { slaves; }; allow-update { none; }; }; # Set zone for reverse. zone "35.134.42.5.in-addr.arpa" { type master; file "/etc/bind/externals/35.134.42.5.db"; allow-update { none; }; }; };
Externals - 35.134.42.5.db
- /etc/bind/externals/35.134.42.5.db
; sharewiz.net $TTL 86400 @ IN SOA ns1.sharewiz.net. root.sharewiz.net. ( 2016101801 ; Serial 3600 ; Refresh 1800 ; Retry 2419200 ; Expire 86400 ; Negative Cache TTL ); ; define the name server ; IN NS ns1.server1.net. IN NS ns1.sharewiz.net. ns1 IN A 5.42.134.35 ; IN NS ns1.drdizzy.com. ; define the range of this domain IN PTR sharewiz.net. ; IN A 255.255.255.248 ; define the hostnames IN PTR ns1.sharewiz.net. IN PTR router.sharewiz.net. IN PTR server1.sharewiz.net. IN PTR mail.sharewiz.net. IN PTR ftp.sharewiz.net. IN PTR web.sharewiz.net. IN PTR webmail.sharewiz.net. IN PTR www.sharewiz.net. ; define drdizzy.com IN PTR drdizzy.com. IN PTR www.drdizzy.com. ; define magicalentertainmentandsound.com IN PTR magicalentertainmentandsound.com. IN PTR www.magicalentertainmentandsound.com.
Externals - db.sharewiz.net
- /etc/bind/externals/db.sharewiz.net
; sharewiz.net $TTL 86400 @ IN SOA ns1.sharewiz.net. root.sharewiz.net. ( 2016101605 ; Serial 3600 ; Refresh 1800 ; Retry 2419200 ; Expire 86400 ; Negative Cache TTL ); ; define the name server IN NS ns1.sharewiz.net. ;»IN»·NS»·slv2.1and1.co.uk. ; define the name server IP address IN A 5.42.134.35 ; define the mail exchanger IN MX 10 mail.sharewiz.net. mail IN A 5.42.134.35 ; define the hostnames ns1 IN A 5.42.134.35 ftp IN A 5.42.134.35 router IN A 5.42.134.35 server1 IN A 5.42.134.35 webmail IN A 5.42.134.35 www IN A 5.42.134.35 ;www CNAME @ *» IN»· A» 5.42.134.35 ; define the SPF sharewiz.net.»IN»·TXT»"v=spf1 a ip4:5.42.134.35 -all" ;sharewiz.net.»·IN»·SPF»"v=spf1 a ip4:5.42.134.35 -all" ; define the SenderID ;sharewiz.net. IN TXT "spf2.0/pra a include:mail.sharewiz.net -all" ; define the DMARC ;_dmarc IN»TXT»"v=DMARC1;p=none;rua=mailto:peter@sharewiz.net;ruf=mailto:peter@sharewiz.net" _dmarc.sharewiz.net. IN TXT "v=DMARC1; p=none; sp=none; rua=mailto:peter@sharewiz.net; ruf=mailto:peter@sharewiz.net; rf=afrf; pct=100; ri=86400"
ubuntu/bind/setup_bind9.1589218825.txt.gz · Last modified: 2020/07/15 09:30 (external edit)