Debian: DNS Server
From ReceptiveIT
Contents |
Important Configuration
To create a new RNDC key.
rndc-confgen -c random-rndc.key -k random-rndc-key
Copy the rndc key stuff off the screen to a file.
named.conf.options
options {
version "10.100.100";
directory "/var/cache/bind";
forwarders {
1.2.3.4;
5.6.7.8;
};
auth-nxdomain no;
allow-transfer {
10.11.12.13; # Secondary DNS
};
};
named.conf.local
include "/etc/bind/random-rndc.key";
zone "fqdn.com.au" IN {
type master;
file "master/db.fqdn.com.au";
};
zone "3.2.1.in-addr.arpa" {
type master;
file "master/db.1.2.3.rev";
allow-transfer {
key "random-rndc-key";
};
also-notify {
10.11.12.14;
};
};
zone "otherfqdn.com.au" IN {
type slave;
file "slave/db.otherfqdn.com.au";
masters {
10.11.12.13;
};
};
Sample Zone File
$TTL 604800
;
; db.fqdn.com.au
;
@ IN SOA ns1.hosting.com.au. dnsmaster.hosting.com.au. (
2006080101 ; serial
3H ; refresh
30M ; retry
1W ; expire
1D ; minimum
)
; NS Records
@ 1D IN NS ns1.hosting.com.au.
@ 1D IN NS ns2.hosting.com.au.
; MX Records
@ 1D IN MX 10 mail.fqdn.com.au.
@ 1D IN MX 20 smtp.fqdn.com.au.
; A Records
@ 1D IN A 1.2.3.10
www 1D IN A 1.2.3.10
mail 1D IN A 1.2.3.20
smtp 1D IN A 1.2.3.30
; CNAME Records
fred 1D IN CNAME www
Sample Zone File - Reverse DNS
$TTL 604800
;
; Reverse DNS for fqdn.com.au
; db.1.2.3.rev
;
@ IN SOA ns1.hosting.com.au. dnsmaster.hosting.com.au. (
2006080101 ; serial
3H ; refresh
30M ; retry
1W ; expire
1D ; minimum
)
; NS Records
@ IN NS ns1.hosting.com.au.
@ IN NS ns2.hosting.com.au.
10 IN PTR www.fqdn.com.au.
20 IN PTR mail.fqdn.com.au.
30 IN PTR smtp.fqdn.com.au.
Split DNS Views
It is possible for you DNS server to hand out different information, and to behave differently, depending on who is asking.
named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an unprivileged
// port by default.
// query-source address * port 53;
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
version "0";
recursion no;
allow-query { any; };
};
named.conf.acl
acl "dns_slaves" {
202.12.13.14;
};
acl "lan_hosts" {
127.0.0.1;
192.168.1.0/24;
192.168.2.0/24;
};
named.conf
include "/etc/bind/named.conf.acl";
include "/etc/bind/named.conf.options";
view "internal" {
match-clients { lan_hosts; };
allow-transfer { lan_hosts; };
recursion yes;
notify no;
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
zone "domain.com.au" {
type master;
file "internal/db.domain.com.au";
also-notify { 192.168.2.10; };
};
zone "domain.local" {
type master;
file "internal/db.domain.local";
also-notify { 192.168.2.10; };
};
zone "1.168.192.in-addr.arpa" {
type master;
file "internal/db.1.168.192.in-addr.arpa";
also-notify { 192.168.2.10; };
};
zone "2.168.192.in-addr.arpa" {
type slave;
file "internal/db.2.168.192.in-addr.arpa";
masters { 192.168.2.10; };
};
};
view "external" {
match-clients { !localnets; any; };
recursion no;
allow-transfer { dns_slaves; };
zone "domain.com.au" {
type master;
file "external/db.domain.com.au";
also-notify { 202.1.2.3; };
};
};
