2019-03-07 17:21:38 +01:00
|
|
|
## How to deploy :
|
|
|
|
|
|
|
|
* Delete all /etc/bind/ directory
|
2024-04-24 14:13:35 +02:00
|
|
|
* git clone https://git.virtit.fr/VirtIT/tpl-bind9 /etc/bind
|
|
|
|
* rm -r /etc/bind/.git
|
2019-11-17 02:57:25 +01:00
|
|
|
* Run ```rndc-confgen | grep '^key "rndc-key" {' -A3 > rndc.key```
|
2019-03-07 17:21:38 +01:00
|
|
|
* Restart bind service
|
2019-04-06 20:12:37 +02:00
|
|
|
|
|
|
|
## How to use :
|
|
|
|
|
2024-04-24 14:06:54 +02:00
|
|
|
This configuration template is for Bind in Debian. You can find the official configuration [here](https://ftp.isc.org/isc/bind9/)
|
2019-04-26 21:32:25 +02:00
|
|
|
|
2019-04-06 20:12:37 +02:00
|
|
|
The repository is thought like this:
|
|
|
|
|
|
|
|
```
|
|
|
|
.
|
2019-04-26 19:07:12 +02:00
|
|
|
├── named.conf # default file, have only include
|
2019-04-26 18:40:34 +02:00
|
|
|
├── named.conf.keys # have all TSIG keys and rndc config
|
2019-04-26 19:07:12 +02:00
|
|
|
├── named.conf.options # have all bind options
|
2024-04-24 14:06:54 +02:00
|
|
|
├── named.conf.views # have all views options
|
2019-04-26 19:07:12 +02:00
|
|
|
├── keys # directory with all DNSSEC keys
|
2019-04-06 20:12:37 +02:00
|
|
|
├── views
|
2019-04-26 19:07:12 +02:00
|
|
|
│ ├── local.conf # have all zones options of the "local" view
|
2019-04-26 18:40:34 +02:00
|
|
|
│ └── public.conf # have all zones options of the "public" view
|
2019-04-06 20:12:37 +02:00
|
|
|
└── zones
|
2019-04-26 19:07:12 +02:00
|
|
|
├── local # directory with all zones records of the "local" view
|
|
|
|
└── public # directory with all zones records of the "public" view
|
2019-04-06 20:12:37 +02:00
|
|
|
|
|
|
|
```
|
|
|
|
|
2024-04-24 14:06:54 +02:00
|
|
|
and to add zone, for example in local view, you have to add this in the **views/local.conf** file :
|
2019-04-06 20:12:37 +02:00
|
|
|
|
|
|
|
```
|
2024-04-24 14:06:54 +02:00
|
|
|
zone "example.com" {
|
2019-04-06 20:12:37 +02:00
|
|
|
type master;
|
2024-04-24 14:06:54 +02:00
|
|
|
file "/etc/bind/zones/local/example.com.conf";
|
2019-04-06 20:12:37 +02:00
|
|
|
};
|
|
|
|
```
|
|
|
|
|
2024-04-24 14:06:54 +02:00
|
|
|
then add **zones/local/example.com.conf** file with all your records like this :
|
2019-04-06 20:12:37 +02:00
|
|
|
|
|
|
|
```
|
|
|
|
$ORIGIN example.com.
|
2019-04-26 18:40:34 +02:00
|
|
|
$TTL 3600
|
2019-04-06 20:12:37 +02:00
|
|
|
@ SOA dns1.example.com. hostmaster.example.com. (
|
2019-04-26 19:07:12 +02:00
|
|
|
2019010101 ; serial
|
|
|
|
86400 ; refresh
|
|
|
|
7200 ; retry
|
|
|
|
3600000 ; expire
|
|
|
|
172800 ) ; minimum TTL
|
2019-04-06 20:12:37 +02:00
|
|
|
;
|
|
|
|
;
|
2019-04-26 19:07:12 +02:00
|
|
|
@ NS dns1.example.com.
|
|
|
|
@ NS dns2.example.com.
|
2019-04-26 18:40:34 +02:00
|
|
|
dns1 A 10.0.1.1
|
2019-04-26 19:07:12 +02:00
|
|
|
dns1 AAAA aaaa:bbbb::1
|
2019-04-26 18:40:34 +02:00
|
|
|
dns2 A 10.0.1.2
|
2019-04-26 19:07:12 +02:00
|
|
|
dns2 AAAA aaaa:bbbb::2
|
2019-04-06 20:12:37 +02:00
|
|
|
;
|
|
|
|
;
|
2019-04-26 19:07:12 +02:00
|
|
|
@ MX 10 mail.example.com.
|
|
|
|
@ MX 20 mail2.example.com.
|
2019-04-26 18:40:34 +02:00
|
|
|
mail A 10.0.1.5
|
2019-04-26 19:07:12 +02:00
|
|
|
mail AAAA aaaa:bbbb::5
|
2019-04-26 18:40:34 +02:00
|
|
|
mail2 A 10.0.1.6
|
2019-04-26 19:07:12 +02:00
|
|
|
mail2 AAAA aaaa:bbbb::6
|
2019-04-06 20:12:37 +02:00
|
|
|
;
|
|
|
|
;
|
2019-04-26 19:07:12 +02:00
|
|
|
@ A 10.0.1.7
|
|
|
|
@ AAAA aaaa:bbbb::7
|
2019-04-26 18:40:34 +02:00
|
|
|
services A 10.0.1.10
|
2019-04-26 19:07:12 +02:00
|
|
|
services AAAA aaaa:bbbb::10
|
2019-04-06 20:12:37 +02:00
|
|
|
|
2019-04-26 19:07:12 +02:00
|
|
|
ftp CNAME services.example.com.
|
|
|
|
www CNAME services.example.com.
|
2019-04-06 20:12:37 +02:00
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
### Tips :
|
|
|
|
|
|
|
|
|
|
|
|
#### Create TSIG key :
|
|
|
|
|
|
|
|
To create TSIG key, you have to create a shared base64 data like this :
|
|
|
|
|
|
|
|
```
|
|
|
|
echo $(date) | openssl base64
|
|
|
|
```
|
|
|
|
|
|
|
|
and add the following in the **named.conf.keys** file
|
|
|
|
|
|
|
|
```
|
|
|
|
key "key-name" {
|
|
|
|
algorithm hmac-sha256;
|
|
|
|
secret "< YOUR BASE64 >";
|
|
|
|
};
|
2019-04-08 11:49:02 +02:00
|
|
|
```
|