2019-03-07 17:21:38 +01:00
## How to deploy :
* Delete all /etc/bind/ directory
2019-04-26 19:07:12 +02:00
* git clone
2019-11-17 02:57:25 +01:00
* Run ```rndc-confgen | grep '^key "rndc-key" {' -A3 > rndc.key```
2019-03-07 17:21:38 +01:00
* Restart bind service
2019-04-06 20:12:37 +02:00
## How to use :
2019-04-26 21:32:25 +02:00
This configuration template is for Bind 9.10.3 in Debian 9. You can find the official configuration [here ](https://ftp.isc.org/isc/bind9/9.10.3/doc/arm/Bv9ARM.ch06.html )
2019-04-06 20:12:37 +02:00
The repository is thought like this:
```
.
2019-04-26 19:07:12 +02:00
├── named.conf # default file, have only include
2019-04-26 18:40:34 +02:00
├── named.conf.keys # have all TSIG keys and rndc config
2019-04-26 19:07:12 +02:00
├── named.conf.options # have all bind options
2019-04-26 18:40:34 +02:00
├── named.conf.view # have all views options
2019-04-26 19:07:12 +02:00
├── keys # directory with all DNSSEC keys
2019-04-06 20:12:37 +02:00
├── views
2019-04-26 19:07:12 +02:00
│ ├── local.conf # have all zones options of the "local" view
2019-04-26 18:40:34 +02:00
│ └── public.conf # have all zones options of the "public" view
2019-04-06 20:12:37 +02:00
└── zones
2019-04-26 19:07:12 +02:00
├── local # directory with all zones records of the "local" view
└── public # directory with all zones records of the "public" view
2019-04-06 20:12:37 +02:00
```
and to add zone, for exemple in local view, you have to add this in the **views/local.conf** file :
```
zone "exemple.com" {
type master;
file "/etc/bind/zones/local/exemple.com.conf";
};
```
then add **zones/local/exemple.com.conf** file with all your records like this :
```
$ORIGIN example.com.
2019-04-26 18:40:34 +02:00
$TTL 3600
2019-04-06 20:12:37 +02:00
@ SOA dns1.example.com. hostmaster.example.com. (
2019-04-26 19:07:12 +02:00
2019010101 ; serial
86400 ; refresh
7200 ; retry
3600000 ; expire
172800 ) ; minimum TTL
2019-04-06 20:12:37 +02:00
;
;
2019-04-26 19:07:12 +02:00
@ NS dns1.example.com.
@ NS dns2.example.com.
2019-04-26 18:40:34 +02:00
dns1 A 10.0.1.1
2019-04-26 19:07:12 +02:00
dns1 AAAA aaaa:bbbb::1
2019-04-26 18:40:34 +02:00
dns2 A 10.0.1.2
2019-04-26 19:07:12 +02:00
dns2 AAAA aaaa:bbbb::2
2019-04-06 20:12:37 +02:00
;
;
2019-04-26 19:07:12 +02:00
@ MX 10 mail.example.com.
@ MX 20 mail2.example.com.
2019-04-26 18:40:34 +02:00
mail A 10.0.1.5
2019-04-26 19:07:12 +02:00
mail AAAA aaaa:bbbb::5
2019-04-26 18:40:34 +02:00
mail2 A 10.0.1.6
2019-04-26 19:07:12 +02:00
mail2 AAAA aaaa:bbbb::6
2019-04-06 20:12:37 +02:00
;
;
2019-04-26 19:07:12 +02:00
@ A 10.0.1.7
@ AAAA aaaa:bbbb::7
2019-04-26 18:40:34 +02:00
services A 10.0.1.10
2019-04-26 19:07:12 +02:00
services AAAA aaaa:bbbb::10
2019-04-06 20:12:37 +02:00
2019-04-26 19:07:12 +02:00
ftp CNAME services.example.com.
www CNAME services.example.com.
2019-04-06 20:12:37 +02:00
```
### Tips :
#### Create TSIG key :
To create TSIG key, you have to create a shared base64 data like this :
```
echo $(date) | openssl base64
```
and add the following in the **named.conf.keys** file
```
key "key-name" {
algorithm hmac-sha256;
secret "< YOUR BASE64 > ";
};
2019-04-08 11:49:02 +02:00
```
