## How to deploy :

* Delete all /etc/bind/ directory
* git clone https://git.virtit.fr/VirtIT/tpl-bind9 /etc/bind
* rm -r /etc/bind/.git
* Run ```rndc-confgen | grep '^key "rndc-key" {' -A3 > rndc.key```
* Run ```mkdir /var/log/named && chown bind: /var/log/named```
* Restart bind service

## How to use :

This configuration template is for Bind in Debian. You can find the official configuration [here](https://ftp.isc.org/isc/bind9/)

The repository is thought like this:

```
.
├── named.conf				# default file, have only include
├── named.conf.keys			# have all TSIG keys and rndc config
├── named.conf.options			# have all bind options
├── named.conf.views			# have all views options
├── keys				# directory with all DNSSEC keys
├── views
│   ├── local.conf			# have all zones options of the "local" view
│   └── public.conf			# have all zones options of the "public" view
└── zones
	├── local			# directory with all zones records of the "local" view
	└── public			# directory with all zones records of the "public" view

```

and to add zone, for example in local view, you have to add this in the **views/local.conf** file :

```
zone "example.com" {
	type master;
	file "/etc/bind/zones/local/example.com.conf";
};
```

then add **zones/local/example.com.conf** file with all your records like this :

```
$ORIGIN example.com.
$TTL 3600
@	SOA	dns1.example.com.	hostmaster.example.com. (
				2019010101	; serial
				86400	  	; refresh
				7200	  	; retry
				3600000	 	; expire
				172800 )	; minimum TTL
;
;
@		NS		dns1.example.com.
@		NS		dns2.example.com.
dns1		A		10.0.1.1
dns1		AAAA		aaaa:bbbb::1
dns2		A		10.0.1.2
dns2		AAAA		aaaa:bbbb::2
;
;
@		MX		10	mail.example.com.
@		MX		20	mail2.example.com.
mail		A		10.0.1.5
mail		AAAA		aaaa:bbbb::5
mail2		A		10.0.1.6
mail2		AAAA		aaaa:bbbb::6
;
;
@		A		10.0.1.7
@		AAAA		aaaa:bbbb::7
services	A		10.0.1.10
services	AAAA		aaaa:bbbb::10

ftp		CNAME		services.example.com.
www		CNAME		services.example.com.
```


### Tips :


#### Create TSIG key :

To create TSIG key, you have to create a shared base64 data like this :

```
echo $(date) | openssl base64
```

and add the following in the **named.conf.keys** file

```
key "key-name" {
	algorithm hmac-sha256;
	secret "< YOUR BASE64 >";
};
```