tpl-bind9

My template of bind9 configuration

Go to file

beu 51a3cd4dd7 add DNSSEC keys options		2019-04-08 11:49:02 +02:00
keys	add DNSSEC keys options	2019-04-08 11:49:02 +02:00
views	ajust for follow README.md	2019-04-06 20:48:47 +02:00
zones	ajust for follow README.md	2019-04-06 20:48:47 +02:00
named.conf	ajust for follow README.md	2019-04-06 20:48:47 +02:00
named.conf.keys	fix rndc configuration	2019-03-07 17:25:37 +01:00
named.conf.options	add DNSSEC keys options	2019-04-08 11:49:02 +02:00
named.conf.view	ajust for follow README.md	2019-04-06 20:48:47 +02:00
README.md	add DNSSEC keys options	2019-04-08 11:49:02 +02:00

README.md

How to deploy :

Delete all /etc/bind/ directory
git clone
Run 'rndc-confgen | grep '^key "rndc-key" {' -A3 > rndc.key'
Restart bind service

How to use :

The repository is thought like this:

.
├── named.conf                 # default file, have only include
├── named.conf.keys            # have all TSIG keys and rndc config
├── named.conf.options         # have all bind options
├── named.conf.view            # have all views options
├── keys                       # directory with all DNSSEC keys		
├── views
│   ├── local.conf             # have all zones options of the "local" view
│   └── public.conf            # have all zones options of the "public" view
└── zones
    ├── local                  # directory with all zones records of the "local" view
    └── public                 # directory with all zones records of the "public" view

and to add zone, for exemple in local view, you have to add this in the views/local.conf file :

zone "exemple.com" {
	type master;
	file "/etc/bind/zones/local/exemple.com.conf";
};

then add zones/local/exemple.com.conf file with all your records like this :

$ORIGIN example.com.
$TTL 86400
@	SOA	dns1.example.com.	hostmaster.example.com. (
		2001062501 ; serial
		21600      ; refresh after 6 hours
		3600       ; retry after 1 hour
		604800     ; expire after 1 week
		86400 )    ; minimum TTL of 1 day
;
;
	NS	dns1.example.com.
	NS	dns2.example.com.
dns1 A	10.0.1.1
        AAAA	aaaa:bbbb::1
dns2	A	10.0.1.2
	AAAA	aaaa:bbbb::2
;
;
@	MX	10	mail.example.com.
	MX	20	mail2.example.com.
mail	A	10.0.1.5
	AAAA	aaaa:bbbb::5
mail2	A	10.0.1.6
	AAAA	aaaa:bbbb::6
;
;
; This sample zone file illustrates sharing the same IP addresses for multiple services:
;
services	A	10.0.1.10
		AAAA	aaaa:bbbb::10
		A	10.0.1.11
		AAAA	aaaa:bbbb::11

ftp	CNAME	services.example.com.
www	CNAME	services.example.com.

Tips :

Create TSIG key :

To create TSIG key, you have to create a shared base64 data like this :

echo $(date) | openssl base64

and add the following in the named.conf.keys file

key "key-name" {
	algorithm hmac-sha256;
	secret "< YOUR BASE64 >";
};