My template of bind9 configuration
Go to file
2024-04-24 14:04:40 +02:00
keys add DNSSEC keys options 2019-04-08 11:49:02 +02:00
views improve a bit comments and line breaks 2024-04-24 14:04:40 +02:00
zones ajust for follow README.md 2019-04-06 20:48:47 +02:00
bind.keys update trust-anchors file 2024-04-24 14:04:23 +02:00
named.conf update file name 2024-04-24 14:04:11 +02:00
named.conf.keys Change identation 2019-04-26 18:59:01 +02:00
named.conf.options improve a bit comments and line breaks 2024-04-24 14:04:40 +02:00
named.conf.views update file name 2024-04-24 14:04:11 +02:00
README.md fix syntax 2019-11-17 02:57:25 +01:00

How to deploy :

  • Delete all /etc/bind/ directory
  • git clone
  • Run rndc-confgen | grep '^key "rndc-key" {' -A3 > rndc.key
  • Restart bind service

How to use :

This configuration template is for Bind 9.10.3 in Debian 9. You can find the official configuration here

The repository is thought like this:

.
├── named.conf				# default file, have only include
├── named.conf.keys			# have all TSIG keys and rndc config
├── named.conf.options			# have all bind options
├── named.conf.view			# have all views options
├── keys				# directory with all DNSSEC keys
├── views
│   ├── local.conf			# have all zones options of the "local" view
│   └── public.conf			# have all zones options of the "public" view
└── zones
	├── local			# directory with all zones records of the "local" view
	└── public			# directory with all zones records of the "public" view

and to add zone, for exemple in local view, you have to add this in the views/local.conf file :

zone "exemple.com" {
	type master;
	file "/etc/bind/zones/local/exemple.com.conf";
};

then add zones/local/exemple.com.conf file with all your records like this :

$ORIGIN example.com.
$TTL 3600
@	SOA	dns1.example.com.	hostmaster.example.com. (
				2019010101	; serial
				86400	  	; refresh
				7200	  	; retry
				3600000	 	; expire
				172800 )	; minimum TTL
;
;
@		NS		dns1.example.com.
@		NS		dns2.example.com.
dns1		A		10.0.1.1
dns1		AAAA		aaaa:bbbb::1
dns2		A		10.0.1.2
dns2		AAAA		aaaa:bbbb::2
;
;
@		MX		10	mail.example.com.
@		MX		20	mail2.example.com.
mail		A		10.0.1.5
mail		AAAA		aaaa:bbbb::5
mail2		A		10.0.1.6
mail2		AAAA		aaaa:bbbb::6
;
;
@		A		10.0.1.7
@		AAAA		aaaa:bbbb::7
services	A		10.0.1.10
services	AAAA		aaaa:bbbb::10

ftp		CNAME		services.example.com.
www		CNAME		services.example.com.

Tips :

Create TSIG key :

To create TSIG key, you have to create a shared base64 data like this :

echo $(date) | openssl base64

and add the following in the named.conf.keys file

key "key-name" {
	algorithm hmac-sha256;
	secret "< YOUR BASE64 >";
};