Difference between revisions of "BIND"
		
		
		
		
		
		Jump to navigation
		Jump to search
		
				
		
		
	
| (5 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| # ISC BIND for DNS | # ISC BIND for DNS | ||
| + | |||
| + | https://kb.isc.org/docs/aa-00851 | ||
| https://www.isc.org/downloads/bind/ | https://www.isc.org/downloads/bind/ | ||
| Line 8: | Line 10: | ||
| http://www.zytrax.com/books/dns/ch6/ | http://www.zytrax.com/books/dns/ch6/ | ||
| + | |||
| + | https://dea.nbird.com.au/2015/01/17/bind9-adding-a-forward-only-zone/ | ||
| + | |||
| + | https://serverfault.com/questions/426954/bind9-forwarding-by-view | ||
| + | |||
| + | https://serverfault.com/questions/426954/bind9-forwarding-by-view | ||
| # BIND9 | # BIND9 | ||
| Line 21: | Line 29: | ||
|          // dnssec-validation auto; |          // dnssec-validation auto; | ||
|          dnssec-validation yes; |          dnssec-validation yes; | ||
| + | ``` | ||
| + | |||
| + | ## Example | ||
| + | |||
| + | /etc/bind/named.conf.options | ||
| + | ``` | ||
| + | options { | ||
| + |         directory "/var/cache/bind"; | ||
| + |         dnssec-validation yes; | ||
| + | |||
| + |         listen-on-v6 { any; }; | ||
| + | |||
| + |         recursion yes; | ||
| + |  # allow-recursion { 127.0.0.1; 192.168.0.0/24; 10.10.10.0/24; }; | ||
| + |     allow-transfer { none; }; | ||
| + |      allow-recursion { any; }; | ||
| + |      # allow-query { any; }; | ||
| + |      # allow-query-cache { any; }; | ||
| + |  forwarders { | ||
| + |                 10.250.5.2; | ||
| + |         }; | ||
| + | forward only; | ||
| + | querylog yes; | ||
| + |  version "not currently available"; | ||
| + | |||
| + | # dnssec-enable yes; | ||
| + | # dnssec-validation yes; | ||
| + | }; | ||
| + | ``` | ||
| + | sudo vi /etc/bind/named.conf.local | ||
| + | ``` | ||
| + | ##Add the following to the file. | ||
| + | zone "world.local" in   { | ||
| + |  type forward; | ||
| + |  forward only; | ||
| + |  forwarders { 192.168.38.254; }; | ||
| + | }; | ||
| + | |||
| + | zone "38.168.192.in-addr.arpa" { | ||
| + |   type forward; | ||
| + |   forward only; | ||
| + |   forwarders { 192.168.38.254; }; | ||
| + |  }; | ||
| ``` | ``` | ||
Latest revision as of 00:03, 12 October 2020
ISC BIND for DNS
https://kb.isc.org/docs/aa-00851
https://www.isc.org/downloads/bind/
Education Resources
http://www.zytrax.com/books/dns/
http://www.zytrax.com/books/dns/ch6/
https://dea.nbird.com.au/2015/01/17/bind9-adding-a-forward-only-zone/
https://serverfault.com/questions/426954/bind9-forwarding-by-view
https://serverfault.com/questions/426954/bind9-forwarding-by-view
BIND9
Issues
tail -f /var/log/syslog managed-keys-zone: DNSKEY set for zone '.' could not be verified with current keys
named.conf.options - https://gitlab.isc.org/isc-projects/bind9/-/issues/492
        // dnssec-validation auto;
        dnssec-validation yes;
Example
/etc/bind/named.conf.options
options {
        directory "/var/cache/bind";
        dnssec-validation yes;
        listen-on-v6 { any; };
        recursion yes;
 # allow-recursion { 127.0.0.1; 192.168.0.0/24; 10.10.10.0/24; };
    allow-transfer { none; };
     allow-recursion { any; };
     # allow-query { any; };
     # allow-query-cache { any; };
 forwarders {
                10.250.5.2;
        };
forward only;
querylog yes;
 version "not currently available";
# dnssec-enable yes;
# dnssec-validation yes;
};
sudo vi /etc/bind/named.conf.local
##Add the following to the file.
zone "world.local" in   {
 type forward;
 forward only;
 forwarders { 192.168.38.254; };
};
zone "38.168.192.in-addr.arpa" {
  type forward;
  forward only;
  forwarders { 192.168.38.254; };
 };