Difference between revisions of "BIND"
Jump to navigation
Jump to search
imported>Jeremy-busk (Created page with "# ISC BIND for DNS https://www.isc.org/downloads/bind/ #### Education Resources http://www.zytrax.com/books/dns/ http://www.zytrax.com/books/dns/ch6/") |
|||
| (6 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
# ISC BIND for DNS | # ISC BIND for DNS | ||
| + | |||
| + | https://kb.isc.org/docs/aa-00851 | ||
https://www.isc.org/downloads/bind/ | https://www.isc.org/downloads/bind/ | ||
| Line 8: | Line 10: | ||
http://www.zytrax.com/books/dns/ch6/ | http://www.zytrax.com/books/dns/ch6/ | ||
| + | |||
| + | https://dea.nbird.com.au/2015/01/17/bind9-adding-a-forward-only-zone/ | ||
| + | |||
| + | https://serverfault.com/questions/426954/bind9-forwarding-by-view | ||
| + | |||
| + | https://serverfault.com/questions/426954/bind9-forwarding-by-view | ||
| + | |||
| + | # BIND9 | ||
| + | |||
| + | ## Issues | ||
| + | ``` | ||
| + | tail -f /var/log/syslog | ||
| + | managed-keys-zone: DNSKEY set for zone '.' could not be verified with current keys | ||
| + | ``` | ||
| + | |||
| + | named.conf.options - https://gitlab.isc.org/isc-projects/bind9/-/issues/492 | ||
| + | ``` | ||
| + | // dnssec-validation auto; | ||
| + | dnssec-validation yes; | ||
| + | ``` | ||
| + | |||
| + | ## Example | ||
| + | |||
| + | /etc/bind/named.conf.options | ||
| + | ``` | ||
| + | options { | ||
| + | directory "/var/cache/bind"; | ||
| + | dnssec-validation yes; | ||
| + | |||
| + | listen-on-v6 { any; }; | ||
| + | |||
| + | recursion yes; | ||
| + | # allow-recursion { 127.0.0.1; 192.168.0.0/24; 10.10.10.0/24; }; | ||
| + | allow-transfer { none; }; | ||
| + | allow-recursion { any; }; | ||
| + | # allow-query { any; }; | ||
| + | # allow-query-cache { any; }; | ||
| + | forwarders { | ||
| + | 10.250.5.2; | ||
| + | }; | ||
| + | forward only; | ||
| + | querylog yes; | ||
| + | version "not currently available"; | ||
| + | |||
| + | # dnssec-enable yes; | ||
| + | # dnssec-validation yes; | ||
| + | }; | ||
| + | ``` | ||
| + | sudo vi /etc/bind/named.conf.local | ||
| + | ``` | ||
| + | ##Add the following to the file. | ||
| + | zone "world.local" in { | ||
| + | type forward; | ||
| + | forward only; | ||
| + | forwarders { 192.168.38.254; }; | ||
| + | }; | ||
| + | |||
| + | zone "38.168.192.in-addr.arpa" { | ||
| + | type forward; | ||
| + | forward only; | ||
| + | forwarders { 192.168.38.254; }; | ||
| + | }; | ||
| + | ``` | ||
Latest revision as of 00:03, 12 October 2020
ISC BIND for DNS
https://kb.isc.org/docs/aa-00851
https://www.isc.org/downloads/bind/
Education Resources
http://www.zytrax.com/books/dns/
http://www.zytrax.com/books/dns/ch6/
https://dea.nbird.com.au/2015/01/17/bind9-adding-a-forward-only-zone/
https://serverfault.com/questions/426954/bind9-forwarding-by-view
https://serverfault.com/questions/426954/bind9-forwarding-by-view
BIND9
Issues
tail -f /var/log/syslog managed-keys-zone: DNSKEY set for zone '.' could not be verified with current keys
named.conf.options - https://gitlab.isc.org/isc-projects/bind9/-/issues/492
// dnssec-validation auto;
dnssec-validation yes;
Example
/etc/bind/named.conf.options
options {
directory "/var/cache/bind";
dnssec-validation yes;
listen-on-v6 { any; };
recursion yes;
# allow-recursion { 127.0.0.1; 192.168.0.0/24; 10.10.10.0/24; };
allow-transfer { none; };
allow-recursion { any; };
# allow-query { any; };
# allow-query-cache { any; };
forwarders {
10.250.5.2;
};
forward only;
querylog yes;
version "not currently available";
# dnssec-enable yes;
# dnssec-validation yes;
};
sudo vi /etc/bind/named.conf.local
##Add the following to the file.
zone "world.local" in {
type forward;
forward only;
forwarders { 192.168.38.254; };
};
zone "38.168.192.in-addr.arpa" {
type forward;
forward only;
forwarders { 192.168.38.254; };
};