Generate a rndc key
rndc-confgen -b 512 | grep -m 1 "secret" | cut -d '"' -f 2
Creating a local domain
File path might be a little different on different platforms. The following is based on FreeBSD 6 and BIND 9.Edit /etc/namedb/named.conf and at least include the followings:
// Bind9 configuration file
// Below are required for Win32 bind
key "rndc-key" {
algorithm hmac-md5;
secret "<output of rndc-confgen>";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
acl mynets { 192.168.13.0/24; 127.0.0.0/8; };
// Common to Win32 / UNIX
options {
directory "c:\\windows\\system32\\dns\\etc"; // Working directory
// directory "/etc"; // on linux chroot environment
listen-on { 192.168.13.10; 127.0.0.1; 10.0.0.1; };
allow-query { mynets; };
forwarders { // forward to external servers
192.168.13.254;
};
};
logging {
channel default_syslog {
file "/var/log/named.log";
};
};
view "trusted" {
// allow recursive queries to local networks only
match-clients { mynets; };
recursion yes;
zone "comme.ca" IN {
type master;
file "comme.ca.zone";
allow-transfer { mynets;};
};
zone "13.168.192.in-addr.arpa" IN {
type master;
file "13.168.192.rev";
allow-transfer { mynets;};
};
};
view "untrusted" {
match-clients {"any";};
recursion no;
// zone for caching
zone "." in {
type hint;
file "root.hints";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "0.0.127.rev";
};
};Create rndc.key for controlling named
key "rndckey" {
algorithm hmac-md5;
secret "<output of rndc-confgen>";
};Create forward & reversed zone
My example is /etc/namedb/master/comme.ca.zonecomme.ca.zone
$TTL 3600
@ IN SOA ns1.comme.ca. hostmaster.comme.ca. (
2009051501 ; Serial
10800 ; Refresh
3600 ; Retry
604800 ; Expire
86400 ; Minimum TTL
)
; dns servers
NS ns1
; root record
A 192.168.13.10
; records
ns1 IN A 192.168.13.10
ism IN A 192.168.13.10
homme IN A 192.168.13.20
gw IN A 192.168.13.254
pho IN A 192.168.13.40
magbook IN A 192.168.13.30
mynas IN A 192.168.13.80
hp6310 IN A 192.168.13.50
@ IN SOA ns1.comme.ca. hostmaster.comme.ca. (
2009051501 ; Serial
10800 ; Refresh
3600 ; Retry
604800 ; Expire
86400 ; Minimum TTL
)
; dns servers
NS ns1
; root record
A 192.168.13.10
; records
ns1 IN A 192.168.13.10
ism IN A 192.168.13.10
homme IN A 192.168.13.20
gw IN A 192.168.13.254
pho IN A 192.168.13.40
magbook IN A 192.168.13.30
mynas IN A 192.168.13.80
hp6310 IN A 192.168.13.50
13.168.192.rev
$TTL 3600 ;
$ORIGIN 13.168.192.IN-ADDR.ARPA.
@ 1D IN SOA ns1.comme.ca. nsmaster.comme.ca. (
2007050301 ; serial
3H ; refresh
15 ; retry
1w ; expire
3h ; minimum
)
IN NS ns1.comme.ca.
; server host definitions
10 IN PTR ism.comme.ca.
20 IN PTR homme.comme.ca.
30 IN PTR magbook.comme.ca.
254 IN PTR gw.comme.ca.
40 IN PTR pho.comme.ca.
80 IN PTR mynas.comme.ca.
50 IN PTR hp6310.comme.ca.
$ORIGIN 13.168.192.IN-ADDR.ARPA.
@ 1D IN SOA ns1.comme.ca. nsmaster.comme.ca. (
2007050301 ; serial
3H ; refresh
15 ; retry
1w ; expire
3h ; minimum
)
IN NS ns1.comme.ca.
; server host definitions
10 IN PTR ism.comme.ca.
20 IN PTR homme.comme.ca.
30 IN PTR magbook.comme.ca.
254 IN PTR gw.comme.ca.
40 IN PTR pho.comme.ca.
80 IN PTR mynas.comme.ca.
50 IN PTR hp6310.comme.ca.
localhost.rev
$TTL 86400 ;
; could use $ORIGIN 0.0.127.IN-ADDR.ARPA.
@ IN SOA localhost. root.localhost. (
2007050300 ; Serial
3h ; Refresh
15 ; Retry
1w ; Expire
3h ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
; could use $ORIGIN 0.0.127.IN-ADDR.ARPA.
@ IN SOA localhost. root.localhost. (
2007050300 ; Serial
3h ; Refresh
15 ; Retry
1w ; Expire
3h ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
0.0.127.rev
$TTL 3D
@ IN SOA ns.comme.ca. hostmaster.comme.ca. (
1 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D) ; Minimum TTL
NS ns1.comme.ca.
1 PTR localhost.
@ IN SOA ns.comme.ca. hostmaster.comme.ca. (
1 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D) ; Minimum TTL
NS ns1.comme.ca.
1 PTR localhost.
root.hints
. 6D IN NS A.ROOT-SERVERS.NET.
. 6D IN NS B.ROOT-SERVERS.NET.
. 6D IN NS C.ROOT-SERVERS.NET.
. 6D IN NS D.ROOT-SERVERS.NET.
. 6D IN NS E.ROOT-SERVERS.NET.
. 6D IN NS F.ROOT-SERVERS.NET.
. 6D IN NS G.ROOT-SERVERS.NET.
. 6D IN NS H.ROOT-SERVERS.NET.
. 6D IN NS I.ROOT-SERVERS.NET.
. 6D IN NS J.ROOT-SERVERS.NET.
. 6D IN NS K.ROOT-SERVERS.NET.
. 6D IN NS L.ROOT-SERVERS.NET.
. 6D IN NS M.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4
B.ROOT-SERVERS.NET. 6D IN A 192.228.79.201
C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12
D.ROOT-SERVERS.NET. 6D IN A 128.8.10.90
E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10
F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241
G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4
H.ROOT-SERVERS.NET. 6D IN A 128.63.2.53
I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17
J.ROOT-SERVERS.NET. 6D IN A 192.58.128.30
K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129
L.ROOT-SERVERS.NET. 6D IN A 198.32.64.12
M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33
. 6D IN NS B.ROOT-SERVERS.NET.
. 6D IN NS C.ROOT-SERVERS.NET.
. 6D IN NS D.ROOT-SERVERS.NET.
. 6D IN NS E.ROOT-SERVERS.NET.
. 6D IN NS F.ROOT-SERVERS.NET.
. 6D IN NS G.ROOT-SERVERS.NET.
. 6D IN NS H.ROOT-SERVERS.NET.
. 6D IN NS I.ROOT-SERVERS.NET.
. 6D IN NS J.ROOT-SERVERS.NET.
. 6D IN NS K.ROOT-SERVERS.NET.
. 6D IN NS L.ROOT-SERVERS.NET.
. 6D IN NS M.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4
B.ROOT-SERVERS.NET. 6D IN A 192.228.79.201
C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12
D.ROOT-SERVERS.NET. 6D IN A 128.8.10.90
E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10
F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241
G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4
H.ROOT-SERVERS.NET. 6D IN A 128.63.2.53
I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17
J.ROOT-SERVERS.NET. 6D IN A 192.58.128.30
K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129
L.ROOT-SERVERS.NET. 6D IN A 198.32.64.12
M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33
Start named by /etc/rc.d/named forcestart | restart
Bind in 10 minutes
Bind usually comes with Redhat / Freebsd. To configure a simple forwarding nameserver with a local zone, do the followings:Edit named.conf
options {
forwarders {
1.2.3.4;
2.3.4.5;
};
}
zone "mydomain.home" IN {
type master;
file "mydomain.home.zone";
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "1.168.192.ptr";
};Setting up DNS slave
If you have a master zone somewhere, and need to config this DNS as a slave zone, do:options {
...
// Allow notify from the peerdns acl
allow-notify { peerdns; };
// Allow underscores
check-names master ignore;
check-names slave ignore;
...
}
// An example slave zone definition
zone "realdomain.com" {
type slave;
file "realdomain.com.zone";
masters {
7.8.9.0;
};
};On the master, the zone file should look like
$ORIGIN mydomain.home $TTL 3600 mydomain.home. IN SOA ns1.mydomain.home. hostmaster.mydomain.home. ( 2006051501 ; Serial 4d ; Refresh slave 1h ; Retry if refresh fails 4w ; Expire 4h ; Minimum TTL if lookup fails ) IN NS ns1.mydomain.home. IN A 192.168.13.30 ns1 IN A 192.168.13.30 free IN A 192.168.13.30 hopchai.home IN A 192.168.13.2
Finally, the master DNS config should have the followings:
options {
// make sure notify is turned on
// notify no;
// allow transfer to slave dns. localhost are good for testing
allow-transfer { peerdns; localhosts; };
// Allow underscores
check-names master ignore;
check-names slave ignore; Bind DNS SPF record
SPF records can be build on OpenSPF.org [http://www.openspf.org]Inserting a long SPF record is now possible with
IN TXT "v=spf1 ip4:200.1.1.0/24 a ptr a:domain1.com a:domain2.com a:domain4.com " "a:domain3.com a:domain5.com a:domain6.com mx:mx1.com mx:mx2.com mx:mx3.com mx:mx4.com mx:mx5.com include:my_isp.com ~all"
There are no comments on this page. [Add comment]