Generate a rndc key
rndc-confgen -b 512 | grep -m 1 "secret" | cut -d '"' -f 2
Creating a local domain
File path might be a little different on different platforms. The following is based on
FreeBSD 6 and BIND 9.
Edit /etc/namedb/named.conf and at least include the followings:
// Bind9 configuration file
// Below are required for Win32 bind
key "rndc-key" {
algorithm hmac-md5;
secret "<output of rndc-confgen>";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
acl mynets { 192.168.13.0/24; 127.0.0.0/8; };
// Common to Win32 / UNIX
options {
directory "c:\\windows\\system32\\dns\\etc"; // Working directory
// directory "/etc"; // on linux chroot environment
listen-on { 192.168.13.10; 127.0.0.1; 10.0.0.1; };
allow-query { mynets; };
forwarders { // forward to external servers
192.168.13.254;
};
};
view "trusted" {
// allow recursive queries to local networks only
match-clients { mynets; };
recursion yes;
zone "comme.ca" IN {
type master;
file "comme.ca.zone";
allow-transfer { mynets;};
};
zone "13.168.192.in-addr.arpa" IN {
type master;
file "13.168.192.rev";
allow-transfer { mynets;};
};
};
view "untrusted" {
match-clients {"any";};
recursion no;
// zone for caching
zone "." in {
type hint;
file "root.hints";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "0.0.127.rev";
};
Create rndc.key for controlling named
key "rndckey" {
algorithm hmac-md5;
secret "<output of rndc-confgen>";
};
Create forward & reversed zone
My example is /etc/namedb/master/comme.ca.zone
$ORIGIN comme.ca
$TTL 3600
comme.ca. IN SOA ns1.comme.ca. hostmaster.comme.ca. (
2006051501 ; Serial
10800 ; Refresh
3600 ; Retry
604800 ; Expire
86400 ; Minimum TTL
)
; dns servers
IN NS ns1.comme.ca.
; root record
IN A 192.168.13.30
; records
ns1.comme.ca. IN A 192.168.13.30
free.comme.ca. IN A 192.168.13.30
ism.comme.ca. IN A 192.168.13.10
homme.comme.ca. IN A 192.168.13.20
gw.comme.ca. IN A 192.168.13.254
$TTL 3600 ;
$ORIGIN 13.168.192.IN-ADDR.ARPA.
@ 1D IN SOA ns1.comme.ca. nsmaster.comme.ca. (
2007050301 ; serial
3H ; refresh
15 ; retry
1w ; expire
3h ; minimum
)
IN NS ns1.comme.ca.
; server host definitions
10 IN PTR ism.comme.ca.
20 IN PTR homme.comme.ca.
30 IN PTR vm.comme.ca.
254 IN PTR gw.comme.ca.
$TTL 86400 ;
; could use $ORIGIN 0.0.127.IN-ADDR.ARPA.
@ IN SOA localhost. root.localhost. (
2007050300 ; Serial
3h ; Refresh
15 ; Retry
1w ; Expire
3h ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
$TTL 3D
@ IN SOA ns.comme.ca. hostmaster.comme.ca. (
1 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D) ; Minimum TTL
NS ns1.comme.ca.
1 PTR localhost.
. 6D IN NS A.ROOT-SERVERS.NET.
. 6D IN NS B.ROOT-SERVERS.NET.
. 6D IN NS C.ROOT-SERVERS.NET.
. 6D IN NS D.ROOT-SERVERS.NET.
. 6D IN NS E.ROOT-SERVERS.NET.
. 6D IN NS F.ROOT-SERVERS.NET.
. 6D IN NS G.ROOT-SERVERS.NET.
. 6D IN NS H.ROOT-SERVERS.NET.
. 6D IN NS I.ROOT-SERVERS.NET.
. 6D IN NS J.ROOT-SERVERS.NET.
. 6D IN NS K.ROOT-SERVERS.NET.
. 6D IN NS L.ROOT-SERVERS.NET.
. 6D IN NS M.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4
B.ROOT-SERVERS.NET. 6D IN A 192.228.79.201
C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12
D.ROOT-SERVERS.NET. 6D IN A 128.8.10.90
E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10
F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241
G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4
H.ROOT-SERVERS.NET. 6D IN A 128.63.2.53
I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17
J.ROOT-SERVERS.NET. 6D IN A 192.58.128.30
K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129
L.ROOT-SERVERS.NET. 6D IN A 198.32.64.12
M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33
Start named by /etc/rc.d/named forcestart | restart
Bind in 10 minutes
Bind usually comes with Redhat / Freebsd. To configure a simple forwarding nameserver with a local zone, do the followings:
Edit named.conf
options {
forwarders {
1.2.3.4;
2.3.4.5;
};
}
zone "mydomain.home" IN {
type master;
file "mydomain.home.zone";
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "1.168.192.ptr";
};
If you have a DNS server somewhere, and need to config this DNS as a slave zone, do:
zone "realdomain.com" {
type slave;
file "realdomain.com.zone";
masters {
7.8.9.0;
};
};
Then create the master zone file like
$ORIGIN mydomain.home
$TTL 3600
mydomain.home. IN SOA ns1.mydomain.home. hostmaster.mydomain.home. (
2006051501 ; Serial
10800 ; Refresh
3600 ; Retry
604800 ; Expire
86400 ; Minimum TTL
)
IN NS ns1.mydomain.home.
IN A 192.168.13.30
ns1 IN A 192.168.13.30
free IN A 192.168.13.30
hopchai.home IN A 192.168.13.2
Bind DNS SPF record
SPF records can be build on
OpenSPF.org [
http://www.openspf.org∞]
Inserting a long SPF record is now possible with
IN TXT "v=spf1 ip4:200.1.1.0/24 a ptr a:domain1.com
a:domain2.com a:domain4.com " "a:domain3.com a:domain5.com a:domain6.com
mx:mx1.com mx:mx2.com mx:mx3.com mx:mx4.com mx:mx5.com include:my_isp.com ~all"
There are no comments on this page. [Add comment]