iw/servercode
1
0
Fork 0
mirror of https://github.com/IntenseWebs/servercode.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
3053cd2d44119e10b8d019dea06f58179ab610fb
servercode/bind9.txt
IntenseWebs eca0778c40 Added README.md and update debian networking and bind
2023-12-02 10:15:56 -06:00

260 lines
7.1 KiB
Plaintext
Raw Blame History

# Bind 9 DNS
https://wpcademy.com/how-to-install-bind9-dns-server-on-ubuntu-step-by-step/
https://www.linuxtechi.com/install-configure-bind-9-dns-server-ubuntu-debian/
https://www.isc.org/bind/
https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-private-network-dns-server-on-debian-9
# DMZ STEALTH SERVER, SPLIT-HORIZON, SPLIT-BRAIN DNS
https://www.cyberciti.biz/faq/linux-unix-bind9-named-configure-views/
https://www.zytrax.com/books/dns/ch4/#split
# Misc re-used commands
sudo systemctl status named
sudo systemctl restart bind9
sudo systemctl status bind9
suso systemctl restart bind9.service
sudo service bind9 restart
sudo named-checkconf
sudo named-checkzone intensewebs.com /var/lib/bind/db.intensewebs.com
sudo tail -f /var/log/syslog
sudo apt update && sudo apt upgrade -y
sudo apt install -y bind9 bind9utils bind9-doc dnsutils
cd /etc/bind
# Copy/Backup your files
sudo cp /etc/bind/named.conf.options /etc/bind/named.conf.options.backup
sudo vi /etc/bind/named.conf.options
acl trustedclients {
localhost;
localnets;
192.168.1.140 #ns1.intensewebs.com
192.168.1.141 #ns2.intensewebs.com
192.168.1.142 #ns3.intensewebs.com
192.168.1.143 #ns4.intensewebs.com
192.168.1.0/24;
192.168.2.0/24;
};
options {
directory "/var/cache/bind";
recursion yes;
allow-query { trustedclients; };
allow-query-cache { trustedclients; };
allow-recursion { trustedclients; };
forwarders {
9.9.9.9;
149.112.112.112;
};
dnssec-validation no;
listen-on-v6 { any; };
};
# NOTE: DNSSec disabled as it was found to cause issues for Ubuntu 20.04
# 4) Define zone files backup the existing file named.conf.local e.g.
sudo cp /etc/bind/named.conf.local /etc/bind/named.conf.local.bak
sudo vi named.conf.local
so it looks something like this
zone "intensewebs.com" {
type master;
file "/var/lib/bind/db.intensewebs.com";
allow-transfer { 192.168.1.141; };
also-notify { 192.168.1.141; };
};
zone "nukvm.org" {
type master;
file "/var/lib/bind/db.nukvm.org";
allow-transfer { 192.168.1.141; };
also-notify { 192.168.1.141; };
};
zone "iweb.city" {
type master;
file "/var/lib/bind/db.iweb.city";
allow-transfer { 192.168.1.141; };
also-notify { 192.168.1.141; };
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/var/lib/bind/db.1.168.192";
allow-transfer { 192.168.1.141; };
also-notify { 192.168.1.141; };
};
check the file for errors
sudo named-checkconf
5) Create a forward lookup zone in /var/lib/bind. Copy an existing file to one with the name used before e.g.
sudo cp /etc/bind/db.local /var/lib/bind/db.intensewebs.com
sudo vi db.intensewebs.com
$ORIGIN intensewebs.com.
$TTL 604800
;
@ IN SOA ns1.intensewebs.com. dns.intensewebs.com. (
58 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
IN NS ns1.intensewebs.com.
IN NS ns2.intensewebs.com.
;
IN MX 10 mail.intensewebs.com.
;
alma1 IN A 192.168.1.121
git IN A 192.168.1.123
ipa1 IN A 192.168.1.124
ipa2 IN A 192.168.1.125
pg IN A 192.168.1.126
;
ns1 IN A 192.168.1.140
ns2 IN A 192.168.1.141
tdebian IN A 192.168.1.200
sd IN A 192.168.1.222
superdog IN A 192.168.1.223
;
ftp IN A 74.63.233.135
mail IN A 74.63.233.135
webmail IN A 74.63.233.135
www IN A 74.63.233.135
;
t IN A 129.146.170.34
lab IN A 129.146.170.34
;
u IN A 129.153.118.150
# check the file syntax
sudo named-checkzone intensewebs.com db.intensewebs.com
6) Create a reverse lookup zone
using same name specified in named- edit the file e.g.
sudo vi db.1.168.192
$TTL 604800
@ IN SOA ns1.intensewebs.com. dns.intensewebs.com. (
58 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
IN NS ns1.intensewebs.com.
IN NS ns2.intensewebs.com.
ns1.intensewebs.com. IN A 192.168.1.140
ns2.intensewebs.com. IN A 192.168.1.141
3 IN PTR giti.iweb.city
4 IN PTR ng1.iweb.city
66 IN PTR gitea.nukvm.org
121 IN PTR alma1.intensewebs.com
123 IN PTR git.intensewebs.com
124 IN PTR ipa1.intensewebs.com
125 IN PTR ipa2.intensewebs.com
126 IN PTR pg.intensewebs.com
140 IN PTR ns1.intensewebs.com
141 IN PTR ns2.intensewebs.com
200 IN PTR tdebian.intensewebs.com
201 IN PTR tnginx.iweb.city
222 IN PTR sd.intensewebs.com
223 IN PTR superdog.intensewebs.com
sudo named-checkzone 1.168.192.in-addr.arpa db.1.168.192
7) Edit the server's DNS entry to use it's own DNS server
vi /etc/resolv.conf
domain intensewebs.com
search intensewebs.com
nameserver 192.168.1.140
nameserver 192.168.1.141
8) Start and test DNS
sudo systemctl start named
sudo systemctl enable named
sudo systemctl start bind9
sudo systemctl status bind9
sudo systemctl status named
test DNS is working e.g.
host git.intensewebs.com
host 192.168.1.122
ping www.amazon.com
---------------------------------------
SECONDARY
sudo vi /etc/bind/named.conf.local
zone "intensewebs.com" {
type slave;
file "/var/lib/bind/db.intensewebs.com";
masters { 192.168.1.140; };
};
zone "nukvm.org" {
type slave;
file "/var/lib/bind/db.nukvm.org";
masters { 192.168.1.140; };
};
zone "iweb.city" {
type slave;
file "/var/lib/bind/db.iweb.city";
masters { 192.168.1.140; };
};
zone "1.168.192.in-addr.arpa" {
type slave;
file "/var/lib/bind/db.1.168.192";
masters { 192.168.1.140; };
};
sudo systemctl restart bind9
sudo systemctl status bind9
sudo vi /etc/bind/named.conf.options
acl trustedclients {
localhost;
localnets;
192.168.1.140 #ns1.intensewebs.com
192.168.1.141 #ns2.intensewebs.com
192.168.1.142 #ns3.intensewebs.com
192.168.1.143 #ns4.intensewebs.com
192.168.1.0/24;
192.168.2.0/24;
};
options {
directory "/var/cache/bind";
recursion yes;
allow-query { trustedclients; };
allow-query-cache { trustedclients; };
allow-recursion { trustedclients; };
forwarders {
9.9.9.9;
149.112.112.112;
};
dnssec-validation no;
listen-on-v6 { any; };
};
Reference in New Issue View Git Blame Copy Permalink