====== BIND (is there anyting else?) ======
==== DNSSEC ====
dnssec-keygen -a 7 -b 2048 -n ZONE domena.org
dnssec-keygen -f KSK -a 8 -b 4096 -n ZONE domena.org
copy generated files in /etc/bind/keys.
if you put your keys in /etc/bind/keys do not forget about permissions and apparmor!
put this in zone domena.org
inline-signing yes;
auto-dnssec maintain;
key-directory "/etc/bind/keys/domena.org";
sig-validity-interval 3; // default is 30D
use dnssec-dsfromkey to create DS DNS records from **KSK files.**
To enable add to bind.named.options:\\
dnssec-validation auto;
dnssec-enable yes;
dnssec-lookaside auto;
Add DS records at your domain registrar!
check your domain with http://dnsviz.net/
https://www.dns-oarc.net/files/odvr/configs/bind/trusted-keys.conf\\
\\
logging {\\
...\\
category dnssec { null;};};\\
==== Letting bind/named query a specific DNS server for only one specific domain ====
Add to the file **''/etc/bind/named.conf.local''**:
zone "mydomain.com" {
type forward;
forward only;
forwarders { 192.168.0.2; 192.168.0.6; };
};
Of course you need to replace 'mydomain.com' as well as the 2 ip addresses in the 'forwarders'-line.
==== Unsorted ====
host -t txt -c CHAOS version.bind localhost
named - options {version "DNS daemon";};
host -t txt -c CHAOS hostname.bind localhost
gethostbyname()
==== audit dns ====
kernel: audit(1209076817.081:16): type=1503 operation="inode_create" requested_mask="w::" denied_mask="w::" name="/etc/bind/xxxxx.com.hosts.jnl" pid=16561 profile="/usr/sbin/named" namespace="default"
So I had a look in:
''/etc/apparmor.d/usr.sbin.named''
and changed this line:
/etc/bind/** r,
to this:
/etc/bind/** rw,
==== Fixing syntax highlighting in VIM ====
**~/.vimrc**
" BIND zone
au BufNewFile,BufRead */named/db.*,*/bind/master/*,*/bind/slave/*,*/bind/arpa/* call s:StarSetf('bindzone')
" BIND configuration
au BufNewFile,BufRead named.conf,rndc.conf,arpa.conf,named*,master.conf,slave.conf setf named