Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
linux:bind [2009/04/28 09:55] greebo |
linux:bind [2015/08/12 14:05] zagi |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== BIND (is there anyting else?) ====== | ====== BIND (is there anyting else?) ====== | ||
- | ===== Speedup tips ===== | + | ==== DNSSEC |
- | > I have built a local DNS server bind (Debian Sarge).The DNS should | + | dnssec-keygen -a 7 -b 2048 -n ZONE domena.org |
- | > accelerate DNS look ups by LAN clients. | + | dnssec-keygen |
- | > But Now, in contrary the local dns is slower than a custom DNS by my | + | |
- | > webhoster :-( | + | |
- | + | ||
- | You should use BIND 9, disable lookups over IPv6 (OPTIONS=" | + | |
- | in / | + | |
- | cache has been filled. | + | |
- | ===== Letting bind/named query a specific DNS server for only one specific domain | + | copy generated files in / |
+ | |||
+ | if you put your keys in / | ||
+ | |||
+ | |||
+ | put this in zone domena.org | ||
+ | |||
+ | inline-signing yes; | ||
+ | auto-dnssec maintain; | ||
+ | key-directory "/ | ||
+ | sig-validity-interval 3; // default is 30D | ||
+ | |||
+ | use dnssec-dsfromkey to create DS from KSK files. | ||
+ | |||
+ | |||
+ | To enable add to bind.named.options: | ||
+ | |||
+ | |||
+ | dnssec-validation auto;\\ | ||
+ | dnssec-enable yes;\\ | ||
+ | dnssec-lookaside auto;\\ | ||
+ | |||
+ | Add DS records at your domain registrar! | ||
+ | |||
+ | |||
+ | check your domain with http:// | ||
+ | |||
+ | |||
+ | https:// | ||
+ | \\ | ||
+ | logging {\\ | ||
+ | ...\\ | ||
+ | category dnssec { null; | ||
+ | |||
+ | |||
+ | ==== Letting bind/named query a specific DNS server for only one specific domain ==== | ||
Add to the file **''/ | Add to the file **''/ | ||
Line 27: | Line 56: | ||
- | ===== Unsorted | + | ==== Unsorted ==== |
Line 39: | Line 68: | ||
- | === audit dns === | + | ==== audit dns ==== |
- | kernel: audit(1209076817.081: | + | < |
- | \\ | + | kernel: audit(1209076817.081: |
- | So I had a look in:\\ | + | </ |
- | / | + | |
- | \\ | + | So I had a look in: |
- | and changed this line:\\ | + | '' |
- | / | + | |
- | \\ | + | and changed this line: |
- | to this:\\ | + | < |
- | / | + | / |
+ | </ | ||
+ | |||
+ | to this: | ||
+ | < | ||
+ | / | ||
+ | </ | ||
+ | |||
+ | ==== Fixing syntax highlighting in VIM ==== | ||
+ | |||
+ | **~/ | ||
+ | < | ||
+ | " BIND zone | ||
+ | au BufNewFile, | ||
+ | " BIND configuration | ||
+ | au BufNewFile, | ||
+ | </ | ||