[[linux:bind]]
Trace:
Show page
AdminRecent ChangesSitemap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
linux:bind [2006/05/10 10:43]
a created 		linux:bind [2015/08/12 14:46] (current)
zagi
Line 1: Line 1:
 ====== BIND (is there anyting else?) ====== ====== BIND (is there anyting else?) ======
  
-**Speedup tips**+==== DNSSEC ====
  
-  > I have built local DNS server bind (Debian Sarge).The DNS should +  dnssec-keygen -7 -b 2048 -n ZONE domena.org 
-  > accelerate DNS look ups by LAN clients+  dnssec-keygen -f KSK -a 8 -b 4096 -n ZONE domena.org 
-  > But Now, in contrary the local dns is slower than a custom DNS by my + 
-  > webhoster :-( +copy generated files in /etc/bind/keys. 
-   + 
-  You should use BIND 9, disable lookups over IPv6 (OPTIONS="-bind -4+if you put your keys in /etc/bind/keys do not forget about permissions and apparmor! 
-  in /etc/defaults/bind9), and you need to wait a bit until the local + 
-  cache has been filled.+ 
 +put this in zone domena.org 
 + 
 +  inline-signing yes; 
 +  auto-dnssec maintain; 
 +  key-directory "/etc/bind/keys/domena.org"; 
 +  sig-validity-interval 3;  // default is 30D 
 + 
 +use dnssec-dsfromkey to create DS DNS records from **KSK files.** 
 + 
 + 
 +To enable add to bind.named.options:\\ 
 + 
 + 
 +  dnssec-validation auto; 
 +  dnssec-enable yes; 
 +  dnssec-lookaside auto; 
 + 
 +Add DS records at your domain registrar! 
 + 
 + 
 +check your domain with  http://dnsviz.net/ 
 + 
 + 
 +https://www.dns-oarc.net/files/odvr/configs/bind/trusted-keys.conf\\ 
 +\\ 
 +logging {\\ 
 +...\\ 
 +        category dnssec { null;};};\\ 
 + 
 + 
 +==== Letting bind/named query a specific DNS server for only one specific domain ==== 
 + 
 +Add to the file **''/etc/bind/named.conf.local''**: 
 + 
 +<code> 
 +zone "mydomain.com"
 + type forward; 
 + forward only; 
 + forwarders { 192.168.0.2; 192.168.0.6; }; 
 +}; 
 +</code> 
 + 
 +Of course you need to replace 'mydomain.com' as well as the 2 ip addresses in the 'forwarders'-line. 
 + 
 + 
 +==== Unsorted ==== 
 + 
 + 
 +host -t txt -c CHAOS version.bind localhost 
 + 
 +named options {version "DNS daemon";}; 
 + 
 +host -t txt -c CHAOS hostname.bind localhost 
 + 
 +gethostbyname() 
 + 
 + 
 +==== audit dns ==== 
 +<code> 
 +kernel: audit(1209076817.081:16): type=1503 operation="inode_create" requested_mask="w::" denied_mask="w::" name="/etc/bind/xxxxx.com.hosts.jnl" pid=16561 profile="/usr/sbin/named" namespace="default" 
 +</code> 
 + 
 +So I had a look in
 +''/etc/apparmor.d/usr.sbin.named'' 
 + 
 +and changed this line: 
 +<code> 
 +/etc/bind/** r, 
 +</code> 
 + 
 +to this: 
 +<code> 
 +/etc/bind/** rw, 
 +</code> 
 + 
 +==== Fixing syntax highlighting in VIM ==== 
 + 
 +**~/.vimrc** 
 +<code> 
 +" BIND zone 
 +au BufNewFile,BufRead */named/db.*,*/bind/master/*,*/bind/slave/*,*/bind/arpa/* call s:StarSetf('bindzone'
 +" BIND configuration 
 +au BufNewFile,BufRead named.conf,rndc.conf,arpa.conf,named*,master.conf,slave.conf      setf named 
 +</code>
  
linux/bind.1147250586.txt.gz · Last modified: 2009/05/25 00:34 (external edit)
Show pageOld revisions
Media ManagerBack to top
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready