[[linux:bind]]
Trace:
Show page
AdminRecent ChangesSitemap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
linux:bind [2010/08/03 16:04]
greebo 		linux:bind [2015/08/12 14:46] (current)
zagi
Line 2: Line 2:
  
 ==== DNSSEC ==== ==== DNSSEC ====
 +
 +  dnssec-keygen -a 7 -b 2048 -n ZONE domena.org
 +  dnssec-keygen -f KSK -a 8 -b 4096 -n ZONE domena.org
 +
 +copy generated files in /etc/bind/keys.
 +
 +if you put your keys in /etc/bind/keys do not forget about permissions and apparmor!
 +
 +
 +put this in zone domena.org
 +
 +  inline-signing yes;
 +  auto-dnssec maintain;
 +  key-directory "/etc/bind/keys/domena.org";
 +  sig-validity-interval 3;  // default is 30D
 +
 +use dnssec-dsfromkey to create DS DNS records from **KSK files.**
 +
  
 To enable add to bind.named.options:\\ To enable add to bind.named.options:\\
  
-dnssec-enable yes;\\ 
-dnssec-validation yes;\\ 
  
 +  dnssec-validation auto;
 +  dnssec-enable yes;
 +  dnssec-lookaside auto;
  
 +Add DS records at your domain registrar!
  
-===== Speedup tips ===== 
  
-  > I have built a local DNS server bind (Debian Sarge).The DNS should +check your domain with  http://dnsviz.net/
-  > accelerate DNS look ups by LAN clients. +
-  > But Now, in contrary the local dns is slower than a custom DNS by my +
-  > webhoster :-( +
-   +
-  You should use BIND 9, disable lookups over IPv6 (OPTIONS="-u bind -4" +
-  in /etc/defaults/bind9), and you need to wait a bit until the local +
-  cache has been filled.+
  
-===== Letting bind/named query a specific DNS server for only one specific domain =====+ 
 +https://www.dns-oarc.net/files/odvr/configs/bind/trusted-keys.conf\\ 
 +\\ 
 +logging {\\ 
 +...\\ 
 +        category dnssec { null;};};\\ 
 + 
 + 
 +==== Letting bind/named query a specific DNS server for only one specific domain ====
  
 Add to the file **''/etc/bind/named.conf.local''**: Add to the file **''/etc/bind/named.conf.local''**:
Line 36: Line 56:
  
  
-===== Unsorted =====+==== Unsorted ====
  
  
Line 48: Line 68:
  
  
-=== audit dns === +==== audit dns ===
-kernel: audit(1209076817.081:16): type=1503 operation="inode_create" requested_mask="w::" denied_mask="w::" name="/etc\\/bind/xxxxx.com.hosts.jnl" pid=16561 profile="/usr/sbin/named" namespace="default"\\ +<code> 
-\\ +kernel: audit(1209076817.081:16): type=1503 operation="inode_create" requested_mask="w::" denied_mask="w::" name="/etc/bind/xxxxx.com.hosts.jnl" pid=16561 profile="/usr/sbin/named" namespace="default" 
-So I had a look in:\\ +</code> 
-/etc/apparmor.d/usr.sbin.named\\ + 
-\\ +So I had a look in: 
-and changed this line:\\ +''/etc/apparmor.d/usr.sbin.named'' 
-/etc/bind/** r,\\ + 
-\\ +and changed this line: 
-to this:\\ +<code> 
-/etc/bind/** rw,\\+/etc/bind/** r, 
 +</code> 
 + 
 +to this: 
 +<code> 
 +/etc/bind/** rw, 
 +</code> 
 + 
 +==== Fixing syntax highlighting in VIM ==== 
 + 
 +**~/.vimrc** 
 +<code> 
 +" BIND zone 
 +au BufNewFile,BufRead */named/db.*,*/bind/master/*,*/bind/slave/*,*/bind/arpa/* call s:StarSetf('bindzone'
 +" BIND configuration 
 +au BufNewFile,BufRead named.conf,rndc.conf,arpa.conf,named*,master.conf,slave.conf      setf named 
 +</code>
  
linux/bind.1280844246.txt.gz · Last modified: 2010/08/03 16:04 by greebo
Show pageOld revisions
Media ManagerBack to top
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready