BIND DNS

From TheBeard Science Project Wiki
Jump to: navigation, search 
packages:
	bind
	bind-utils
	caching-nameserver (for caching only servers)
	system-config-bind
	bind-chroot

daemons:
	named
	nscd - local dns cache daemon. used for caching on hosts. restart to flush.

configs (Red Hat): 
	/etc/named.conf
	/etc/named
	/etc/named.iscdlv.key
	/etc/named.rfc1912.zones
	/var/named - zone file directory
	/var/named/chroot/var/named - zone file directory if running in chroot

configs (Debian):
	/etc/bind/named.conf
	/etc/bind/named.conf.default-zones
	/etc/bind/named.conf.local
	/etc/bind/named.conf.options

args:
	LISTS ARE PLACES IN { BRACES } AND ";" SEPARATED
	ALL ARGUMENTS FOLLOWED BY ";"
	ARGUMENTS CAN BEGIN WITH "!" AS A NOT STATEMENT (IE !LOCALHOST)
	ARGUMENTS CAN INCLUDE: NONE, ALL, LOCALHOST, LOCALNETS

	listen-on port <port> { <addr>; <addr>; }; - address and port to listen for queries. best to use port 53 and network address address. usually don't want to use this line.
	listen-on-v6 port <port> { <addr>; <addr>; }; - address and port to listen for v6 queries. best to use port 53 and network address address.
	directory "/path"; - path to zone files directory. global only.
	allow-query { <addr>; <addr>; }; - hosts for which the server will answer queries. (ie 192.168.0.0/24 for an ip range). without this, the server answers all. zone, view, or global.
	allow-recursion { <addr>; <addr>; }; - hosts for which the server will perform recursive queries. without this, server does recursive for all. default is 127.0.0.1. view or global.
	allow-transfer { <addr>; <addr>; }; - hosts which are allowed to perform zone transfers from this server. use "none" (include quotes) for none.
	allow-update { <addr>; none; }; - allows updates from master servers
	recursion <yes/no>; - no responds with iterative response/referral. view or global.
	recursive-clients <#>; - number of simultaneous recursive queries. default 1000. global only.
	minimal-responses <yes/no>; - may improve performance. view or global.
	forward <only/first>; - first forwards query then checks its own files. only causes the server to forward only. zone, view, or global.
	forwarders { <addr>; <addr> port <port>; }; - address to be forwarded to. zone, view, or global
	version "text"; - hide version with text to thwart hackers. global only.
	acl "<name>" { <addr>; <addr>; }; - create an acl which can then be applied my name. can contain other acls.
	type <type>; - can include: master, slave, hint (for "." doamin), forward (forward only), stub (not usually used). zone only.
	masters { <addr>; <addr>; }; - use in slave zone to specify masters. zone only.

zone file:
	COMMENTS START WITH ";"

zone file example:

	$TTL 86400								;admin email with "." instead of "@"
	herp.com.	IN SOA	server.herp.com. derp.mail.herp.com. (
										2012021300	; serial
										1D			; refresh
										1H			; retry
										1W			; expire
										3H )		; minimum
				IN	NS			server
				IN	NS			router
				IN	MX 10		server
				IN	A			10.1.2.1 ;no name points to gateway
	router		IN	A			10.1.2.1
	server		IN	A			10.1.2.8
	mail		IN	A			10.1.2.8
	www			IN	A			10.1.2.8
	host1		IN	A			10.1.2.9
				IN	AAAA		::1
Retrieved from "https://beardedmaker.com/wiki/index.php?title=BIND_DNS&oldid=136"