Wiki

User Tools

Site Tools

Trace:
ubuntu:bind:configure_bind9:my_configuration

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
ubuntu:bind:configure_bind9:my_configuration [2020/12/09 13:58] – created peterubuntu:bind:configure_bind9:my_configuration [2020/12/09 19:32] (current) – [ad-blacklist] peter
Line 3: Line 3:
 This is my current configuration. This is my current configuration.
  
 +===== named.conf =====
 +
 +<file bash /etc/bind/named.conf>
 +// This is the primary configuration file for the BIND DNS server named.
 +//
 +// Please read /usr/share/doc/bind9/README.Debian.gz for information on the·
 +// structure of BIND configuration files in Debian, *BEFORE* you customize·
 +// this configuration file.
 +//
 +// If you are just adding zones, please do that in /etc/bind/named.conf.local
 +
 +include "/etc/bind/named.conf.logging";
 +include "/etc/bind/named.conf.options";
 +include "/etc/bind/named.conf.local";
 +// include "/etc/bind/named.conf.default-zones";
 +</file>
 +
 +<WRAP info>
 +**NOTE:**  The last line is commented out as I am using views, and therefore configured in the **/etc/bind/named.conf.local** file.
 +
 +Without this, errors are seen when trying to start bind.
 +
 +<code bash>
 +named[2211]: /etc/bind/named.conf.default-zones:2: when using 'view' statements, all zones must be in views
 +named[2211]: loading configuration: failure
 +named[2211]: exiting (due to fatal error)
 +</code>
 +
 +</WRAP>
 +
 +----
 +
 +===== named.conf.logging =====
 +
 +<file bash /etc/bind/named.conf.logging>
 +//logging {
 +//  channel querylog{
 +//    file "/var/log/named/querylog";
 +//    severity debug 3;
 +//    print-category yes;
 +//    print-time yes;
 +//    print-severity yes;
 +//  };
 +//  category queries { querylog;};
 +//};
 +
 +
 +
 +logging {
 +  channel default_file {
 +    file "/var/log/named/default.log" versions 3 size 5m;
 +    severity dynamic;
 +//    severity debug 3;
 +    print-category yes;
 +    print-time yes;
 +    print-severity yes;
 +  };
 +  channel general_file {
 +    file "/var/log/named/general.log" versions 3 size 5m;
 +    severity dynamic;
 +//    severity debug 3;
 +    print-category yes;
 +    print-time yes;
 +    print-severity yes;
 +  };
 +  channel database_file {
 +    file "/var/log/named/database.log" versions 3 size 5m;
 +    severity dynamic;
 +    print-category yes;
 +    print-time yes;
 +    print-severity yes;
 +  };
 +  channel security_file {
 +    file "/var/log/named/security.log" versions 3 size 5m;
 +    severity dynamic;
 +    print-category yes;
 +    print-time yes;
 +    print-severity yes;
 +  };
 +  channel config_file {
 +    file "/var/log/named/config.log" versions 3 size 5m;
 +    severity dynamic;
 +    print-category yes;
 +    print-time yes;
 +    print-severity yes;
 +  };
 +  channel resolver_file {
 +    file "/var/log/named/resolver.log" versions 3 size 5m;
 +    severity dynamic;
 +    print-time yes;
 +  };
 +  channel xfer-in_file {
 +    file "/var/log/named/xfer-in.log" versions 3 size 5m;
 +    severity dynamic;
 +    print-category yes;
 +    print-time yes;
 +    print-severity yes;
 +  };
 +  channel xfer-out_file {
 +    file "/var/log/named/xfer-out.log" versions 3 size 5m;
 +    severity dynamic;
 +    print-category yes;
 +    print-time yes;
 +    print-severity yes;
 +  };
 +  channel notify_file {
 +    file "/var/log/named/notify.log" versions 3 size 5m;
 +    severity dynamic;
 +    print-category yes;
 +    print-time yes;
 +    print-severity yes;
 +  };
 +  channel client_file {
 +    file "/var/log/named/client.log" versions 3 size 5m;
 +    severity dynamic;
 +    print-category yes;
 +    print-time yes;
 +    print-severity yes;
 +  };
 +  channel unmatched_file {
 +    file "/var/log/named/unmatched.log" versions 3 size 5m;
 +    severity dynamic;
 +    print-category yes;
 +    print-time yes;
 +    print-severity yes;
 +  };
 +  channel queries_file {
 +    file "/var/log/named/queries.log" versions 3 size 5m;
 +//    severity debug 3;
 +    severity dynamic;
 +    print-category yes;
 +    print-time yes;
 +    print-severity yes;
 +  };
 +  channel network_file {
 +    file "/var/log/named/network.log" versions 3 size 5m;
 +    severity dynamic;
 +    print-category yes;
 +    print-time yes;
 +    print-severity yes;
 +  };
 +  channel update_file {
 +    file "/var/log/named/update.log" versions 3 size 5m;
 +    severity dynamic;
 +    print-category yes;
 +    print-time yes;
 +    print-severity yes;
 +  };
 +  channel dispatch_file {
 +    file "/var/log/named/dispatch.log" versions 3 size 5m;
 +    severity dynamic;
 +    print-category yes;
 +    print-time yes;
 +    print-severity yes;
 +  };
 +  channel dnssec_file {
 +    file "/var/log/named/dnssec.log" versions 3 size 5m;
 +    severity dynamic;
 +    print-category yes;
 +    print-time yes;
 +    print-severity yes;
 +  };
 +  channel lame-servers_file {
 +    file "/var/log/named/lame-servers.log" versions 3 size 5m;
 +    severity dynamic;
 +    print-category yes;
 +    print-time yes;
 +    print-severity yes;
 +  };
 +
 +  category default { default_file; };
 +  category general { general_file; };
 +  category database { database_file; };
 +  category security { security_file; };
 +  category config { config_file; };
 +  category resolver { resolver_file; };
 +  category xfer-in { xfer-in_file; };
 +  category xfer-out { xfer-out_file; };
 +  category notify { notify_file; };
 +  category client { client_file; };
 +  category unmatched { unmatched_file; };
 +  category queries { queries_file; };
 +  category network { network_file; };
 +  category update { update_file; };
 +  category dispatch { dispatch_file; };
 +  category dnssec { dnssec_file; };
 +  category lame-servers { lame-servers_file; };
 +};
 +</file>
 +
 +<WRAP info>
 +**NOTE:**  Extensive logging is done, over and beyond the default.
 +</WRAP>
 +
 +
 +----
 +
 +===== named.conf.options =====
 +
 +<file bash /etc/bind/named.conf.options>
 +acl "trusted" {
 +     192.168.1.0/24;
 +     192.168.50.0/24;
 +     192.168.70.0/24;
 +     172.16.0.0/16;
 +     localhost;
 +     localnets;
 +};
 +
 +
 +options {
 +  directory "/var/cache/bind";
 +
 +  // version statement - inhibited for security
 +  // (avoids hacking any known weaknesses)»·
 +  version "ShareWiz DNS";
 +
 +  // If there is a firewall between you and nameservers you want
 +  // to talk to, you may need to fix the firewall to allow multiple
 +  // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
 +
 +  // If your ISP provided one or more IP addresses for stable·
 +  // nameservers, you probably want to use them as forwarders.··
 +  // Uncomment the following block, and insert the addresses replacing·
 +  // the all-0's placeholder.
 +
 +  // forwarders {
 +  //   0.0.0.0;
 +  // };
 +
 +  forwarders {
 +    // Sure Public DNS
 +    //83.137.248.244;
 +    //93.187.151.197;
 +
 +    // Google Public DNS
 +    //8.8.8.8;
 +    //8.8.4.4;
 +
 +    // OpenDNS
 +    //208.67.222.222;
 +    //208.67.220.220;
 +    
 +    // PI-Hole.
 +    192.168.1.26;
 +    192.168.1.25;
 +  };
 +
 +
 +  //========================================================================
 +  // If named logs error messages about the root key being expired,
 +  // you will need to update your keys.  See https://www.isc.org/named-keys
 +  //========================================================================
 +  #dnssec-validation auto;
 +  dnssec-enable no;
 +  dnssec-validation no;
 +
 +  auth-nxdomain no;    # conform to RFC1035
 +  listen-on-v6 { any; };
 +
 +  allow-query { any; };
 +  allow-transfer { trusted; };
 +  #allow-recursion { trusted; };
 +};
 +</file>
 +
 +----
 +
 +===== named.conf.local =====
 +
 +<file bash /etc/bind/named.conf.local>
 +//
 +// Do any local configuration here.
 +//
 +
 +
 +acl slaves {
 +//    195.234.42.0/24;    // XName
 +//    193.218.105.144/28; // XName
 +//    193.24.212.232/29;  // XName
 +//    212.227.123.29;  // 1& slv2.1and1.co.uk
 +//  192.168.1.26;
 +//  192.168.1.25;
 +};
 +
 +// Any IPs added here will not have ads blocked.
 +// For Virginia.
 +acl allow_ads {
 +//    192.168.1.64;
 +    192.168.1.70;
 +    192.168.1.75;
 +    192.168.1.90;
 +    192.168.1.96;
 +};
 +
 +acl internals {
 +    192.168.1.0/24;
 +    192.168.50.0/24;
 +    192.168.70.0/24;
 +    172.16.0.0/16;
 +    !allow_ads;
 +    127.0.0.0/8;
 +};
 +
 +view "allow_ads" {
 +    match-clients { allow_ads; };
 +    recursion yes;
 +
 +//    type forward;
 +//    forwarders {
 +//        8.8.8.8;
 +//    };
 +
 +    include "/etc/bind/named.conf.default-zones";
 +};
 +
 +view "internal" {
 +    match-clients { internals; };
 +    recursion yes;
 +
 +    zone "sharewiz.net" {
 +        type master;
 +        file "/etc/bind/internals/db.sharewiz.net";
 +        allow-transfer { slaves; };
 +        allow-update { none; };
 +    };
 +
 +    zone "drdizzy.com" {
 +        type master;
 +        file "/etc/bind/internals/db.drdizzy.com";
 +        allow-transfer { slaves; };        
 +        allow-update { none; };
 +    };
 +
 +    zone "magicalentertainmentandsound.com" {
 +        type master;
 +        file "/etc/bind/internals/db.magicalentertainmentandsound.com";
 +        allow-transfer { slaves; };        
 +        allow-update { none; };
 +    };
 +
 +    # Set zone for reverse
 +    zone "1.168.192.in-addr.arpa" {
 +        type master;
 +        file "/etc/bind/internals/1.168.192.db";
 +        allow-transfer { slaves; };        
 +        allow-update { none; };
 +    };
 +
 +    include "/etc/bind/ad-blacklist";
 +    include "/etc/bind/named.conf.default-zones";
 +};
 +
 +view "external" {
 +    match-clients { any; };
 +    allow-query { any; };·
 +    recursion no;
 +
 +    zone "sharewiz.net" {
 +        type master;
 +        file "/etc/bind/externals/db.sharewiz.net";
 +        allow-transfer { slaves; };
 +        allow-update { none; };
 +    };
 +
 +    zone "drdizzy.com" {
 +        type master;
 +        file "/etc/bind/externals/db.drdizzy.com";
 +        allow-transfer { slaves; };
 +        allow-update { none; };
 +    };
 +
 +    zone "magicalentertainmentandsound.com" {
 +        type master;
 +        file "/etc/bind/externals/db.magicalentertainmentandsound.com";
 +        allow-transfer { slaves; };
 +        allow-update { none; };
 +    };
 +
 +    # Set zone for reverse.
 +    zone "35.134.42.5.in-addr.arpa" {
 +        type master;
 +        file "/etc/bind/externals/35.134.42.5.db";
 +        allow-transfer { slaves; };        
 +        allow-update { none; };
 +    };
 +};
 +</file>
 +
 +----
 +
 +===== ad-blacklist =====
 +
 +<file bind ad-blacklist>
 +// For more information about this list, see: https://pgl.yoyo.org/adservers/
 +// ----
 +// last updated:    Tue, 27 Feb 2018 18:17:25 GMT
 +// entries:         2595
 +// format:          bindconfig
 +// credits:         Peter Lowe - pgl@yoyo.org - https://pgl.yoyo.org/
 +// this URL:        http://pgl.yoyo.org/adservers/serverlist.php?hostformat=bindconfig&showintro=0&mimetype=plaintext
 +// other formats:   https://pgl.yoyo.org/adservers/formats.php
 +
 +zone "101com.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "101order.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "123found.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "123freeavatars.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "180hits.de" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "180searchassistant.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "207.net" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "20a840a14a0ef7d6.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "247media.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "24log.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "24log.de" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "24pm-affiliation.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "2mdn.net" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "2o7.net" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "360yield.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "3lift.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "4affiliate.net" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "4d5.net" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "50websads.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "518ad.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "51yes.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "600z.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "777partner.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "77tracking.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "7bpeople.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +zone "7f1au20glg.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
 +...
 +</file>
 +
 +<WRAP info>
 +**NOTE:**  See [[Ubuntu:Bind:Configure Bind9:My Configuration:Ad List|Ad List]] for the full list.
 +
 +If a refreshed file is downloaded, the default file is points to may be **"null.zone.file";**.
 +
 +To change this to point to the **/etc/bind/internals/ad-null.zone**, run the following in vi: <code bash>
 +:%s#null.zone.file#/etc/bind/internals/ad-null.zone#g
 +</code>
 +
 +</WRAP>
 +
 +
 +----
 +
 +===== Internals - ad-null.zone =====
 +
 +<file bind /etc/bind/internals/ad-null.zone>
 +; Ads get redirected to 127.0.0.1
 +  
 +$TTL      86400
 +@         IN      SOA     ads.sharewiz.net. root.sharewiz.net. (
 +                       2017030601 ; Serial
 +                            86400 ; Refresh
 +                              300 ; Retry
 +                           604800 ; Expire
 +                             3600 ; Negative Cache TTL
 +);
 +
 +; define the name server
 +          IN      NS      ns1.sharewiz.net.
 +; define the hostnames
 +@         IN      A       127.0.0.1
 +*         IN      A       127.0.0.1
 +</file>
 +
 +----
 +
 +===== Internals - 1.168.192.db =====
 +
 +<file bind /etc/bind/internals/1.168.192.db>
 +; sharewiz.net
 +$TTL    86400
 +@       IN      SOA     ns1.sharewiz.net. root.sharewiz.net. (
 +                     2020031901 ; Serial
 +                           3600 ; Refresh
 +                           1800 ; Retry
 +                        2419200 ; Expire
 +                          86400 ; Negative Cache TTL
 +);
 +
 +; define the name server
 +        IN      NS      ns1.sharewiz.net.·
 +ns1     IN      A       5.42.134.35
 +
 +; define the range of this domain
 +        IN      PTR     sharewiz.net.
 +        IN      A       255.255.255.0
 +
 +; define the hostnames
 +1       IN      PTR     gateway.sharewiz.net.
 +1       IN      PTR     router.sharewiz.net.
 +2       IN      PTR     server1.sharewiz.net.
 +2       IN      PTR     mail.sharewiz.net.
 +2       IN      PTR     ftp.sharewiz.net.
 +2       IN      PTR     webmail.sharewiz.net.
 +2       IN      PTR     wiki.sharewiz.net.
 +2       IN      PTR     www.sharewiz.net.
 +10      IN      PTR     unifi.sharewiz.net.
 +15      IN      PTR     ap1.sharewiz.net.
 +69      IN      PTR     peter.sharewiz.net.
 +70      IN      PTR     virginia.sharewiz.net.
 +80      IN      PTR     felix.sharewiz.net.
 +90      IN      PTR     felix2.sharewiz.net.
 +99      IN      PTR     extender.sharewiz.net.
 +100     IN      PTR     printer.sharewiz.net.
 +
 +; define drdizzy.com
 +        IN      PTR     drdizzy.com.
 +        IN      PTR     www.drdizzy.com.
 +
 +; define magicalentertainmentandsound.com
 +        IN      PTR     magicalentertainmentandsound.com.
 +        IN      PTR     www.magicalentertainmentandsound.com.
 +</file>
 +
 +
 +----
 +
 +===== Internals - db.sharewiz.net =====
 +
 +<file bind /etc/bind/internals/db.sharewiz.net>
 +; sharewiz.net
 +$TTL      86400
 +@         IN      SOA     ns1.sharewiz.net. root.sharewiz.net. (
 +                       2020031901 ; Serial
 +                             3600 ; Refresh
 +                             1800 ; Retry
 +                          2419200 ; Expire
 +                            86400 ; Negative Cache TTL
 +);
 +
 +; define the name server
 +          IN      NS      ns1.sharewiz.net.
 +
 +; define the name server IP address
 +          IN      A       192.168.1.2
 +
 +; define the mail exchanger
 +          IN      MX      10 mail.sharewiz.net.
 +mail      IN      A       192.168.1.2
 +
 +; define the hostnames
 +gateway   IN      A       192.168.1.1
 +router    IN      A       192.168.1.1
 +ns1       IN      A       192.168.1.2
 +ftp       IN      A       192.168.1.2
 +server1   IN      A       192.168.1.2
 +webmail   IN      A       192.168.1.2
 +wiki      IN      A       192.168.1.2
 +www       IN      A       192.168.1.2
 +;www       CNAME   @
 +*         IN      A       192.168.1.2
 +@         IN      A       192.168.1.2
 +nas       IN      A       192.168.1.5
 +switch    IN      A       192.168.1.20
 +shield    IN      A       192.168.1.64
 +peter     IN      A       192.168.1.69
 +virginia  IN      A       192.168.1.70
 +felix     IN      A       192.168.1.80
 +felix2    IN      A       192.168.1.90
 +printer   IN      A       192.168.1.100
 +extender  IN      A       192.168.1.250
 +
 +; define the SPF
 +sharewiz.net.        IN      TXT     "v=spf1 a ip4:5.42.134.35 -all"
 +;sharewiz.net.        IN      SPF     "v=spf1 a ip4:5.42.134.35 -all"
 +
 +; define the DMARC
 +;_dmarc  IN      TXT     "v=DMARC1;p=none;rua=mailto:peter@sharewiz.net;ruf=mailto:peter@sharewiz.net"
 +_dmarc.sharewiz.net. IN TXT "v=DMARC1; p=none; sp=none; rua=mailto:peter@sharewiz.net; ruf=mailto:peter@sharewiz.net; rf=afrf; pct=100; ri=86400"
 +</file>
 +
 +----
 +
 +===== Externals - 35.134.42.5.db =====
 +
 +<file bind /etc/bind/externals/35.134.42.5.db>
 +; sharewiz.net
 +$TTL    86400
 +@       IN      SOA     ns1.sharewiz.net. root.sharewiz.net. (
 +                     2016101801 ; Serial
 +                           3600 ; Refresh
 +                           1800 ; Retry
 +                        2419200 ; Expire
 +                          86400 ; Negative Cache TTL
 +
 +);
 +
 +; define the name server
 +;        IN      NS      ns1.server1.net.
 +        IN      NS      ns1.sharewiz.net.
 +ns1     IN      A       5.42.134.35
 +;        IN      NS      ns1.drdizzy.com.
 +
 +; define the range of this domain
 +        IN      PTR     sharewiz.net.
 +;        IN      A       255.255.255.248
 +
 +; define the hostnames
 +        IN      PTR     ns1.sharewiz.net.
 +        IN      PTR     router.sharewiz.net.
 +        IN      PTR     server1.sharewiz.net.
 +        IN      PTR     mail.sharewiz.net.
 +        IN      PTR     ftp.sharewiz.net.
 +        IN      PTR     web.sharewiz.net.
 +        IN      PTR     webmail.sharewiz.net.
 +        IN      PTR     www.sharewiz.net.
 +
 +; define drdizzy.com
 +        IN      PTR     drdizzy.com.
 +        IN      PTR     www.drdizzy.com.
 +
 +; define magicalentertainmentandsound.com
 +        IN      PTR     magicalentertainmentandsound.com.
 +        IN      PTR     www.magicalentertainmentandsound.com.
 +</file>
 +
 +----
 +
 +===== Externals - db.sharewiz.net =====
 +
 +<file bash /etc/bind/externals/db.sharewiz.net>
 +; sharewiz.net
 +$TTL    86400
 +@       IN      SOA     ns1.sharewiz.net. root.sharewiz.net. (
 +                     2016101605 ; Serial
 +                           3600 ; Refresh
 +                           1800 ; Retry
 +                        2419200 ; Expire
 +                          86400 ; Negative Cache TTL
 +);
 +
 +; define the name server
 +        IN      NS      ns1.sharewiz.net.
 +;»IN»·NS»·slv2.1and1.co.uk.
 +
 +; define the name server IP address
 +        IN      A       5.42.134.35
 +
 +; define the mail exchanger
 +        IN      MX      10 mail.sharewiz.net.
 +mail    IN      A       5.42.134.35
 +
 +; define the hostnames
 +ns1     IN      A       5.42.134.35
 +ftp     IN      A       5.42.134.35
 +router  IN      A       5.42.134.35
 +server1 IN      A       5.42.134.35
 +webmail IN      A       5.42.134.35
 +www     IN      A       5.42.134.35
 +;www     CNAME   @
 +*»      IN»·    A»      5.42.134.35
 +
 +; define the SPF
 +sharewiz.net.»IN»·TXT»"v=spf1 a ip4:5.42.134.35 -all"
 +;sharewiz.net.»·IN»·SPF»"v=spf1 a ip4:5.42.134.35 -all"
 +
 +; define the SenderID
 +;sharewiz.net. IN  TXT "spf2.0/pra a include:mail.sharewiz.net -all"
 +
 +; define the DMARC
 +;_dmarc  IN»TXT»"v=DMARC1;p=none;rua=mailto:peter@sharewiz.net;ruf=mailto:peter@sharewiz.net"
 +_dmarc.sharewiz.net. IN TXT "v=DMARC1; p=none; sp=none; rua=mailto:peter@sharewiz.net; ruf=mailto:peter@sharewiz.net; rf=afrf; pct=100; ri=86400"
 +</file>
  
  
ubuntu/bind/configure_bind9/my_configuration.1607522316.txt.gz · Last modified: 2020/12/09 13:58 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki