====== Networking - DNS - Bind - Setup Bind9 ======
===== named.conf =====
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the·
// structure of BIND configuration files in Debian, *BEFORE* you customize·
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.logging";
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
// include "/etc/bind/named.conf.default-zones";
----
===== named.conf.logging =====
//logging {
// channel querylog{
// file "/var/log/named/querylog";
// severity debug 3;
// print-category yes;
// print-time yes;
// print-severity yes;
// };
// category queries { querylog;};
//};
logging {
channel default_file {
file "/var/log/named/default.log" versions 3 size 5m;
severity dynamic;
// severity debug 3;
print-category yes;
print-time yes;
print-severity yes;
};
channel general_file {
file "/var/log/named/general.log" versions 3 size 5m;
severity dynamic;
// severity debug 3;
print-category yes;
print-time yes;
print-severity yes;
};
channel database_file {
file "/var/log/named/database.log" versions 3 size 5m;
severity dynamic;
print-category yes;
print-time yes;
print-severity yes;
};
channel security_file {
file "/var/log/named/security.log" versions 3 size 5m;
severity dynamic;
print-category yes;
print-time yes;
print-severity yes;
};
channel config_file {
file "/var/log/named/config.log" versions 3 size 5m;
severity dynamic;
print-category yes;
print-time yes;
print-severity yes;
};
channel resolver_file {
file "/var/log/named/resolver.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel xfer-in_file {
file "/var/log/named/xfer-in.log" versions 3 size 5m;
severity dynamic;
print-category yes;
print-time yes;
print-severity yes;
};
channel xfer-out_file {
file "/var/log/named/xfer-out.log" versions 3 size 5m;
severity dynamic;
print-category yes;
print-time yes;
print-severity yes;
};
channel notify_file {
file "/var/log/named/notify.log" versions 3 size 5m;
severity dynamic;
print-category yes;
print-time yes;
print-severity yes;
};
channel client_file {
file "/var/log/named/client.log" versions 3 size 5m;
severity dynamic;
print-category yes;
print-time yes;
print-severity yes;
};
channel unmatched_file {
file "/var/log/named/unmatched.log" versions 3 size 5m;
severity dynamic;
print-category yes;
print-time yes;
print-severity yes;
};
channel queries_file {
file "/var/log/named/queries.log" versions 3 size 5m;
// severity debug 3;
severity dynamic;
print-category yes;
print-time yes;
print-severity yes;
};
channel network_file {
file "/var/log/named/network.log" versions 3 size 5m;
severity dynamic;
print-category yes;
print-time yes;
print-severity yes;
};
channel update_file {
file "/var/log/named/update.log" versions 3 size 5m;
severity dynamic;
print-category yes;
print-time yes;
print-severity yes;
};
channel dispatch_file {
file "/var/log/named/dispatch.log" versions 3 size 5m;
severity dynamic;
print-category yes;
print-time yes;
print-severity yes;
};
channel dnssec_file {
file "/var/log/named/dnssec.log" versions 3 size 5m;
severity dynamic;
print-category yes;
print-time yes;
print-severity yes;
};
channel lame-servers_file {
file "/var/log/named/lame-servers.log" versions 3 size 5m;
severity dynamic;
print-category yes;
print-time yes;
print-severity yes;
};
category default { default_file; };
category general { general_file; };
category database { database_file; };
category security { security_file; };
category config { config_file; };
category resolver { resolver_file; };
category xfer-in { xfer-in_file; };
category xfer-out { xfer-out_file; };
category notify { notify_file; };
category client { client_file; };
category unmatched { unmatched_file; };
category queries { queries_file; };
category network { network_file; };
category update { update_file; };
category dispatch { dispatch_file; };
category dnssec { dnssec_file; };
category lame-servers { lame-servers_file; };
};
----
===== named.conf.options =====
acl "trusted" {
192.168.1.0/24;
192.168.50.0/24;
192.168.70.0/24;
172.16.0.0/16;
localhost;
localnets;
};
options {
directory "/var/cache/bind";
// version statement - inhibited for security
// (avoids hacking any known weaknesses)»·
version "ShareWiz DNS";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable·
// nameservers, you probably want to use them as forwarders.··
// Uncomment the following block, and insert the addresses replacing·
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
forwarders {
// Sure Public DNS
//83.137.248.244;
//93.187.151.197;
// Google Public DNS
//8.8.8.8;
//8.8.4.4;
// OpenDNS
208.67.222.222;
208.67.220.220;
};
//========================================================================
// If named logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/named-keys
//========================================================================
#dnssec-validation auto;
dnssec-enable no;
dnssec-validation no;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
allow-query { any; };
allow-transfer { trusted; };
#allow-recursion { trusted; };
};
----
===== named.conf.local =====
//
// Do any local configuration here.
//
acl slaves {
// 195.234.42.0/24; // XName
// 193.218.105.144/28; // XName
// 193.24.212.232/29; // XName
212.227.123.29; // 1&1 slv2.1and1.co.uk
};
// Any IPs added here will not have ads blocked.
// For Virginia.
acl allow_ads {
// 192.168.1.64;
192.168.1.70;
192.168.1.75;
192.168.1.90;
192.168.1.96;
};
acl internals {
192.168.1.0/24;
192.168.50.0/24;
192.168.70.0/24;
172.16.0.0/16;
!allow_ads;
127.0.0.0/8;
};
view "allow_ads" {
match-clients { allow_ads; };
recursion yes;
// type forward;
// forwarders {
// 8.8.8.8;
// };
include "/etc/bind/named.conf.default-zones";
};
view "internal" {
match-clients { internals; };
recursion yes;
zone "sharewiz.net" {
type master;
file "/etc/bind/internals/db.sharewiz.net";
allow-update { none; };
};
zone "drdizzy.com" {
type master;
file "/etc/bind/internals/db.drdizzy.com";
allow-update { none; };
};
zone "magicalentertainmentandsound.com" {
type master;
file "/etc/bind/internals/db.magicalentertainmentandsound.com";
allow-update { none; };
};
# Set zone for reverse
zone "1.168.192.in-addr.arpa" {
type master;
file "/etc/bind/internals/1.168.192.db";
allow-update { none; };
};
include "/etc/bind/ad-blacklist";
include "/etc/bind/named.conf.default-zones";
};
view "external" {
match-clients { any; };
allow-query { any; };·
recursion no;
zone "sharewiz.net" {
type master;
file "/etc/bind/externals/db.sharewiz.net";
allow-transfer { slaves; };
allow-update { none; };
};
zone "drdizzy.com" {
type master;
file "/etc/bind/externals/db.drdizzy.com";
allow-transfer { slaves; };
allow-update { none; };
};
zone "magicalentertainmentandsound.com" {
type master;
file "/etc/bind/externals/db.magicalentertainmentandsound.com";
allow-transfer { slaves; };
allow-update { none; };
};
# Set zone for reverse.
zone "35.134.42.5.in-addr.arpa" {
type master;
file "/etc/bind/externals/35.134.42.5.db";
allow-update { none; };
};
};
----
===== ad-blacklist =====
// For more information about this list, see: https://pgl.yoyo.org/adservers/
// ----
// last updated: Tue, 27 Feb 2018 18:17:25 GMT
// entries: 2595
// format: bindconfig
// credits: Peter Lowe - pgl@yoyo.org - https://pgl.yoyo.org/
// this URL: http://pgl.yoyo.org/adservers/serverlist.php?hostformat=bindconfig&showintro=0&mimetype=plaintext
// other formats: https://pgl.yoyo.org/adservers/formats.php
zone "101com.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
zone "101order.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
zone "123found.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
zone "123freeavatars.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
zone "180hits.de" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
zone "180searchassistant.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
zone "207.net" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
zone "20a840a14a0ef7d6.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
zone "247media.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
zone "24log.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
zone "24log.de" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
zone "24pm-affiliation.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
zone "2mdn.net" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
zone "2o7.net" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
zone "360yield.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
zone "3lift.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
zone "4affiliate.net" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
zone "4d5.net" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
zone "50websads.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
zone "518ad.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
zone "51yes.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
zone "600z.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
zone "777partner.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
zone "77tracking.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
zone "7bpeople.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
zone "7f1au20glg.com" { type master; notify no; file "/etc/bind/internals/ad-null.zone"; };
...
----
===== Internals - ad-null.zone =====
; Ads get redirected to 127.0.0.1
$TTL 86400
@ IN SOA ads.sharewiz.net. root.sharewiz.net. (
2017030601 ; Serial
86400 ; Refresh
300 ; Retry
604800 ; Expire
3600 ; Negative Cache TTL
);
; define the name server
IN NS ns1.sharewiz.net.
; define the hostnames
@ IN A 127.0.0.1
* IN A 127.0.0.1
----
===== Internals - 1.168.192.db =====
; sharewiz.net
$TTL 86400
@ IN SOA ns1.sharewiz.net. root.sharewiz.net. (
2020031901 ; Serial
3600 ; Refresh
1800 ; Retry
2419200 ; Expire
86400 ; Negative Cache TTL
);
; define the name server
IN NS ns1.sharewiz.net.·
ns1 IN A 5.42.134.35
; define the range of this domain
IN PTR sharewiz.net.
IN A 255.255.255.0
; define the hostnames
1 IN PTR gateway.sharewiz.net.
1 IN PTR router.sharewiz.net.
2 IN PTR server1.sharewiz.net.
2 IN PTR mail.sharewiz.net.
2 IN PTR ftp.sharewiz.net.
2 IN PTR webmail.sharewiz.net.
2 IN PTR wiki.sharewiz.net.
2 IN PTR www.sharewiz.net.
10 IN PTR unifi.sharewiz.net.
15 IN PTR ap1.sharewiz.net.
69 IN PTR peter.sharewiz.net.
70 IN PTR virginia.sharewiz.net.
80 IN PTR felix.sharewiz.net.
90 IN PTR felix2.sharewiz.net.
99 IN PTR extender.sharewiz.net.
100 IN PTR printer.sharewiz.net.
; define drdizzy.com
IN PTR drdizzy.com.
IN PTR www.drdizzy.com.
; define magicalentertainmentandsound.com
IN PTR magicalentertainmentandsound.com.
IN PTR www.magicalentertainmentandsound.com.
----
===== Internals - db.sharewiz.net =====
; sharewiz.net
$TTL 86400
@ IN SOA ns1.sharewiz.net. root.sharewiz.net. (
2020031901 ; Serial
3600 ; Refresh
1800 ; Retry
2419200 ; Expire
86400 ; Negative Cache TTL
);
; define the name server
IN NS ns1.sharewiz.net.
; define the name server IP address
IN A 192.168.1.2
; define the mail exchanger
IN MX 10 mail.sharewiz.net.
mail IN A 192.168.1.2
; define the hostnames
gateway IN A 192.168.1.1
router IN A 192.168.1.1
ns1 IN A 192.168.1.2
ftp IN A 192.168.1.2
server1 IN A 192.168.1.2
webmail IN A 192.168.1.2
wiki IN A 192.168.1.2
www IN A 192.168.1.2
;www CNAME @
* IN A 192.168.1.2
@ IN A 192.168.1.2
nas IN A 192.168.1.5
switch IN A 192.168.1.20
shield IN A 192.168.1.64
peter IN A 192.168.1.69
virginia IN A 192.168.1.70
felix IN A 192.168.1.80
felix2 IN A 192.168.1.90
printer IN A 192.168.1.100
extender IN A 192.168.1.250
; define the SPF
sharewiz.net. IN TXT "v=spf1 a ip4:5.42.134.35 -all"
;sharewiz.net. IN SPF "v=spf1 a ip4:5.42.134.35 -all"
; define the DMARC
;_dmarc IN TXT "v=DMARC1;p=none;rua=mailto:peter@sharewiz.net;ruf=mailto:peter@sharewiz.net"
_dmarc.sharewiz.net. IN TXT "v=DMARC1; p=none; sp=none; rua=mailto:peter@sharewiz.net; ruf=mailto:peter@sharewiz.net; rf=afrf; pct=100; ri=86400"
----
===== Externals - 35.134.42.5.db =====
; sharewiz.net
$TTL 86400
@ IN SOA ns1.sharewiz.net. root.sharewiz.net. (
2016101801 ; Serial
3600 ; Refresh
1800 ; Retry
2419200 ; Expire
86400 ; Negative Cache TTL
);
; define the name server
; IN NS ns1.server1.net.
IN NS ns1.sharewiz.net.
ns1 IN A 5.42.134.35
; IN NS ns1.drdizzy.com.
; define the range of this domain
IN PTR sharewiz.net.
; IN A 255.255.255.248
; define the hostnames
IN PTR ns1.sharewiz.net.
IN PTR router.sharewiz.net.
IN PTR server1.sharewiz.net.
IN PTR mail.sharewiz.net.
IN PTR ftp.sharewiz.net.
IN PTR web.sharewiz.net.
IN PTR webmail.sharewiz.net.
IN PTR www.sharewiz.net.
; define drdizzy.com
IN PTR drdizzy.com.
IN PTR www.drdizzy.com.
; define magicalentertainmentandsound.com
IN PTR magicalentertainmentandsound.com.
IN PTR www.magicalentertainmentandsound.com.
----
===== Externals - db.sharewiz.net =====
; sharewiz.net
$TTL 86400
@ IN SOA ns1.sharewiz.net. root.sharewiz.net. (
2016101605 ; Serial
3600 ; Refresh
1800 ; Retry
2419200 ; Expire
86400 ; Negative Cache TTL
);
; define the name server
IN NS ns1.sharewiz.net.
;»IN»·NS»·slv2.1and1.co.uk.
; define the name server IP address
IN A 5.42.134.35
; define the mail exchanger
IN MX 10 mail.sharewiz.net.
mail IN A 5.42.134.35
; define the hostnames
ns1 IN A 5.42.134.35
ftp IN A 5.42.134.35
router IN A 5.42.134.35
server1 IN A 5.42.134.35
webmail IN A 5.42.134.35
www IN A 5.42.134.35
;www CNAME @
*» IN»· A» 5.42.134.35
; define the SPF
sharewiz.net.»IN»·TXT»"v=spf1 a ip4:5.42.134.35 -all"
;sharewiz.net.»·IN»·SPF»"v=spf1 a ip4:5.42.134.35 -all"
; define the SenderID
;sharewiz.net. IN TXT "spf2.0/pra a include:mail.sharewiz.net -all"
; define the DMARC
;_dmarc IN»TXT»"v=DMARC1;p=none;rua=mailto:peter@sharewiz.net;ruf=mailto:peter@sharewiz.net"
_dmarc.sharewiz.net. IN TXT "v=DMARC1; p=none; sp=none; rua=mailto:peter@sharewiz.net; ruf=mailto:peter@sharewiz.net; rf=afrf; pct=100; ri=86400"