From 089f0ef45e59ede6e460831c2166becdfa80d507 Mon Sep 17 00:00:00 2001 From: KevinMidboe Date: Wed, 23 Oct 2024 19:30:24 +0200 Subject: [PATCH] init commit --- README.md | 16 +++++++ db.0 | 12 +++++ db.127 | 13 ++++++ db.255 | 12 +++++ db.empty | 14 ++++++ db.local | 14 ++++++ named.conf | 13 ++++++ named.conf.default-zones | 30 ++++++++++++ named.conf.local | 22 +++++++++ named.conf.log | 16 +++++++ named.conf.options | 32 +++++++++++++ rndc.conf | 7 +++ zones.rfc1918 | 20 ++++++++ zones/db.kazan | 23 ++++++++++ zones/db.rosendal | 24 ++++++++++ zones/db.schleppe | 98 ++++++++++++++++++++++++++++++++++++++++ 16 files changed, 366 insertions(+) create mode 100644 README.md create mode 100644 db.0 create mode 100644 db.127 create mode 100644 db.255 create mode 100644 db.empty create mode 100644 db.local create mode 100644 named.conf create mode 100644 named.conf.default-zones create mode 100644 named.conf.local create mode 100644 named.conf.log create mode 100644 named.conf.options create mode 100644 rndc.conf create mode 100644 zones.rfc1918 create mode 100644 zones/db.kazan create mode 100644 zones/db.rosendal create mode 100644 zones/db.schleppe diff --git a/README.md b/README.md new file mode 100644 index 0000000..949c1bd --- /dev/null +++ b/README.md @@ -0,0 +1,16 @@ +# Bind9 config + +My current bind9 configuration for local datacenter. + +## Setup + +Generating tsig & rndc key for dynamic DNS updates. + +```bash +tsig-keygen -a hmac-sha512 >> /etc/bind/keys.conf +tsig-keygen -a hmac-sha512 rndc-key >> /etc/bind/keys.conf +``` + +## Using as a template + +The main files to edit are the `named.conf.local` and `zones/*` files. These are currently referencing `schleppe` as a TLD. First rename or crate a new `zones/db.[YOUR_DOMAIN_HERE]` file, then update `named.conf.local` import to reflect name change. diff --git a/db.0 b/db.0 new file mode 100644 index 0000000..e3aabdb --- /dev/null +++ b/db.0 @@ -0,0 +1,12 @@ +; +; BIND reverse data file for broadcast zone +; +$TTL 604800 +@ IN SOA localhost. root.localhost. ( + 1 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL +; +@ IN NS localhost. diff --git a/db.127 b/db.127 new file mode 100644 index 0000000..cd05bef --- /dev/null +++ b/db.127 @@ -0,0 +1,13 @@ +; +; BIND reverse data file for local loopback interface +; +$TTL 604800 +@ IN SOA localhost. root.localhost. ( + 1 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL +; +@ IN NS localhost. +1.0.0 IN PTR localhost. diff --git a/db.255 b/db.255 new file mode 100644 index 0000000..e3aabdb --- /dev/null +++ b/db.255 @@ -0,0 +1,12 @@ +; +; BIND reverse data file for broadcast zone +; +$TTL 604800 +@ IN SOA localhost. root.localhost. ( + 1 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL +; +@ IN NS localhost. diff --git a/db.empty b/db.empty new file mode 100644 index 0000000..8a12858 --- /dev/null +++ b/db.empty @@ -0,0 +1,14 @@ +; BIND reverse data file for empty rfc1918 zone +; +; DO NOT EDIT THIS FILE - it is used for multiple zones. +; Instead, copy it, edit named.conf, and use that copy. +; +$TTL 86400 +@ IN SOA localhost. root.localhost. ( + 1 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 86400 ) ; Negative Cache TTL +; +@ IN NS localhost. diff --git a/db.local b/db.local new file mode 100644 index 0000000..2f272d4 --- /dev/null +++ b/db.local @@ -0,0 +1,14 @@ +; +; BIND data file for local loopback interface +; +$TTL 604800 +@ IN SOA localhost. root.localhost. ( + 2 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL +; +@ IN NS localhost. +@ IN A 127.0.0.1 +@ IN AAAA ::1 diff --git a/named.conf b/named.conf new file mode 100644 index 0000000..72cdae5 --- /dev/null +++ b/named.conf @@ -0,0 +1,13 @@ +// This is the primary configuration file for the BIND DNS server named. +// +// Please read /usr/share/doc/bind9/README.Debian.gz for information on the +// structure of BIND configuration files in Debian, *BEFORE* you customize +// this configuration file. +// +// If you are just adding zones, please do that in /etc/bind/named.conf.local + +include "/etc/bind/named.conf.options"; +include "/etc/bind/named.conf.local"; +include "/etc/bind/named.conf.default-zones"; +include "/etc/bind/named.conf.log"; +include "/etc/bind/keys.conf"; diff --git a/named.conf.default-zones b/named.conf.default-zones new file mode 100644 index 0000000..1a85ad3 --- /dev/null +++ b/named.conf.default-zones @@ -0,0 +1,30 @@ +// prime the server with knowledge of the root servers +zone "." { + type hint; + file "/usr/share/dns/root.hints"; +}; + +// be authoritative for the localhost forward and reverse zones, and for +// broadcast zones as per RFC 1912 + +zone "localhost" { + type master; + file "/etc/bind/db.local"; +}; + +zone "127.in-addr.arpa" { + type master; + file "/etc/bind/db.127"; +}; + +zone "0.in-addr.arpa" { + type master; + file "/etc/bind/db.0"; +}; + +zone "255.in-addr.arpa" { + type master; + file "/etc/bind/db.255"; +}; + + diff --git a/named.conf.local b/named.conf.local new file mode 100644 index 0000000..6ca173a --- /dev/null +++ b/named.conf.local @@ -0,0 +1,22 @@ +controls { + inet 127.0.0.1 port 953 + allow { 127.0.0.1; } keys { "rndc-key"; }; +}; + +zone "schleppe" { + type master; + file "/etc/bind/zones/db.schleppe"; + + update-policy { grant tsig-key zonesub any; }; +}; + +zone "rosendal" { + type master; + file "/etc/bind/zones/db.rosendal"; +}; + +zone "kazan" { + type master; + file "/etc/bind/zones/db.kazan"; +}; + diff --git a/named.conf.log b/named.conf.log new file mode 100644 index 0000000..40cb8b6 --- /dev/null +++ b/named.conf.log @@ -0,0 +1,16 @@ +logging { + channel bind_log { + file "/var/log/named/named.log" versions 3 size 5m; + severity debug; + print-category yes; + print-severity yes; + print-time yes; + }; + + category default { bind_log; }; + category update { bind_log; }; + category update-security { bind_log; }; + category security { bind_log; }; + category queries { bind_log; }; + category lame-servers { null; }; +}; diff --git a/named.conf.options b/named.conf.options new file mode 100644 index 0000000..e01f90b --- /dev/null +++ b/named.conf.options @@ -0,0 +1,32 @@ +acl trustedclients { + 10.0.0.0/24; + 10.0.10.0/24; + localhost; + localnets; +}; + +options { + directory "/var/cache/bind"; + forwarders { + 1.1.1.1; + 1.1.0.0; + }; + +// recursion no; // disabled recursion on authoritative DNS server + allow-recursion { trustedclients; }; +// allow-transfer { trustedclients; }; // disallow zone transfer + allow-query { trustedclients; }; + allow-update { none; }; + + // dnssec-validation auto; + // dnssec-enable yes; + // dnssec-validation yes; + // dnssec-lookaside auto; + + auth-nxdomain no; # conform to RFC1035 + listen-on-v6 { any; }; + + // hide version number. + version none; +}; + diff --git a/rndc.conf b/rndc.conf new file mode 100644 index 0000000..c11973b --- /dev/null +++ b/rndc.conf @@ -0,0 +1,7 @@ +include "/etc/bind/keys.conf"; + +options { + default-key "rndc-key"; + default-server 127.0.0.1; + default-port 953; +}; diff --git a/zones.rfc1918 b/zones.rfc1918 new file mode 100644 index 0000000..03b5546 --- /dev/null +++ b/zones.rfc1918 @@ -0,0 +1,20 @@ +zone "10.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; + +zone "16.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "17.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "18.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "19.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "20.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "21.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "22.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "23.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "24.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "25.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "26.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "27.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "28.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "29.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "30.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "31.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; + +zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; diff --git a/zones/db.kazan b/zones/db.kazan new file mode 100644 index 0000000..34848d5 --- /dev/null +++ b/zones/db.kazan @@ -0,0 +1,23 @@ +$TTL 900 +@ IN SOA ns1 root ( + 9 ; + 900 ; + 900 ; + 604800 ; + 900 ; + + ) + +;List Nameservers +@ IN NS ns1.kazan. +@ IN NS ns3.kazan. + +; Kubernetes cluster +ctrlr-1 IN A 10.0.0.170 +worker-1 IN A 10.0.0.171 +worker-2 IN A 10.0.0.172 + +;Address to NS name mapping +ns1.kazan. IN A 10.0.0.72 +ns3.kazan. IN A 10.0.0.72 + diff --git a/zones/db.rosendal b/zones/db.rosendal new file mode 100644 index 0000000..efccfdb --- /dev/null +++ b/zones/db.rosendal @@ -0,0 +1,24 @@ +$TTL 900 +@ IN SOA ns1 root ( + 9 ; + 900 ; + 900 ; + 604800 ; + 900 ; + + ) + +;List Nameservers +@ IN NS ns1.schleppe. +@ IN NS ns3.schleppe. + +;Address to name mapping +hera.rosendal. IN A 10.0.0.210 +clio.rosendal. IN A 10.0.0.211 +shotwell.rosendal. IN A 10.0.0.200 +photos.rosendal. IN A 10.0.0.200 + +;Address to NS name mapping +ns1.schleppe. IN A 10.0.0.72 +ns3.schleppe. IN A 10.0.0.72 + diff --git a/zones/db.schleppe b/zones/db.schleppe new file mode 100644 index 0000000..bf06f5b --- /dev/null +++ b/zones/db.schleppe @@ -0,0 +1,98 @@ +$ORIGIN . +$TTL 900 ; 15 minutes +schleppe IN SOA ns1.schleppe. root.schleppe. ( + 28 ; serial + 900 ; refresh (15 minutes) + 900 ; retry (15 minutes) + 604800 ; expire (1 week) + 900 ; minimum (15 minutes) + ) + NS ns1.schleppe. + NS ns2.schleppe. +$ORIGIN schleppe. +ns1 A 10.0.0.72 +ns2 A 10.0.0.98 +adam A 10.0.0.78 +adtech A 10.0.0.122 +allerlottis A 10.0.0.31 +ambrosia A 10.0.0.50 +anna A 10.0.0.40 +ansible A 10.0.0.56 +apc A 10.0.0.8 +apocalypse A 10.0.0.97 +apollo A 10.0.0.60 +argus A 10.0.0.136 +bestprojectever A 10.0.0.129 +bifrost A 10.0.0.53 +bitwarden A 10.0.0.138 +blog A 10.0.0.59 +bragi A 10.0.0.76 +brewpi A 10.0.0.102 +castdeck A 10.0.0.57 +cerberus A 10.0.0.80 +chip A 10.0.0.101 +clio A 10.0.0.77 +deichman A 10.0.0.120 +drone A 10.0.0.62 +duplicati A 10.0.0.139 +elastic A 10.0.0.55 +elastic-2 A 10.0.0.187 +elastic-3 A 10.0.0.188 +fjordmap A 10.0.0.83 +fleet-agent-01 A 10.0.0.64 +fleet-server A 10.0.0.63 +gambit A 10.0.0.127 +git A 10.0.0.37 +gjallarbru A 10.0.0.79 +grafana A 10.0.0.86 +headscale A 10.0.0.143 +heimdall A 10.0.0.30 +hitler A 10.0.0.66 +homeassistant A 10.0.0.82 +imgproxy A 10.0.0.36 +immich A 10.0.0.123 +influx A 10.0.0.86 +irpie A 10.0.0.100 +jelly A 10.0.0.49 +jensmc A 10.0.0.33 +k8s-ambrosia A 10.0.0.151 +k8s-anna A 10.0.0.153 +k8s-apollo A 10.0.0.152 +k8s-cerberus A 10.0.0.154 +k8s-lb A 10.0.0.150 +k8s-storage A 10.0.0.155 +kazan A 10.0.0.150 +$ORIGIN kazan.schleppe. +* A 10.0.0.150 +$ORIGIN schleppe. +kosekroken A 10.0.0.95 +mainframe A 10.0.0.61 +memestream A 10.0.0.71 +mikrotik A 10.0.0.160 +mikrotik-CRS305 A 10.0.0.160 +mikrotik-CSS326 A 10.0.0.4 +mikrotik-CSS610 A 10.0.0.5 +minecraft A 10.0.0.65 +mondrian A 10.0.0.32 +mosaic A 10.0.0.38 +motd-larry A 10.0.0.121 +planetposen A 10.0.0.84 +plex A 10.0.0.85 +prome A 10.0.0.88 +router A 10.0.0.1 +seasoned A 10.0.0.54 +skyblock A 10.0.0.96 +splunk A 10.0.0.89 +tesla A 10.0.0.35 +tibbervibber A 10.0.0.34 +uap A 10.0.0.3 +usw A 10.0.0.2 +valg A 10.0.0.87 +varnish A 10.0.0.11 +vault A 10.0.0.165 +vinlottis A 10.0.0.90 +vinlottis-beta A 10.0.0.91 +wagovipps A 10.0.0.58 +wf-video A 10.0.0.166 +wireguard A 10.0.0.75 +xwiki A 10.0.0.171