init commit

2025-10-29 17:40:14 +00:00 · 2024-10-23 19:30:24 +02:00
commit 089f0ef45e
16 changed files with 366 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -0,0 +1,16 @@
 # Bind9 config
 My current bind9 configuration for local datacenter.
 ## Setup
 Generating tsig & rndc key for dynamic DNS updates.
 ```bash
 tsig-keygen -a hmac-sha512 >> /etc/bind/keys.conf
 tsig-keygen -a hmac-sha512 rndc-key >> /etc/bind/keys.conf
 ```
 ## Using as a template
 The main files to edit are the `named.conf.local` and `zones/*` files. These are currently referencing `schleppe` as a TLD. First rename or crate a new `zones/db.[YOUR_DOMAIN_HERE]` file, then update `named.conf.local` import to reflect name change. 
--- a/db.0
+++ b/db.0
@@ -0,0 +1,12 @@
 ;
 ; BIND reverse data file for broadcast zone
 ;
 $TTL	604800
@	IN	SOA	localhost. root.localhost. (
 			      1		; Serial
 			 604800		; Refresh
 			  86400		; Retry
 			2419200		; Expire
 			 604800 )	; Negative Cache TTL
 ;
@	IN	NS	localhost.
--- a/db.127
+++ b/db.127
@@ -0,0 +1,13 @@
 ;
 ; BIND reverse data file for local loopback interface
 ;
 $TTL	604800
@	IN	SOA	localhost. root.localhost. (
 			      1		; Serial
 			 604800		; Refresh
 			  86400		; Retry
 			2419200		; Expire
 			 604800 )	; Negative Cache TTL
 ;
@	IN	NS	localhost.
 1.0.0	IN	PTR	localhost.
--- a/db.255
+++ b/db.255
@@ -0,0 +1,12 @@
 ;
 ; BIND reverse data file for broadcast zone
 ;
 $TTL	604800
@	IN	SOA	localhost. root.localhost. (
 			      1		; Serial
 			 604800		; Refresh
 			  86400		; Retry
 			2419200		; Expire
 			 604800 )	; Negative Cache TTL
 ;
@	IN	NS	localhost.
--- a/db.empty
+++ b/db.empty
@@ -0,0 +1,14 @@
 ; BIND reverse data file for empty rfc1918 zone
 ;
 ; DO NOT EDIT THIS FILE - it is used for multiple zones.
 ; Instead, copy it, edit named.conf, and use that copy.
 ;
 $TTL	86400
@	IN	SOA	localhost. root.localhost. (
 			      1		; Serial
 			 604800		; Refresh
 			  86400		; Retry
 			2419200		; Expire
 			  86400 )	; Negative Cache TTL
 ;
@	IN	NS	localhost.
--- a/db.local
+++ b/db.local
@@ -0,0 +1,14 @@
 ;
 ; BIND data file for local loopback interface
 ;
 $TTL	604800
@	IN	SOA	localhost. root.localhost. (
 			      2		; Serial
 			 604800		; Refresh
 			  86400		; Retry
 			2419200		; Expire
 			 604800 )	; Negative Cache TTL
 ;
@	IN	NS	localhost.
@	IN	A	127.0.0.1
@	IN	AAAA	::1
--- a/named.conf
+++ b/named.conf
@@ -0,0 +1,13 @@
 // This is the primary configuration file for the BIND DNS server named.
 //
 // Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
 // structure of BIND configuration files in Debian, *BEFORE* you customize 
 // this configuration file.
 //
 // If you are just adding zones, please do that in /etc/bind/named.conf.local
 include "/etc/bind/named.conf.options";
 include "/etc/bind/named.conf.local";
 include "/etc/bind/named.conf.default-zones";
 include "/etc/bind/named.conf.log";
 include "/etc/bind/keys.conf";
--- a/named.conf.default-zones
+++ b/named.conf.default-zones
@@ -0,0 +1,30 @@
 // prime the server with knowledge of the root servers
 zone "." {
 	type hint;
 	file "/usr/share/dns/root.hints";
 };
 // be authoritative for the localhost forward and reverse zones, and for
 // broadcast zones as per RFC 1912
 zone "localhost" {
 	type master;
 	file "/etc/bind/db.local";
 };
 zone "127.in-addr.arpa" {
 	type master;
 	file "/etc/bind/db.127";
 };
 zone "0.in-addr.arpa" {
 	type master;
 	file "/etc/bind/db.0";
 };
 zone "255.in-addr.arpa" {
 	type master;
 	file "/etc/bind/db.255";
 };
--- a/named.conf.local
+++ b/named.conf.local
@@ -0,0 +1,22 @@
 controls {
 	inet 127.0.0.1 port 953
 	allow { 127.0.0.1; } keys { "rndc-key"; };
 };
 zone "schleppe" {
 	type master;
 	file "/etc/bind/zones/db.schleppe";
 	update-policy { grant tsig-key zonesub any; };
 };
 zone "rosendal" {
 	type master;
 	file "/etc/bind/zones/db.rosendal";
 };
 zone "kazan" {
 	type master;
 	file "/etc/bind/zones/db.kazan";
 };
--- a/named.conf.log
+++ b/named.conf.log
@@ -0,0 +1,16 @@
 logging {
  channel bind_log {
    file "/var/log/named/named.log" versions 3 size 5m;
    severity debug;
    print-category yes;
    print-severity yes;
    print-time yes;
  };
  category default { bind_log; };
  category update { bind_log; };
  category update-security { bind_log; };
  category security { bind_log; };
  category queries { bind_log; };
  category lame-servers { null; };
 };
--- a/named.conf.options
+++ b/named.conf.options
@@ -0,0 +1,32 @@
 acl trustedclients {
  10.0.0.0/24;
  10.0.10.0/24;
  localhost;
  localnets;
 };
 options {
  directory "/var/cache/bind";
  forwarders {
    1.1.1.1;
    1.1.0.0;
  };
 //  recursion no;			// disabled recursion on authoritative DNS server
  allow-recursion { trustedclients; };
 //  allow-transfer { trustedclients; }; 	// disallow zone transfer
  allow-query { trustedclients; };
  allow-update { none; };
  // dnssec-validation auto;
  // dnssec-enable yes;
  // dnssec-validation yes;
  // dnssec-lookaside auto;
  auth-nxdomain no;    # conform to RFC1035
  listen-on-v6 { any; };
  // hide version number.
  version none;
 };
--- a/rndc.conf
+++ b/rndc.conf
@@ -0,0 +1,7 @@
 include "/etc/bind/keys.conf";
 options {
 	default-key "rndc-key";
 	default-server 127.0.0.1;
 	default-port 953;
 };
--- a/zones.rfc1918
+++ b/zones.rfc1918
@@ -0,0 +1,20 @@
 zone "10.in-addr.arpa"      { type master; file "/etc/bind/db.empty"; };
 zone "16.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 zone "17.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 zone "18.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 zone "19.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 zone "20.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 zone "21.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 zone "22.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 zone "23.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 zone "24.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 zone "25.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 zone "26.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 zone "27.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 zone "28.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 zone "29.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 zone "30.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 zone "31.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
--- a/zones/db.kazan
+++ b/zones/db.kazan
@@ -0,0 +1,23 @@
 $TTL 900
@	IN	SOA	ns1	root (
 	        9		 ;<serial-number>
 	        900		 ;<time-to-refresh>
 	        900		 ;<time-to-retry>
 		604800		 ;<time-to-expire>
 	        900		 ;<minimum-TTL>
 	)		 
 ;List Nameservers
@	IN	NS	ns1.kazan.
@	IN	NS	ns3.kazan.
 ; Kubernetes cluster
 ctrlr-1		IN	A	10.0.0.170
 worker-1	IN	A	10.0.0.171
 worker-2	IN	A	10.0.0.172
 ;Address to NS name mapping
 ns1.kazan.	IN	A	10.0.0.72
 ns3.kazan.	IN	A	10.0.0.72
--- a/zones/db.rosendal
+++ b/zones/db.rosendal
@@ -0,0 +1,24 @@
 $TTL 900
@	IN	SOA	ns1	root (
 	        9		 ;<serial-number>
 	        900		 ;<time-to-refresh>
 	        900		 ;<time-to-retry>
 		604800		 ;<time-to-expire>
 	        900		 ;<minimum-TTL>
 	)		 
 ;List Nameservers
@	IN	NS	ns1.schleppe.
@	IN	NS	ns3.schleppe.
 ;Address to name mapping
 hera.rosendal.		IN	A	10.0.0.210
 clio.rosendal.		IN	A	10.0.0.211
 shotwell.rosendal.	IN	A	10.0.0.200
 photos.rosendal.	IN	A	10.0.0.200
 ;Address to NS name mapping
 ns1.schleppe.	IN	A	10.0.0.72
 ns3.schleppe.	IN	A	10.0.0.72
--- a/zones/db.schleppe
+++ b/zones/db.schleppe
@@ -0,0 +1,98 @@
 $ORIGIN .
 $TTL 900	; 15 minutes
 schleppe		IN SOA	ns1.schleppe. root.schleppe. (
 				28         ; serial
 				900        ; refresh (15 minutes)
 				900        ; retry (15 minutes)
 				604800     ; expire (1 week)
 				900        ; minimum (15 minutes)
 				)
 			NS	ns1.schleppe.
 			NS	ns2.schleppe.
 $ORIGIN schleppe.
 ns1			A	10.0.0.72
 ns2			A	10.0.0.98
 adam			A	10.0.0.78
 adtech			A	10.0.0.122
 allerlottis		A	10.0.0.31
 ambrosia		A	10.0.0.50
 anna			A	10.0.0.40
 ansible			A	10.0.0.56
 apc			A	10.0.0.8
 apocalypse		A	10.0.0.97
 apollo			A	10.0.0.60
 argus			A	10.0.0.136
 bestprojectever		A	10.0.0.129
 bifrost			A	10.0.0.53
 bitwarden		A	10.0.0.138
 blog			A	10.0.0.59
 bragi			A	10.0.0.76
 brewpi			A	10.0.0.102
 castdeck		A	10.0.0.57
 cerberus		A	10.0.0.80
 chip			A	10.0.0.101
 clio			A	10.0.0.77
 deichman		A	10.0.0.120
 drone			A	10.0.0.62
 duplicati		A	10.0.0.139
 elastic			A	10.0.0.55
 elastic-2		A	10.0.0.187
 elastic-3		A	10.0.0.188
 fjordmap		A	10.0.0.83
 fleet-agent-01		A	10.0.0.64
 fleet-server		A	10.0.0.63
 gambit			A	10.0.0.127
 git			A	10.0.0.37
 gjallarbru		A	10.0.0.79
 grafana			A	10.0.0.86
 headscale		A	10.0.0.143
 heimdall		A	10.0.0.30
 hitler			A	10.0.0.66
 homeassistant		A	10.0.0.82
 imgproxy		A	10.0.0.36
 immich			A	10.0.0.123
 influx			A	10.0.0.86
 irpie			A	10.0.0.100
 jelly			A	10.0.0.49
 jensmc			A	10.0.0.33
 k8s-ambrosia		A	10.0.0.151
 k8s-anna		A	10.0.0.153
 k8s-apollo		A	10.0.0.152
 k8s-cerberus		A	10.0.0.154
 k8s-lb			A	10.0.0.150
 k8s-storage		A	10.0.0.155
 kazan			A	10.0.0.150
 $ORIGIN kazan.schleppe.
 *			A	10.0.0.150
 $ORIGIN schleppe.
 kosekroken		A	10.0.0.95
 mainframe		A	10.0.0.61
 memestream		A	10.0.0.71
 mikrotik		A	10.0.0.160
 mikrotik-CRS305		A	10.0.0.160
 mikrotik-CSS326		A	10.0.0.4
 mikrotik-CSS610		A	10.0.0.5
 minecraft		A	10.0.0.65
 mondrian		A	10.0.0.32
 mosaic			A	10.0.0.38
 motd-larry		A	10.0.0.121
 planetposen		A	10.0.0.84
 plex			A	10.0.0.85
 prome			A	10.0.0.88
 router			A	10.0.0.1
 seasoned		A	10.0.0.54
 skyblock		A	10.0.0.96
 splunk			A	10.0.0.89
 tesla			A	10.0.0.35
 tibbervibber		A	10.0.0.34
 uap			A	10.0.0.3
 usw			A	10.0.0.2
 valg			A	10.0.0.87
 varnish			A	10.0.0.11
 vault			A	10.0.0.165
 vinlottis		A	10.0.0.90
 vinlottis-beta		A	10.0.0.91
 wagovipps		A	10.0.0.58
 wf-video		A	10.0.0.166
 wireguard		A	10.0.0.75
 xwiki			A	10.0.0.171