Bind
Aus SchnallIchNet
Version vom 22. Oktober 2009, 08:23 Uhr von Cbs (Diskussion | Beiträge)
dnssec-key erstellen
dnssec-keygen -a HMAC-MD5 -b 512 -n USER foo22.bar44.com
dieser key kann z.b. fuer die dns-zone foo22.bar44.com verwendet werden
um dynamische zone-updates zu erlauben.
die keys werden nach /etc/bind/ kopiert
dann muss man dann noch folgendes
ausserhalb der options-section in die named.conf eintragen:
[...]
key foo22.bar44.com. {
algorithm HMAC-MD5;
secret "1Yjjw072uaYWq1eehnA/xtbXOB6Ul3Q/5FFv9//2I4UUm6yscXIFuDp8 nmRQ2QFRfrsU+R1R2zIpJjZ4pFJOrw==";
};
[...]
zone "foo22.bar44.com." {
[...]
allow-update {
key foo22.bar44.com.;
};
[...]
};
[...]
- secret = der wert aus Kfoo22.bar44.com.+157+06098.key (pub-key)
complete named.conf
controls {
unix "/var/run/bind/named.ctl"
perm 0600 owner <BIND-UID> group <BIND-GID>
keys { "rndc-key"; };
};
// key for zone foo22.bar44.com
key foo22.bar44.com. {
algorithm HMAC-MD5;
secret "1Yjjw072uaYWq1eehnA/xtbXOB6Ul3Q/5FFv9//2I4UUm6yscXIFuDp8 nmRQ2QFRfrsU+R1R2zIpJjZ4pFJOrw==";
};
// i have an acl defining the openNIC root-servers
// these servers are responsible for domains like:
// .null, .geek, .indy, ...
// this is because i will not use openNIC root servers for general root-servers
// only forward-only zones will redirect the requests to these root's
// but you will have to add new zones for every new top-level domain
// openNIC will serve...
acl "openNICroots" {
82.229.244.191;
88.191.51.140;
216.67.98.38;
216.87.84.209;
71.170.11.156;
58.6.115.42;
58.6.115.43;
};
options {
pid-file "/var/run/bind/run/named.pid";
directory "/var/cache/bind";
statistics-file "/var/log/named.stats";
dump-file "/var/log/named.dump";
zone-statistics yes;
/*
// comment in if you run official zones only!!!!
blackhole {
10/8;
172.16/12;
192.168/16;
};
*/
auth-nxdomain no;
allow-query { none; };
allow-transfer {
127.0.0.1;
62.116.129.129; // ns9.schlundtech.de
62.116.163.100; // ns10.schlundtech.de
62.116.162.121; // ns10.schlundtech.de
};
max-transfer-time-in 10;
max-transfer-idle-in 5;
max-transfer-time-out 10;
max-transfer-idle-out 5;
serial-query-rate 20;
transfer-format many-answers;
transfers-in 80;
transfers-out 80;
transfers-per-ns 30;
tcp-clients 200;
max-cache-size unlimited;
cleaning-interval 60;
lame-ttl 1200;
version "Herr 2.7";
};
// MY Zones here...
zone "huetzelgruetzel.com" {
[....]
also-notify {
// notify my slaves explicily!
11.12.13.14;
11.12.13.15;
};
};
// openNIC zones
// sadly my ACL openNICroots is not usable in
// 'forwarders {};' definition!!! :-(
zone "geek" {
type forward;
forward only;
forwarders {
82.229.244.191;
88.191.51.140;
216.67.98.38;
216.87.84.209;
71.170.11.156;
58.6.115.42;
58.6.115.43;
};
};
zone "glue" {
type forward;
forward only;
forwarders {
//"openNICroots";
82.229.244.191;
88.191.51.140;
216.67.98.38;
216.87.84.209;
71.170.11.156;
58.6.115.42;
58.6.115.43;
};
};
zone "indy" {
type forward;
forward only;
forwarders {
82.229.244.191;
88.191.51.140;
216.67.98.38;
216.87.84.209;
71.170.11.156;
58.6.115.42;
58.6.115.43;
};
};
zone "null" {
type forward;
forward only;
forwarders {
82.229.244.191;
88.191.51.140;
216.67.98.38;
216.87.84.209;
71.170.11.156;
58.6.115.42;
58.6.115.43;
};
};
zone "oss" {
type forward;
forward only;
forwarders {
82.229.244.191;
88.191.51.140;
216.67.98.38;
216.87.84.209;
71.170.11.156;
58.6.115.42;
58.6.115.43;
};
};
zone "parody" {
type forward;
forward only;
forwarders {
82.229.244.191;
88.191.51.140;
216.67.98.38;
216.87.84.209;
71.170.11.156;
58.6.115.42;
58.6.115.43;
};
};
zone "ing" {
type forward;
forward only;
forwarders {
82.229.244.191;
88.191.51.140;
216.67.98.38;
216.87.84.209;
71.170.11.156;
58.6.115.42;
58.6.115.43;
};
};
zone "bbs" {
type forward;
forward only;
forwarders {
82.229.244.191;
88.191.51.140;
216.67.98.38;
216.87.84.209;
71.170.11.156;
58.6.115.42;
58.6.115.43;
};
};
zone "fur" {
type forward;
forward only;
forwarders {
82.229.244.191;
88.191.51.140;
216.67.98.38;
216.87.84.209;
71.170.11.156;
58.6.115.42;
58.6.115.43;
};
};
zone "free" {
type forward;
forward only;
forwarders {
82.229.244.191;
88.191.51.140;
216.67.98.38;
216.87.84.209;
71.170.11.156;
58.6.115.42;
58.6.115.43;
};
};
