Initial commit

2025-01-29 17:38:57 -05:00 · 2025-01-29 17:38:57 -05:00 · ea4bf42669
commit ea4bf42669
parent 9d3a070c82
5 changed files with 98 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,3 @@
+.env
+.DS_Store
+moeny.ai
--- a/README.md
+++ b/README.md
@ -1,2 +1,22 @@
 # bind9
+This repo details the configuration for BIND DNS on Ubuntu 22.04.
+You can set up your own DNS server by following this [guide](https://www.cherryservers.com/blog/how-to-install-and-configure-a-private-bind-dns-server-on-ubuntu-22-04]).

+The basic configuration is as below:
+
+1. Install bind9 and check its status
+```bash
+apt update -y && apt upgrade -y
+apt install bind9 bind9utils bind9-doc -y
+sudo systemctl status bind9
+```
+
+2. Edit `/etc/bind/named.conf.options` and check its syntax with `named-checkconf /etc/bind/named.conf.options`. There should be no output.
+
+3. Edit `/etc/bind/named.conf.local` and check its syntax with `named-checkconf /etc/bind/named.conf.local`. There should be no output.
+
+4. Create a directory for your zone files with `mkdir /etc/bind/zones` and create your zone file in it as `/etc/bind/zones/example.com`. Replace `example.com` with your domain name.
+
+5. Check its syntax with `named-checkzone example.com /etc/bind/zones/example.com`.
+
+6. Restart bind9 with `sudo systemctl restart bind9`.
--- a/example.com
+++ b/example.com
@ -0,0 +1,31 @@
+; /etc/bind/zones/example.com
+; Example zone file for example.com
+$TTL 3600
+@       IN  SOA ns1.example.com. hostmaster.example.com. (
+            2025012101 ; serial (format: YYYYMMDDXX)
+            7200       ; refresh (2 hours)
+            900        ; retry (15 minutes)
+            1209600    ; expire (2 weeks)
+            86400      ; minimum TTL (1 day)
+        )
+
+; NS Records
+@          3600    IN  NS  ns1.example.com.
+@          3600    IN  NS  ns2.example.com.
+
+; A Records
+@          3600    IN  A   192.0.2.10
+www        3600    IN  A   192.0.2.11
+app        3600    IN  A   192.0.2.12
+mail       3600    IN  A   192.0.2.13
+ns1        3600    IN  A   192.0.2.14
+ns2        3600    IN  A   192.0.2.15
+chat       3600    IN  A   192.0.2.16
+monitor    3600    IN  A   192.0.2.17
+
+; TXT Records
+@          3600    IN  TXT "v=spf1 mx -all"
+
+; Email Related Records
+@          3600    IN  MX  10 mail.example.com.
+_dmarc     3600    IN  TXT "v=DMARC1; p=reject; pct=100; fo=1; rua=mailto:dmarc@example.com"
--- a/named.conf.local
+++ b/named.conf.local
@ -0,0 +1,13 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
+// define the forward zone
+zone "moeny.ai" IN {
+        type master;
+        file "/etc/bind/zones/moeny.ai";
+};
--- a/named.conf.options
+++ b/named.conf.options
@ -0,0 +1,31 @@
+options {
+        directory "/var/cache/bind";
+
+        // If there is a firewall between you and nameservers you want
+        // to talk to, you may need to fix the firewall to allow multiple
+        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+        // If your ISP provided one or more IP addresses for stable
+        // nameservers, you probably want to use them as forwarders.
+        // Uncomment the following block, and insert the addresses replacing
+        // the all-0's placeholder.
+
+        // forwarders {
+        //      0.0.0.0;
+        // };
+
+        //========================================================================
+        // If BIND logs error messages about the root key being expired,
+        // you will need to update your keys.  See https://www.isc.org/bind-keys
+        //========================================================================
+        dnssec-validation auto;
+
+        listen-on-v6 { none; };
+
+        // allow-transfer { 100.40.223.128/26; };
+        // dnssec-validation yes;
+        recursion no;
+        rate-limit {
+          responses-per-second 5;
+        };
+};