diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..8fb98c6 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +.env +.DS_Store +moeny.ai \ No newline at end of file diff --git a/README.md b/README.md index 1262848..3532e2b 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,22 @@ # bind9 +This repo details the configuration for BIND DNS on Ubuntu 22.04. +You can set up your own DNS server by following this [guide](https://www.cherryservers.com/blog/how-to-install-and-configure-a-private-bind-dns-server-on-ubuntu-22-04]). +The basic configuration is as below: + +1. Install bind9 and check its status +```bash +apt update -y && apt upgrade -y +apt install bind9 bind9utils bind9-doc -y +sudo systemctl status bind9 +``` + +2. Edit `/etc/bind/named.conf.options` and check its syntax with `named-checkconf /etc/bind/named.conf.options`. There should be no output. + +3. Edit `/etc/bind/named.conf.local` and check its syntax with `named-checkconf /etc/bind/named.conf.local`. There should be no output. + +4. Create a directory for your zone files with `mkdir /etc/bind/zones` and create your zone file in it as `/etc/bind/zones/example.com`. Replace `example.com` with your domain name. + +5. Check its syntax with `named-checkzone example.com /etc/bind/zones/example.com`. + +6. Restart bind9 with `sudo systemctl restart bind9`. \ No newline at end of file diff --git a/example.com b/example.com new file mode 100644 index 0000000..32b3f53 --- /dev/null +++ b/example.com @@ -0,0 +1,31 @@ +; /etc/bind/zones/example.com +; Example zone file for example.com +$TTL 3600 +@ IN SOA ns1.example.com. hostmaster.example.com. ( + 2025012101 ; serial (format: YYYYMMDDXX) + 7200 ; refresh (2 hours) + 900 ; retry (15 minutes) + 1209600 ; expire (2 weeks) + 86400 ; minimum TTL (1 day) + ) + +; NS Records +@ 3600 IN NS ns1.example.com. +@ 3600 IN NS ns2.example.com. + +; A Records +@ 3600 IN A 192.0.2.10 +www 3600 IN A 192.0.2.11 +app 3600 IN A 192.0.2.12 +mail 3600 IN A 192.0.2.13 +ns1 3600 IN A 192.0.2.14 +ns2 3600 IN A 192.0.2.15 +chat 3600 IN A 192.0.2.16 +monitor 3600 IN A 192.0.2.17 + +; TXT Records +@ 3600 IN TXT "v=spf1 mx -all" + +; Email Related Records +@ 3600 IN MX 10 mail.example.com. +_dmarc 3600 IN TXT "v=DMARC1; p=reject; pct=100; fo=1; rua=mailto:dmarc@example.com" \ No newline at end of file diff --git a/named.conf.local b/named.conf.local new file mode 100644 index 0000000..bea9a84 --- /dev/null +++ b/named.conf.local @@ -0,0 +1,13 @@ +// +// Do any local configuration here +// + +// Consider adding the 1918 zones here, if they are not used in your +// organization +//include "/etc/bind/zones.rfc1918"; + +// define the forward zone +zone "moeny.ai" IN { + type master; + file "/etc/bind/zones/moeny.ai"; +}; \ No newline at end of file diff --git a/named.conf.options b/named.conf.options new file mode 100644 index 0000000..bfc2b16 --- /dev/null +++ b/named.conf.options @@ -0,0 +1,31 @@ +options { + directory "/var/cache/bind"; + + // If there is a firewall between you and nameservers you want + // to talk to, you may need to fix the firewall to allow multiple + // ports to talk. See http://www.kb.cert.org/vuls/id/800113 + + // If your ISP provided one or more IP addresses for stable + // nameservers, you probably want to use them as forwarders. + // Uncomment the following block, and insert the addresses replacing + // the all-0's placeholder. + + // forwarders { + // 0.0.0.0; + // }; + + //======================================================================== + // If BIND logs error messages about the root key being expired, + // you will need to update your keys. See https://www.isc.org/bind-keys + //======================================================================== + dnssec-validation auto; + + listen-on-v6 { none; }; + + // allow-transfer { 100.40.223.128/26; }; + // dnssec-validation yes; + recursion no; + rate-limit { + responses-per-second 5; + }; +}; \ No newline at end of file