20250726-regular commit

2025-07-26 11:50:53 +02:00
parent b79839500c
commit c83d178b77
21 changed files with 1085 additions and 59 deletions
--- a/projects/tu/glt-mail/dns-server/named.conf.md
+++ b/projects/tu/glt-mail/dns-server/named.conf.md
@@ -0,0 +1,154 @@
+## Simple 
+```
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian for information on the
+// structure of BIND configuration files in Debian, *BEFORE* you customize
+// this configuration file.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+// include "/etc/bind/named.conf.options";
+include "/etc/bind/named.conf.local";
+include "/etc/bind/named.conf.default-zones";
+
+acl internal {
+        10.42.0.0/24;
+};
+
+options {
+        directory "/var/cache/bind";
+        forwarders {
+                1.1.1.1;
+                1.0.0.1;
+        };
+        allow-query { internal; };
+};
+
+zone "test.softbox.net" IN {
+        type master;
+        file "/etc/bind/test-softbox-net.zone";
+
+```
+
+## private 
+
+```
+#
+include "/etc/named.rfc1912.zones";
+include "/etc/named.root.key";
+include "/etc/rndc.key";
+include "/etc/tsig.key";
+
+# Allow rndc management
+#inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
+controls {
+	inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "tsig-key"; };
+};
+
+# Limit access to local network and homelab LAN
+acl "clients" {
+	127.0.0.0/8;
+	10.56.0.0/21;
+};
+
+options {
+	forwarders {
+		fde4:ed21:b2c0:1::254;
+		10.56.0.254;
+	};
+
+	listen-on port 53 { 127.0.0.1; 10.56.0.3; }; ## MASTER
+	listen-on-v6 { none; };
+	directory 	"/var/named";
+	dump-file 	"/var/named/data/cache_dump.db";
+	statistics-file "/var/named/data/named_stats.txt";
+	memstatistics-file "/var/named/data/named_mem_stats.txt";
+
+	tcp-clients 50;
+
+	# Disable built-in server information zones
+	version none;
+	hostname none;
+	server-id none;
+
+	recursion yes;
+	recursive-clients 50;
+	allow-recursion { clients; };
+	allow-query { clients; };
+	allow-transfer { localhost; 10.56.0.4; }; ## SLAVE
+
+	auth-nxdomain no;
+	notify no;
+	#dnssec-enable yes;
+	dnssec-validation auto;
+	#dnssec-lookaside auto;
+
+	bindkeys-file "/etc/named.root.key";
+	managed-keys-directory "/var/named/dynamic";
+	pid-file "/run/named/named.pid";
+	session-keyfile "/run/named/session.key";
+};
+
+# Specifications of what to log, and where the log messages are sent
+logging {
+	channel "common_log" {
+		file "/var/log/named/named.log" versions 10 size 5m;
+		severity dynamic;
+		print-category yes;
+		print-severity yes;
+		print-time yes;
+	};
+	category default { "common_log"; };
+	category general { "common_log"; };
+	category queries { "common_log"; };
+	category client { "common_log"; };
+	category security { "common_log"; };
+	category query-errors { "common_log"; };
+	category lame-servers { null; };
+};
+
+zone "." IN {
+	type hint;
+	file "named.ca";
+};
+
+# Internal zone definitions
+zone "juro-vpn.reliyya.xyz" {
+    	type forward;
+    	forwarders { 10.56.0.254; };
+};
+
+
+zone "reliyya.xyz" {
+	type master;
+	file "data/db.reliyya.xyz";
+	#allow-update { key rndc-key; };
+	update-policy { grant tsig-key zonesub any; };
+	notify yes;
+};
+
+zone "0.56.10.in-addr.arpa" {
+	type master;
+	file "data/db.0.56.10";
+	#allow-update { key rndc-key; };
+	update-policy { grant tsig-key zonesub any; };
+	notify yes;
+};
+
+
+#zone "petarcubela.de" {
+#	type master;
+#	file "data/db.petarcubela.de";
+#	allow-update { key rndc-key; };
+#	notify yes;
+#};
+
+//zone "7.56.10.in-addr.arpa" {
+//	type master;
+//	file "data/db.7.56.10";
+//	allow-update { key rndc-key; };
+//	notify yes;
+//};
+[root@dns1 etc]#
+```