Bind

by admin on August 13, 2009 · 0 comments

ACL’s 

//defining acl's// simple ip address aclacl "someips" {  10.0.0.1; 192.168.23.1; 192.168.23.15;}; // ip address acl with '/' format acl "moreips" {  10.0.0.1;   192.168.23.128/25; // 128 IPs};// nested aclacl "allips" {  "someips";   "moreips";};// messy aclacl "complex" {  "someips";   10.0.15.0/24;  !10.0.16.1/24; // negated  {10.0.17.1;10.0.18.2;}; // nested };// using acl'szone "example.com" {  type master;  file "master.example.com";  also-notify {"moreips";}; };zone "example.net" {  type slave;  masters {192.168.2.3;192.168.2.4};  file "slave.example.net;  allow-transfer {"none";}; // this is a special acl};

Binding bind to specific IPs

acl "local" {        12.23.53.2; 127.0.0.1;};

options {        - - - - - -- - --        listen-on {local;};        - - - - - -- - --};

Query access control

acl "local" {        12.23.53.2; 127.0.0.1;};

options {        - - - - - -- - --        allow-query {local;};        - - - - - -- - --};

Disallow Recursion

You must do this if you want your server to pass the PCI Approved security scans.

options {        - - - - - -- - - -- -         - - - - - -- - - -- -         recursion no;};

Allow Recursion to specific IPs

acl "rec" {        127.0.0.1;};

options {        - - - - - -- - - -- -         - - - - - -- - - -- -         allow-recursion {rec;};};

Logging

logging {  [ channel channel_name {    ( file path_name       [ versions ( number | unlimited ) ]       [ size size_spec ]     | syslog ( kern | user | mail | daemon | auth | syslog | lpr |                news | uucp | cron | authpriv | ftp |                local0 | local1 | local2 | local3 |                local4 | local5 | local6 | local7 )     | null );

    [ severity ( critical | error | warning | notice |                 info  | debug [ level ] | dynamic ); ]    [ print-category yes_or_no; ]    [ print-severity yes_or_no; ]    [ print-time yes_or_no; ]  }; ]

  [ category category_name {    channel_name; [ channel_name; ... ]  }; ]  ...};

Example

logging{  channel simple_log {    file "/var/log/bind.log" versions 3 size 5m;    severity warning;    print-time yes;    print-severity yes;    print-category yes;  };  category default{    simple_log;  };};

A sample Zone Entery 

zone "yourdomain.com" {		type master;		file "/var/named/yourdomain.com.zone";

		};

yourdomain.com.zone

$ttl 38400yourdomain.com.	IN      SOA     dns.yourdomain.com. webmaster.yourdomain.com. (			1066493014			10800			3600			604800			38400 )	IN		NS      dns.yourdomain.com.	IN		MX      10      yourdomain.com.	IN		A       10.15.27.39*	IN		CNAME   yourdomain.com.

With TXT (SPF)

$ttl 38400abc.com.        IN      SOA     dns.abc.com. web.abc.com. (                        1066493014                        10800                        3600                        604800                        38400 )        IN              NS      dns.abc.com.        IN              MX      10      abc.com.        IN              A       10.15.27.39test    IN              A       12.23.44.40@       IN              TXT     "v=spf1 a -all"

Tagged as: Bind

Previous post:

Next post: