named

/etc/named.conf

options {
        listen-on port 53 { any; };
        listen-on-v6 { none; };
        directory           "/var/named";
        dump-file           "/var/named/data/cache_dump.db";
        statistics-file     "/var/named/data/named_stats.txt";
        memstatistics-file  "/var/named/data/named_mem_stats.txt";
        allow-query         { any; };
        allow-transfer      { localhost; 10.1.1.0/24; };

        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
        forwarders {
                10.1.1.10;
                8.8.8.8;
        };
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};


zone "." IN {
    type hint;
    file "named.ca";
};

include "/etc/named/ddns.key";
include "/etc/named.root.key";
include "/etc/named.rfc1912.zones";

zone "myhypervisor.ca" IN {
type master;
file "forward.ldap";
allow-update { key rndc-key; };
notify yes;
};

zone "1.1.10.in-addr.arpa" IN {
type master;
file "reverse.ldap";
allow-update { key rndc-key; };
notify yes;
};

zone "kvm.myhypervisor.ca" IN {
type master;
file "kvm.myhypervisor.ldap";
allow-update { none; };
};

/var/named/forward.ldap

$TTL 86400
@   IN  SOA     ldap1.myhypervisor.ca. root.myhypervisor.ca. (
        2011072001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
                IN      NS          ldap1.myhypervisor.ca.
                IN      NS          ldap2.myhypervisor.ca.
                IN      A           10.1.1.13
                IN      A           10.1.1.14
ldap1           IN      A           10.1.1.13
ldap2           IN      A           10.1.1.14
lb1             IN      A           10.1.1.10
kvm             IN      A           198.27.81.224
spacewalk       IN      A           10.1.1.11
nginx           IN      A           149.56.9.83
vpn             IN      A           149.56.9.85

/var/named/reverse.ldap

$ORIGIN .
$TTL 86400      ; 1 day
1.1.10.in-addr.arpa     IN SOA  ldap1.myhypervisor.ca. root.myhypervisor.ca. (
                                2011071030 ; serial
                                3600       ; refresh (1 hour)
                                1800       ; retry (30 minutes)
                                604800     ; expire (1 week)
                                86400      ; minimum (1 day)
                                )
                        NS      ldap1.myhypervisor.ca.
                        NS      ldap2.myhypervisor.ca.
13                      PTR     ldap1.myhypervisor.ca.
14                      PTR     ldap2.myhypervisor.ca.

adding a zone (named.d)

zone "example.ca" IN {
type master;
file "example.ldap";
allow-update { none; };
};

zone example

$TTL 86400
@     IN     SOA    ldap1.myhypervisor.ca.     root.myhypervisor.ca. (
                    2007962501 ; serial
                    21600      ; refresh after 6 hours
                    3600       ; retry after 1 hour
                    604800     ; expire after 1 week
                    86400 )    ; minimum TTL of 1 day
; name servers - NS records
     IN      NS      ldap1.myhypervisor.ca.
     IN      NS      ldap2.myhypervisor.ca.

; name servers - A records
ldap1.myhypervisor.ca.          IN      A       10.1.1.13
ldap2.myhypervisor.ca.          IN      A       10.1.1.14

@       IN      A       10.1.1.118

ddns.key

key rndc-key {
	algorithm HMAC-MD5.SIG-ALG.REG.INT;
	secret "z2qaFrjz5yE1pfyirfpWtQ==";
};

 


Revision #7
Created 23 October 2017 14:18:01 by Dave
Updated 1 February 2019 17:30:24 by Dave