Author Topic: DNS/Bind Working Conf & Zones  (Read 12715 times)

0 Members and 1 Guest are viewing this topic.

Offline
***
DNS/Bind Working Conf & Zones
« on: December 16, 2016, 11:43:59 PM »
I want to share with my working DNS conf & zones and I will try to explain:
First file is /etc/named.conf
Code: [Select]
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a any DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        version "Your mom`s version is too old!"; // Good to set something here different from the real version for security
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query     { any; };
allow-transfer  { any; };
allow-recursion { any; };
dnssec-enable yes;
dnssec-validation yes;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
// Reverse zone
zone "172.236.77.in-addr.arpa" in{
type master;
file "/var/named/172.236.77.in-addr.arpa.db";
allow-update { none; };
};
// Reverse zone for localhost
zone "0.0.127.in-addr.arpa" in{
type master;
file "/var/named/0.0.127.in-addr.arpa.db";
};
// Forwarding zone
// zone devilix.org
zone "devilix.org" in{
type master;
file "/var/named/devilix.org.db";
};
// zone_end devilix.org

Second file is /var/named/devilix.org.db
To generate easy your DMARC record go to https://www.unlocktheinbox.com/dmarcwizard/
To generate Google Verification Code in TXT for your DNS go to https://support.google.com/a/answer/183895?hl=en&ref_topic=2716886 and follow the instructions
Code: [Select]
$TTL   14400 // TTL - Time To Live
@        IN      SOA     ns1.abusers.eu. root.devilix.org. ( // ns1.abusers.eu - your main DNS server(this one), root.devilix.org - DNS Server owner/admin
                2016121201      ; serial, todays date+todays // Serial number - YYYYmmddcn - Year(2016)Month(12)Day(12)ChangeNumber(01)
                86400           ; refresh, seconds
                7200            ; retry, seconds
               3600000         ; expire, seconds
               86400 )         ; minimum, seconds
;; NS Records (All this name servers resolve to the same IP address - 77.236.172.141, except ns1.devilix.org)
@ IN NS ns1.abusers.eu. // DNS 1
@ IN NS ns2.abusers.eu. // DNS 2
@ IN NS ns1.devilix.org. // DNS 3
@ IN NS ns2.devilix.org. // DNS 4
@ IN NS dev.abusers.eu. // DNS 5
@ IN NS devil.abusers.eu. // DNS 6
@ IN NS devilix.abusers.eu. // DNS 7
;; A Records // Forwards
@ IN A 77.236.172.141 // Forward devilix.org to 77.236.172.141
ns1 IN A 127.0.0.1 // Forward ns1.devilix.org to 127.0.0.1/localhost
ns2 IN A 77.236.172.141
server IN A 77.236.172.141
mail IN A 77.236.172.141
localhost IN A 127.0.0.1
;; PTR Records // Reverse record (not 100% sure if it`s needed in this file)
77.236.172.141 IN PTR devilix.org.
;; MX Records // Mail eXchange (needed for your Mail Server)
devilix.org. IN MX 10 mail.devilix.org.
;; CNAME Records // Canonical Names(@ is the same like devilix.org but @ is more short)
www IN CNAME @
ftp IN CNAME @
cwp IN CNAME @
;; DMARC Records // Needed for your Mail Server.
_dmarc.devilix.org. IN TXT "v=DMARC1; p=none; sp=none; rua=mailto:postmaster@devilix.org; ruf=mailto:postmaster@devilix.org; rf=afrf; pct=100; ri=86400"
;; DKIM Records // Needed for your Mail Server. Can generate from CWP -> Email -> DKIM Manager(Select SPF also)
default._domainkey IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7A+Opw3Jll87M9ZoevC+UOBwSkbrOSrgSgk3OabrKF7dMshoMDf0LHcS5Zwj/I4eiMTj7vtkoavHAhgW/0/GmH7fyNgKQm942NpvKcLEHTJ1ndDNk0luvXS+E0Rw6wiCyAKwj/LCbZcidhgz1iVn53VZTQCAiMj1V+q3z5ADPIQIDAQAB"
;; SPF Records
devilix.org. IN TXT "v=spf1 +a +mx +ip4:192.168.1.101 ~all"
;; Google Verification // Needed for your Mail Server.
@ IN TXT google-site-verification=_C1V8AhaVWFwNQn4fO5Id7IXbQTgcC67ItmH9r4SABY
Third file is /var/named/0.0.127.in-addr.arpa.db
Code: [Select]
$TTL 3D
@               IN      SOA     ns1.devilix.org. root.devilix.org. (
                                2016111300  ; Serial
                                8H      ; Refresh
                                2H      ; Retry
                                4W      ; Expire
                                1D)     ; Minimum TTL

@    IN   NS      ns1.devilix.org. // Remember that ns1.devilix.org resolves to 127.0.0.1/localhost
1      IN   PTR    localhost.
0.0.127.in-addr.arpa. 14400 IN TXT "v=spf1 +a +mx +ip4:192.168.1.101 ~all" // not sure if it`s needed
Forth file is 172.236.77.in-addr.arpa.db
Code: [Select]
$ORIGIN 172.236.77.in-addr.arpa. //Don`t forget this
$TTL 2d ; default TTL for zone 172800 secs
@ IN SOA dev.abusers.eu. root.devilix.org. (
                         2016121401         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;; NS Records
IN NS dev.abusers.eu.
IN NS devil.abusers.eu.
IN NS devilix.abusers.eu.
IN NS ns1.abusers.eu.
IN NS ns2.abusers.eu.
IN NS ns1.devilix.org.
IN NS ns2.devilix.org.
;; PTR Records // This is your reverse record(if your ISP allows it)
141 PTR devilix.org.

Now let`s see:
Code: [Select]
[root@srv1 ~]# nslookup devilix.org
Server:         77.236.172.141
Address:        77.236.172.141#53
Name:   devilix.org
Address: 77.236.172.141
[root@srv1 ~]#
Code: [Select]
[root@srv1 ~]# dig devilix.org
;; QUESTION SECTION:
;devilix.org.                   IN      A
;; ANSWER SECTION:
devilix.org.            14400   IN      A       77.236.172.141 //We got our forward record!!!
;; AUTHORITY SECTION:
devilix.org.            14400   IN      NS      ns2.devilix.org.
devilix.org.            14400   IN      NS      ns1.abusers.eu.
devilix.org.            14400   IN      NS      devil.abusers.eu.
devilix.org.            14400   IN      NS      dev.abusers.eu.
devilix.org.            14400   IN      NS      ns2.abusers.eu.
devilix.org.            14400   IN      NS      devilix.abusers.eu.
devilix.org.            14400   IN      NS      ns1.devilix.org.
;; ADDITIONAL SECTION:
ns1.devilix.org.        14400   IN      A       127.0.0.1
ns2.devilix.org.        14400   IN      A       77.236.172.141
[root@srv1 ~]#
Code: [Select]
[root@srv1 ~]# dig -x 77.236.172.141
;; QUESTION SECTION:
;141.172.236.77.in-addr.arpa.   IN      PTR
;; ANSWER SECTION:
141.172.236.77.in-addr.arpa. 172800 IN  PTR     devilix.org. // We got our reverse record!!!
;; AUTHORITY SECTION:
172.236.77.in-addr.arpa. 172800 IN      NS      ns2.devilix.org.
172.236.77.in-addr.arpa. 172800 IN      NS      ns2.abusers.eu.
172.236.77.in-addr.arpa. 172800 IN      NS      ns1.devilix.org.
172.236.77.in-addr.arpa. 172800 IN      NS      devilix.abusers.eu.
172.236.77.in-addr.arpa. 172800 IN      NS      devil.abusers.eu.
172.236.77.in-addr.arpa. 172800 IN      NS      ns1.abusers.eu.
172.236.77.in-addr.arpa. 172800 IN      NS      dev.abusers.eu.
;; ADDITIONAL SECTION:
ns1.devilix.org.        14400   IN      A       127.0.0.1
ns2.devilix.org.        14400   IN      A       77.236.172.141
[root@srv1 ~]#
Remember this: It can take up to 1 week for your records to go around the world in all of the DNS servers so it will be visible from everywhere!!!

I`m not 100% sure that everything that I put in the files is 100% needed, but it`s working. I got my A, MX, CNAME, PTR, TXT records working. This is CentOS 6.8(Final) with CWP 0.9.8.128. Hope this can help to somebody. Sorry for my bad english.
UNIX is a very simple OS, but you have to be a GENIUS to understand it ...