|
Size: 3684
Comment:
|
Size: 3931
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 14: | Line 14: |
| address 192.168.1.34 | address 192.168.1.36 |
| Line 27: | Line 27: |
| Start by stopping the service | === Stop BIND === |
| Line 45: | Line 46: |
| dnssec-keygen -a HMAC-SHA512 -b 512 -n HOST ddns-update | dnssec-keygen -a HMAC-SHA512 -b 512 -n HOST kallenberg.dk |
| Line 48: | Line 49: |
| This will create two files with filenames equivalent to `Kddns-update.+157+18646.private` and `Kddns-update.+157+18646.key`. The latter is your public key, which will be used by the DCHP server to update BIND. Create the file `/etc/bind/ddns-update.dnskey` and put your key inside it. | This will create two files with filenames equivalent to `Kkallenberg.dk.+165+38700.private` and `Kkallenberg.dk.+165+38700.key`. The latter is your public key, which will be used by the DCHP server to update BIND. Create the file `/etc/bind/ddns-update.kallenberg.dk` and put your key inside it. |
| Line 57: | Line 58: |
| Make sure BIND can read `/etc/bind/ddns-update.kallenberg.dk`. {{{ chown root:bind /etc/bind/ddns-update.kallenberg.dk }}} |
|
| Line 61: | Line 67: |
| include "/etc/bind/ddns-update.dnskey"; | include "/etc/bind/ddns-update.kallenberg.dk"; |
| Line 66: | Line 72: |
| allow-transfer { 192.168.1.35; }; | allow-transfer { 192.168.1.37; }; |
| Line 73: | Line 79: |
| allow-transfer { 192.168.1.35; }; | allow-transfer { 192.168.1.37; }; |
| Line 88: | Line 94: |
| 20171209 ; serial | 20171210 ; serial |
| Line 94: | Line 100: |
| NS ns01.kallenberg.dk. NS ns02.kallenberg.dk. A 2.107.246.10 |
IN NS ns01.kallenberg.dk. IN NS ns02.kallenberg.dk. A 212.237.182.56 |
| Line 99: | Line 105: |
| ns01 A 192.168.1.34 ns02 A 192.168.1.35 |
ns01 IN A 192.168.1.36 ns02 IN A 192.168.1.37 |
| Line 108: | Line 114: |
| 20171209 ; serial | 20171210 ; serial |
| Line 114: | Line 120: |
| NS ns01.kallenberg.dk. NS ns02.kallenberg.dk. |
IN NS ns01.kallenberg.dk. IN NS ns02.kallenberg.dk. |
| Line 117: | Line 123: |
| 36 IN PTR ns01.kallenberg.dk 37 IN PTR ns02.kallenberg.dk |
|
| Line 119: | Line 127: |
| === Start BIND === |
DNS Master
Network
We will give the DNS master a static IP-address. Edit /etc/networking/interfaces and make the following changes.
# The primary network interface
#allow-hotplug eth0
#iface eth0 inet dhcp
auto eth0
iface eth0 inet static
address 192.168.1.36
network 192.168.1.0
netmask 255.255.255.0
broadcast 192.168.1.255
gateway 192.168.1.1
Install BIND
apt-get install bind9
Configure BIND
Stop BIND
service bind9 stop
Make BIND listen
edit /etc/bind/named.conf.options and add
listen-on { any; };
Make a DDNS update key
We are going to let the DHCP server update BIND. For this we need an update key. Create it with the following command. Remember that entrophy must be available for the key to be generated, you can check available entrophy in /proc/sys/kernel/random/entropy_avail.
dnssec-keygen -a HMAC-SHA512 -b 512 -n HOST kallenberg.dk
This will create two files with filenames equivalent to Kkallenberg.dk.+165+38700.private and Kkallenberg.dk.+165+38700.key. The latter is your public key, which will be used by the DCHP server to update BIND. Create the file /etc/bind/ddns-update.kallenberg.dk and put your key inside it.
key "ddns-update" {
algorithm hmac-sha512;
secret "yYFzfibvlpS33+vsngV2jF5tGkTiVSjhYoFuV0T7bnCVfFGx3Mu05SW+LakImdofkNM00LxHCLuvD1W1vSWMmA==";
};Make sure BIND can read /etc/bind/ddns-update.kallenberg.dk.
chown root:bind /etc/bind/ddns-update.kallenberg.dk
Create a new zone
/etc/bind/named.conf.kallenberg.dk
# Key used by DHCP servers for dynamic DNS updates
include "/etc/bind/ddns-update.kallenberg.dk";
zone "kallenberg.dk" {
type master;
file "/var/lib/bind/kallenberg.dk.zone";
allow-transfer { 192.168.1.37; };
allow-update { key "ddns-update"; };
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/var/lib/bind/1.168.192.zone";
allow-transfer { 192.168.1.37; };
allow-update { key "ddns-update"; };
};Add the new zone file to /etc/bind/named.conf.local
include "/etc/bind/named.conf.kallenberg.dk";
/var/lib/bind/kallenberg.dk.zone
$ORIGIN .
$TTL 86400 ; 1 day
kallenberg.dk IN SOA ns01.kallenberg.dk. ns02.kallenberg.dk. (
20171210 ; serial
7200 ; refresh (2 hours)
300 ; retry (5 minutes)
604800 ; expire (1 week)
60 ; minimum (1 minute)
)
IN NS ns01.kallenberg.dk.
IN NS ns02.kallenberg.dk.
A 212.237.182.56
$ORIGIN kallenberg.dk.
$TTL 86400 ; 1 day
ns01 IN A 192.168.1.36
ns02 IN A 192.168.1.37/var/lib/bind/1.168.192.zone
$ORIGIN .
$TTL 86400 ; 1 day
1.168.192.in-addr.arpa IN SOA ns01.kallenberg.dk. ns02.kallenberg.dk. (
20171210 ; serial
7200 ; refresh (2 hours)
300 ; retry (5 minutes)
604800 ; expire (1 week)
60 ; minimum (1 minute)
)
IN NS ns01.kallenberg.dk.
IN NS ns02.kallenberg.dk.
$ORIGIN 1.168.192.in-addr.arpa.
36 IN PTR ns01.kallenberg.dk
37 IN PTR ns02.kallenberg.dk
Start BIND
Finally start the service again
service bind9 start