From 5bfe45cee11ea0547ad4304eccb56eca9e778875 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anton=20Luka=20=C5=A0ijanec?= Date: Tue, 2 Aug 2022 20:19:30 +0200 Subject: popravil desc, osnutki za dns, mail in rfc2136 --- _posts/dns.md | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 _posts/dns.md (limited to '_posts/dns.md') diff --git a/_posts/dns.md b/_posts/dns.md new file mode 100644 index 0000000..bbac1ac --- /dev/null +++ b/_posts/dns.md @@ -0,0 +1,80 @@ +apt install bind9 + +mkdir /etc/bind/keys + +dnssec-keygen -K /etc/bind/keys -f KSK -a ECDSAP256SHA256 -n ZONE sijanec.eu +dnssec-keygen -a ECDSAP256SHA256 -n ZONE sijanec.eu +dnssec-keygen -K /etc/bind/keys -f KSK -a ECDSAP256SHA256 -n ZONE sijanec.org +dnssec-keygen -a ECDSAP256SHA256 -n ZONE sijanec.org +in tako dalje za vse domene + +chown -R bind:bind /etc/bind/keys + +vim /etc/bind9/named.conf.options + options { + directory "/var/cache/bind"; + check-names master warn; + check-names slave warn; + recursion yes; + allow-recursion { any; }; + querylog yes; + allow-transfer { any; }; + allow-query { any; }; + dnssec-validation auto; + listen-on-v6 { any; }; + }; +vim /etc/bind/named.conf.local + zone "sijanec.eu" { + type master; + file "/var/lib/bind/db.sijanec.eu"; + key-directory "/etc/bind/keys"; + auto-dnssec maintain; + inline-signing yes; + }; + zone "sijanec.org" { + type master; + file "/var/lib/bind/db.sijanec.org"; + key-directory "/etc/bind/keys"; + auto-dnssec maintain; + inline-signing yes; + }; + in tako dalje za vse domene + +če pa konfiguriramo suženjski DNS strežnik, pa v /etc/bind/named.conf.local napišemo + zone "sijanec.eu" { + type slave; + file "/var/lib/bind/db.sijanec.eu"; + allow-transfer { 93.103.235.126/32; }; + // IP naslov glavnega DNS strežnika + masters { 93.103.235.126; }; + }; + zone "sijanec.org" { + type slave; + file "/var/lib/bind/db.sijanec.org"; + allow-transfer { 93.103.235.126/32; }; + masters { 93.103.235.126/32; }; + }; + in tako dalje za vse domene + +na glavnem DNS strežniku v datoteko /var/lib/bind/db.sijanec.eu vpišemo DNS zone + $TTL 300 + @ IN SOA ns1.sijanec.org. abuse.sijanec.eu. ( + 10 ; serijska številka za DNS zone, povečaj za 10 ob spremembi + 301 ; refresh + 299 ; retry + 31556926 ; po enem letu nedelovanja NS1 sužnji pozabijo domeno + 30 ; TTL za NXDOMAIN, negative cache TTL + ) ; abuse.sijanec.eu. je poštni naslov abuse@sijanec.eu - spremeni ga + ; ns1.sijanec.eu. je glavni DNS strežnik za domeno - spremeni ga + @ IN NS ns1.sijanec.eu. ; glavni strežnik + @ IN NS ns2.sijanec.eu. ; DNS suženj + @ IN A 84.255.241.83 + in tako dalje za dodatne zapise + +za vse dodatne domene, ki naj imajo isto zone datoteko, lahko samo narediš symlinke. nikakor ne sme biti "file" direktiva v named.conf.local enaka pri več različnih DNS zone deklaracijah enaka, lahko pa kaže na symlink. + +za vsako dodatno domeno torej: +ln -s db.sijanec.eu /var/lib/bind/db.sijanec.org +ln -s db.sijanec.eu /var/lib/bind/db.sijanec.net + +systemctl restart bind9 -- cgit v1.2.3