Aaron

Initial commit;

### Install Bind
```
yum install bind bind-utils
```
... ...
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
acl "trusted-recursion" {
localhost;
localnets;
192.168.0.0/16;
};
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
# Setup Google's dns as forwarders
forwarders {
8.8.8.8;
8.8.4.4;
};
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
zone "onnix.local" {
type master;
file "dynamic/onnix.local"; # zone file path
#allow-transfer { 192.168.0.102; };
notify yes;
};
zone "0.168.192.in-addr.arpa" in {
type master;
file "dynamic/0.168.192.in-addr.arpa.zone";
#allow-transfer { 192.168.1.102; };
notify yes;
};
... ...
$ORIGIN 0.168.192.in-addr.arpa.
$TTL 86400 ; 1 day
@ IN SOA ns1.onnix.local. root.onnix.local. (
1 ; Serial
7200 ; refresh (2 hous)
7200 ; retry (2 hours)
2419200 ; expire (5 weeks 6 days 16 hours)
86400 ) ; minimum (1 day)
0.168.192.in-addr.arpa. IN NS ns1.onnix.local.
132 IN PTR ns1.onnix.local.
... ...
$ORIGIN 1.168.192.in-addr.arpa.
$TTL 86400 ; 1 day
@ IN SOA ns1.onnix.local. root.onnix.local. (
1 ; Serial
7200 ; refresh (2 hous)
7200 ; retry (2 hours)
2419200 ; expire (5 weeks 6 days 16 hours)
86400 ) ; minimum (1 day)
1.168.192.in-addr.arpa. IN NS ns1.onnix.local.
132 IN PTR ns1.onnix.local.
... ...
; Remember to update the serial by 1 each time you edit this file!
$TTL 300 ; 5 minutes
@ IN SOA ns1.onnix.local. root.onnix.local. (
1 ; Serial
3600 ; Refresh
300 ; Retry
1814400 ; Expire
300 ) ; Negative Cache TTL
; name servers - NS records
IN NS ns1.onnix.local.
; name servers - A records
ns1.onnix.local. IN A 192.168.0.132
onnix.local. IN A 192.168.0.132
vm-host.onnix.local. IN A 192.168.0.132
core-router.onnix.local. IN A 192.168.0.254
wifi-1.onnix.local. IN A 192.168.0.253
wifi-2.onnix.local. IN A 192.168.0.128
gateway.onnix.local. IN A 192.168.1.254
... ...