ISC Bind: Difference between revisions
No edit summary |
|||
| Line 53: | Line 53: | ||
=Windows AD Dynamic Updates= | =Windows AD Dynamic Updates= | ||
Use these configurations to configure BIND to allow dynamic updates from Windows AD servers. | |||
===ACL=== | |||
acl "DOMAIN-CONTROLLERS" { | |||
10.144.30.101; // DC1-dave | |||
10.144.35.2; // DC2-dave | |||
10.150.30.5; // DC-jim | |||
}; | |||
===Zone Delcarations=== | |||
====Master Config==== | |||
zone "_msdcs.lambnet.us" IN { | |||
type master; | |||
file "dynamic/_msdcs.lambnet.us"; | |||
allow-update { DOMAIN-CONTROLLERS; }; | |||
}; | |||
zone "_sites.lambnet.us" IN { | |||
type master; | |||
file "dynamic/_sites.lambnet.us"; | |||
allow-update { DOMAIN-CONTROLLERS; }; | |||
}; | |||
zone "_tcp.lambnet.us" IN { | |||
type master; | |||
file "dynamic/_tcp.lambnet.us"; | |||
allow-update { DOMAIN-CONTROLLERS; }; | |||
}; | |||
zone "_udp.lambnet.us" IN { | |||
type master; | |||
file "dynamic/_udp.lambnet.us"; | |||
allow-update { DOMAIN-CONTROLLERS; }; | |||
}; | |||
====Slave Config==== | |||
zone "_msdcs.lambnet.us" IN { | |||
type slave; | |||
masters { 10.144.30.4; }; | |||
file "dynamic/_msdcs.lambnet.us"; | |||
allow-update-forwarding { DOMAIN-CONTROLLERS; }; | |||
}; | |||
zone "_sites.lambnet.us" IN { | |||
type slave; | |||
masters { 10.144.30.4; }; | |||
file "dynamic/_sites.lambnet.us"; | |||
allow-update-forwarding { DOMAIN-CONTROLLERS; }; | |||
}; | |||
zone "_tcp.lambnet.us" IN { | |||
type slave; | |||
masters { 10.144.30.4; }; | |||
file "dynamic/_tcp.lambnet.us"; | |||
allow-update-forwarding { DOMAIN-CONTROLLERS; }; | |||
}; | |||
zone "_udp.lambnet.us" IN { | |||
type slave; | |||
masters { 10.144.30.4; }; | |||
file "dynamic/_udp.lambnet.us"; | |||
allow-update-forwarding { DOMAIN-CONTROLLERS; }; | |||
}; | |||
===Logging=== | |||
channel update-log { | |||
file "/var/log/named/named.update" versions 5 size 5m; | |||
severity info; | |||
print-category yes; | |||
print-severity yes; | |||
print-time yes; | |||
}; | |||
category update { update-log; }; | |||
Revision as of 19:49, 21 January 2025
Config
Check Config
No output is good output ;)
named-checkconf /etc/named.conf
Zones
Reload All Zones From Config
rndc reload
Reload A Specific Zone
rndc reload [zonename]
Check A Zone's Status
rndc zonestatus [zonename]
Remove A Zone From Service
(just unloads zone from memory; doesn't delete the zone from config)
rndc delzone [zonename]
Add A Zone
- (zone must have been loaded from config already)*
rndc addzone [zonename]
Cache
Flush cache of a domain and all its subdomains
rndc flushtree name [view]
Example:
rndc flushtree website-to-flush.com internal
Flush cache of a domain
rndc flushname name [view]
Example:
rndc flushname website-to-flush.com internal
Windows AD Dynamic Updates
Use these configurations to configure BIND to allow dynamic updates from Windows AD servers.
ACL
acl "DOMAIN-CONTROLLERS" {
10.144.30.101; // DC1-dave
10.144.35.2; // DC2-dave
10.150.30.5; // DC-jim
};
Zone Delcarations
Master Config
zone "_msdcs.lambnet.us" IN {
type master;
file "dynamic/_msdcs.lambnet.us";
allow-update { DOMAIN-CONTROLLERS; };
};
zone "_sites.lambnet.us" IN {
type master;
file "dynamic/_sites.lambnet.us";
allow-update { DOMAIN-CONTROLLERS; };
};
zone "_tcp.lambnet.us" IN {
type master;
file "dynamic/_tcp.lambnet.us";
allow-update { DOMAIN-CONTROLLERS; };
};
zone "_udp.lambnet.us" IN {
type master;
file "dynamic/_udp.lambnet.us";
allow-update { DOMAIN-CONTROLLERS; };
};
Slave Config
zone "_msdcs.lambnet.us" IN {
type slave;
masters { 10.144.30.4; };
file "dynamic/_msdcs.lambnet.us";
allow-update-forwarding { DOMAIN-CONTROLLERS; };
};
zone "_sites.lambnet.us" IN {
type slave;
masters { 10.144.30.4; };
file "dynamic/_sites.lambnet.us";
allow-update-forwarding { DOMAIN-CONTROLLERS; };
};
zone "_tcp.lambnet.us" IN {
type slave;
masters { 10.144.30.4; };
file "dynamic/_tcp.lambnet.us";
allow-update-forwarding { DOMAIN-CONTROLLERS; };
};
zone "_udp.lambnet.us" IN {
type slave;
masters { 10.144.30.4; };
file "dynamic/_udp.lambnet.us";
allow-update-forwarding { DOMAIN-CONTROLLERS; };
};
Logging
channel update-log {
file "/var/log/named/named.update" versions 5 size 5m;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category update { update-log; };