ISC Bind

From Dave-Wiki
Revision as of 19:52, 21 January 2025 by Dave (talk | contribs) (→‎ACL)

Config

Check Config

No output is good output ;) 

named-checkconf /etc/named.conf

Zones

Reload All Zones From Config

rndc reload

Reload A Specific Zone

rndc reload [zonename]

Check A Zone's Status

rndc zonestatus [zonename]

Remove A Zone From Service

(just unloads zone from memory; doesn't delete the zone from config) 

rndc delzone [zonename]

Add A Zone

  • (zone must have been loaded from config already)*
rndc addzone [zonename]

Cache

Flush cache of a domain and all its subdomains

 rndc flushtree name [view]

Example: 

 rndc flushtree website-to-flush.com internal

Flush cache of a domain

 rndc flushname name [view]

Example: 

 rndc flushname website-to-flush.com internal

Windows AD Dynamic Updates

Use these configurations to configure BIND to allow dynamic updates from Windows AD servers.

ACL

This makes later config easier, if you have more than one domain controller. 

 acl "DOMAIN-CONTROLLERS" {
     10.144.30.101;  // DC1-dave
     10.144.35.2;    // DC2-dave
     10.150.30.5;    // DC-jim
 };

Zone Delcarations

Master Config

 zone "_msdcs.lambnet.us" IN {
     type master;
     file "dynamic/_msdcs.lambnet.us";
     allow-update { DOMAIN-CONTROLLERS; };
 };
 
 zone "_sites.lambnet.us" IN {
     type master;
     file "dynamic/_sites.lambnet.us";
     allow-update { DOMAIN-CONTROLLERS; };
 };
 
 zone "_tcp.lambnet.us" IN {
     type master;
     file "dynamic/_tcp.lambnet.us";
     allow-update { DOMAIN-CONTROLLERS; };
 };
 
 zone "_udp.lambnet.us" IN {
     type master;
     file "dynamic/_udp.lambnet.us";
     allow-update { DOMAIN-CONTROLLERS; };
 };

Slave Config

 zone "_msdcs.lambnet.us" IN {
     type slave;
     masters { 10.144.30.4; };
     file "dynamic/_msdcs.lambnet.us";
     allow-update-forwarding { DOMAIN-CONTROLLERS; };
 };
 
 zone "_sites.lambnet.us" IN {
     type slave;
     masters { 10.144.30.4; };
     file "dynamic/_sites.lambnet.us";
     allow-update-forwarding { DOMAIN-CONTROLLERS; };
 };
 
 zone "_tcp.lambnet.us" IN {
     type slave;
     masters { 10.144.30.4; };
     file "dynamic/_tcp.lambnet.us";
     allow-update-forwarding { DOMAIN-CONTROLLERS; };
 };
 
 zone "_udp.lambnet.us" IN {
     type slave;
     masters { 10.144.30.4; };
     file "dynamic/_udp.lambnet.us";
     allow-update-forwarding { DOMAIN-CONTROLLERS; };
 };

Logging

 channel update-log {
     file "/var/log/named/named.update" versions 5 size 5m;
     severity info;
     print-category yes;
     print-severity yes;
     print-time yes;
 };
 
 category update       { update-log; };
Retrieved from "https://davehome.net/wiki/index.php?title=ISC_Bind&oldid=415"