ISC Bind
Summary
ISC BIND (Berkeley Internet Name Domain) is one of the most widely used Domain Name System (DNS) server software packages. It is developed and maintained by the Internet Systems Consortium (ISC) and provides authoritative DNS services for mapping domain names to IP addresses and vice versa. BIND is used by many organizations, from small businesses to large-scale service providers, to implement DNS resolution and zone management.
Configuration
Check Config
No output is good output ;)
named-checkconf /etc/named.conf
Zones
Reload All Zones From Config
rndc reload
Reload A Specific Zone
rndc reload [zonename]
Check A Zone's Status
rndc zonestatus [zonename]
Remove A Zone From Service
(just unloads zone from memory; doesn't delete the zone from config)
rndc delzone [zonename]
Add A Zone
- (zone must have been loaded from config already)*
rndc addzone [zonename]
Cache
Flush cache of a domain and all its subdomains
rndc flushtree name [view]
Example:
rndc flushtree website-to-flush.com internal
Flush cache of a domain
rndc flushname name [view]
Example:
rndc flushname website-to-flush.com internal
Windows AD Dynamic Updates
Use these configurations to configure BIND to allow dynamic updates from Windows AD servers.
ACL
This makes later config easier, if you have more than one domain controller.
acl "DOMAIN-CONTROLLERS" {
10.144.30.101; // DC1-dave
10.144.35.2; // DC2-dave
10.150.30.5; // DC-jim
};
Zone Delcarations
Master Config
zone "_msdcs.lambnet.us" IN {
type master;
file "dynamic/_msdcs.lambnet.us";
allow-update { DOMAIN-CONTROLLERS; };
};
zone "_sites.lambnet.us" IN {
type master;
file "dynamic/_sites.lambnet.us";
allow-update { DOMAIN-CONTROLLERS; };
};
zone "_tcp.lambnet.us" IN {
type master;
file "dynamic/_tcp.lambnet.us";
allow-update { DOMAIN-CONTROLLERS; };
};
zone "_udp.lambnet.us" IN {
type master;
file "dynamic/_udp.lambnet.us";
allow-update { DOMAIN-CONTROLLERS; };
};
Slave Config
zone "_msdcs.lambnet.us" IN {
type slave;
masters { 10.144.30.4; };
file "dynamic/_msdcs.lambnet.us";
allow-update-forwarding { DOMAIN-CONTROLLERS; };
};
zone "_sites.lambnet.us" IN {
type slave;
masters { 10.144.30.4; };
file "dynamic/_sites.lambnet.us";
allow-update-forwarding { DOMAIN-CONTROLLERS; };
};
zone "_tcp.lambnet.us" IN {
type slave;
masters { 10.144.30.4; };
file "dynamic/_tcp.lambnet.us";
allow-update-forwarding { DOMAIN-CONTROLLERS; };
};
zone "_udp.lambnet.us" IN {
type slave;
masters { 10.144.30.4; };
file "dynamic/_udp.lambnet.us";
allow-update-forwarding { DOMAIN-CONTROLLERS; };
};
Logging
channel update-log {
file "/var/log/named/named.update" versions 5 size 5m;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category update { update-log; };