Skip to content

BIND (DNS)

ручное обновление записи

nsupdate
    > server hst03.company.ru
    > zone airpbx.ru
    > update add 90.16.127.98.in-addr.arpa 600 IN PTR testr.company.ru.
    > send
    > update add testr.company.ru. 600 IN A 98.127.16.90
    > send

Проверка конфигурации BIND

named-checkconf /var/named/etc/named.conf

Перезапуск конфигурации BIND

rndc reload

Bind DNSSec

Enable zone for DNSSec

inline-signing yes;
dnssec-policy "default";

Check Bind config

named-checkconf /etc/bind/named.conf
named-checkzone domain.com /var/lib/bind/masters/domain.com
rndc reconfig

Bind zone status

rndc zonestatus domain.com IN public

Bind DNSSec status

rndc dnssec -status domain.com IN public

Dig query DNSSec

dig @127.0.0.1 domain.com +dnssec +multiline
dig @127.0.0.1 domain.com DNSKEY +multiline

Dig query get DS RR record for parent zone

(d=domain.com; dig +norecurse "$d". DNSKEY | dnssec-dsfromkey -f - "$d")

DNSSec Web anchors

https://dnsviz.net/d/pluto.prosp.domain.com/dnssec/

Bind change ORIGIN inside zone

Zone file: 

$ORIGIN domain.com.
time                    CNAME   ntp.in
$TTL 43200      ; 12 hours
alias1                 A       1.2.3.4
$TTL 3600       ; 1 hour
alias2                  A       11.22.33.44
$ORIGIN alias2.domain.com.
$TTL 600        ; 10 minutes
*                       CNAME   alias2.domain.com.