Home    Scripts    Utilities     Softwares     Awards     Contact Me
Linux
Command Summary
File Permisions
Users/Groups
Partitions/FileSystems
SSH
IPTables
Apache
MD5 Checksum
MySQL
Bind
DjbDNS
CronD
Qmail
Vpopmail
Courier-IMAP
SpamAssassin
ClamAV
CVS
OpenVPN
PLESK
Setting up USB Wireless Modem HUAWEI ETS2551
RootKits
SHV4
T0rnKit
Flea
F**Kit
Networking
RedHat
Mandrake
Debian
Fedora
SlackWare
Gentoo
SUSE
Centos
FreeBSD
Encodings
Base64
QuotedPrintable
UU
URL
Encryption
RSA
BlowFish
DES
Tripple DES
2 Key Triple DES
SSL
Certificate Parser
CSR Parser

Bind

ACL's 


//defining acl's
// simple ip address acl
acl "someips" {
  10.0.0.1; 192.168.23.1; 192.168.23.15;
};
 // ip address acl with '/' format
 acl "moreips" {
  10.0.0.1; 
  192.168.23.128/25; // 128 IPs
};
// nested acl
acl "allips" {
  "someips"; 
  "moreips";
};
// messy acl
acl "complex" {
  "someips"; 
  10.0.15.0/24;
  !10.0.16.1/24; // negated
  {10.0.17.1;10.0.18.2;}; // nested
 };
// using acl's
zone "example.com" {
  type master;
  file "master.example.com";
  also-notify {"moreips";}; 
};
zone "example.net" {
  type slave;
  masters {192.168.2.3;192.168.2.4};
  file "slave.example.net;
  allow-transfer {"none";}; // this is a special acl
};

Binding bind to specific IPs


acl "local" {
        12.23.53.2; 127.0.0.1;
};


options {
        - - - - - -- - --
        listen-on {local;};
        - - - - - -- - --
};

Query access control


acl "local" {
        12.23.53.2; 127.0.0.1;
};
                                                                                
                                                                                
options {
        - - - - - -- - --
        allow-query {local;};
        - - - - - -- - --
};

Disallow Recursion

You must do this if you want your server to pass the PCI Approved security scans. 
options {
        - - - - - -- - - -- - 
        - - - - - -- - - -- - 
        recursion no;
};

Allow Recursion to specific IPs


acl "rec" {
        127.0.0.1;
};


options {
        - - - - - -- - - -- - 
        - - - - - -- - - -- - 
        allow-recursion {rec;};
};

Logging


logging {
  [ channel channel_name {
    ( file path_name
       [ versions ( number | unlimited ) ]
       [ size size_spec ]
     | syslog ( kern | user | mail | daemon | auth | syslog | lpr |
                news | uucp | cron | authpriv | ftp |
                local0 | local1 | local2 | local3 |
                local4 | local5 | local6 | local7 )
     | null );

    [ severity ( critical | error | warning | notice |
                 info  | debug [ level ] | dynamic ); ]
    [ print-category yes_or_no; ]
    [ print-severity yes_or_no; ]
    [ print-time yes_or_no; ]
  }; ]

  [ category category_name {
    channel_name; [ channel_name; ... ]
  }; ]
  ...
};
Example
logging{
  channel simple_log {
    file "/var/log/bind.log" versions 3 size 5m;
    severity warning;
    print-time yes;
    print-severity yes;
    print-category yes;
  };
  category default{
    simple_log;
  };
};

A sample Zone Entery 


zone "yourdomain.com" {
		type master;
		file "/var/named/yourdomain.com.zone";
		
		};
yourdomain.com.zone 
$ttl 38400
yourdomain.com.	IN      SOA     dns.yourdomain.com. webmaster.yourdomain.com. (
			1066493014
			10800
			3600
			604800
			38400 )
	IN		NS      dns.yourdomain.com.
	IN		MX      10      yourdomain.com.
	IN		A       10.15.27.39
*	IN		CNAME   yourdomain.com.
With TXT (SPF) 
$ttl 38400
abc.com.        IN      SOA     dns.abc.com. web.abc.com. (
                        1066493014
                        10800
                        3600
                        604800
                        38400 )
        IN              NS      dns.abc.com.
        IN              MX      10      abc.com.
        IN              A       10.15.27.39
test    IN              A       12.23.44.40
@       IN              TXT     "v=spf1 a -all"

SourceForge.net Logo









All trade marks are property of respective owners
All rights reserved 2003-2007, Openpages.info, Multan, Pakistan
          Contact Me