Autoritativer DNS-Server mit dnsmasq



Diese Seite wurde vor mehr als 2 Jahren erstellt und vor über einem Monat zuletzt bearbeitet. Eventuell ist längst ihr Mindesthaltbarkeitsdatum überschritten!

Einen autoritativen DNS auf einem Root-Server bei Host Europe von Bind9 zu dnsmasq umgeschaltet. Als Anleitung/Anhaltspunkt hier die funktionierende, anonymisierte und kommentierte Konfigurationsdatei dnsmasq.conf.

Tipp: Zum Starten Suchen und Ersetzen:

Zu 100% sicher bin ich mir nicht, ich warte noch auf eine Mail von Simon Kelley. Trotzdem schon mal Viel Erfolg.

# ----------------------------------------------------------------------------
# Authoritative DNS config for fqdn.of.rootserver.com
# Example for replacing Bind with dnsmasq
# Source: Stefan Onderka, http://www.onderka.com
# Description: https://www.onderka.com/computer-und-netzwerk/autoritativer-dns-server-mit-dnsmasq/
# Revision 2016-02-10
# ----------------------------------------------------------------------------
# https://www.onderka.com/computer-und-netzwerk/eigener-dyndns-mit-dnsmasq-apache-und-php/
# https://www.onderka.com/computer-und-netzwerk/eigener-dyndns-mit-bind-apache-und-php/
# http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
# http://www.thekelleys.org.uk/dnsmasq/doc.html
# http://www.thekelleys.org.uk/dnsmasq/docs/FAQ
# http://comments.gmane.org/gmane.network.dns.dnsmasq.general/7621
# https://wiki.archlinux.org/index.php/dnsmasq
# ----------------------------------------------------------------------------
# Hostname:     fqdn.of.rootserver.com
# IPv4 address: 10.20.30.40
# IPv6 address: ip:v6::ad::dr:ess
# ----------------------------------------------------------------------------

# Basics
# ----------------------------------------------------------------------------
listen-address=127.0.0.1
listen-address=10.20.30.40
listen-address=ip:v6::ad::dr:ess
no-dhcp-interface=eth0
# Port
port=53
bind-interfaces
#bogus-priv
#domain-needed
# User and group
user=dnsmasq
group=root
# PID file
pid-file=/var/run/dnsmasq/dnsmasq.pid
all-servers
dns-forward-max=100
# TTL for auth replies
auth-ttl=600

# Logging
# ----------------------------------------------------------------------------
# Log to file
log-facility=/var/log/dnsmasq.log
# Log all queries
log-queries
# Query cache
cache-size=16384
# Asynchronous logging, up to 50 lines
log-async=50

# Config files and folders (DynDNS files)
# ----------------------------------------------------------------------------
# Do not read /etc/resolv.conf
no-resolv
# Do not poll /etc/resolv.conf
no-poll
# Do not read /etc/hosts
no-hosts
# Read *.conf from this folder
conf-dir=/var/www/ddns.example.com/dnsmasq/,*.conf

# Authoritative DNS on interface eth0
# ----------------------------------------------------------------------------
auth-server=fqdn.of.rootserver.com,eth0

# My zones and their subnets
# ----------------------------------------------------------------------------
auth-zone=fqdn.of.rootserver.com,10.20.30.40/32,ip:v6::ad::dr:ess/128
auth-zone=example.com,10.20.30.40/32,ip:v6::ad::dr:ess/128
# DDNS zone without subnet(s), contains "foreign" IPs
auth-zone=ddns.example.com
auth-zone=example.org,10.20.30.40/32,ip:v6::ad::dr:ess/128
auth-zone=example.net,10.20.30.40/32,ip:v6::ad::dr:ess/128
auth-zone=another-domain.de,10.20.30.40/32,ip:v6::ad::dr:ess/128

# Local (not forwarded in any case)
# ----------------------------------------------------------------------------
local=/example.com/10.20.30.40
domain=example.com
local=/ddns.example.com/10.20.30.40
domain=ddns.example.com
local=/example.org/10.20.30.40
domain=example.org
local=/example.net/10.20.30.40
domain=example.net
local=/another-domain.de/10.20.30.40
domain=another-domain.de

# SOA config
# ----------------------------------------------------------------------------
auth-soa=2016021014,hostmaster.example.com,1200,120,604800

# Slave NS: nameserver2.provider.com (50.60.70.80)
# ----------------------------------------------------------------------------
# Secondary NS (slave NS at provider)
auth-sec-servers=nameserver2.provider.com
# Allow zone transfers to secondary NS
auth-peer=50.60.70.80

# A/AAAA records - Only 1st address creates PTR record!
# ----------------------------------------------------------------------------
# MX: A/IPv4 only
host-record=mail.example.com,10.20.30.40
# ipv6.example.com: AAAA/IPv6 only
host-record=ipv6.example.com,ip:v6::ad::dr:ess
# All others: A/IPv4 and AAAA/IPv6
host-record=example.com,10.20.30.40,ip:v6::ad::dr:ess
host-record=ddns.example.com,10.20.30.40,ip:v6::ad::dr:ess
host-record=example.org,10.20.30.40,ip:v6::ad::dr:ess
host-record=example.net,10.20.30.40,ip:v6::ad::dr:ess
host-record=another-domain.de,10.20.30.40,ip:v6::ad::dr:ess
host-record=fqdn.of.rootserver.com,10.20.30.40,ip:v6::ad::dr:ess
# Provide an A record for secondary NS
host-record=nameserver2.provider.com,50.60.70.80

# PTR & Reverse
# ----------------------------------------------------------------------------
server=/30.20.10.in-addr.arpa/10.20.30.40
ptr-record=40.30.20.10.in-addr.arpa,mail.example.com
ptr-record=40.30.20.10.in-addr.arpa,example.com
ptr-record=40.30.20.10.in-addr.arpa,ddns.example.com
ptr-record=40.30.20.10.in-addr.arpa,example.org
ptr-record=40.30.20.10.in-addr.arpa,example.net
ptr-record=40.30.20.10.in-addr.arpa,another-domain.de

# MX records
# ----------------------------------------------------------------------------
# All domains use MX mail.example.com
mx-host=fqdn.of.rootserver.com,mail.example.com,10
mx-host=example.com,mail.example.com,10
mx-host=example.org,mail.example.com,10
mx-host=example.net,mail.example.com,10
mx-host=another-domain.de,mail.example.com,10

# TXT records (SPF, DKIM, fun etc.)
# ----------------------------------------------------------------------------
# A note for the MX
txt-record=mail.example.com,"No, this is not a Microsoft Exchange server..."
# SPF and DKIM records
txt-record=fqdn.of.rootserver.com,"v=spf1 +a +mx -all"
txt-record=example.com,"v=spf1 +a +mx -all"
txt-record=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx._domainkey.example.com,"v=DKIM1; k=rsa; p=..."
txt-record=example.org,"v=spf1 +a +mx -all"
txt-record=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx._domainkey.example.org,"v=DKIM1; k=rsa; p=..."
txt-record=example.net,"v=spf1 +a +mx -all"
txt-record=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx._domainkey.example.net,"v=DKIM1; k=rsa; p=..."
txt-record=another-domain.de,"v=spf1 +a +mx -all"
txt-record=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx._domainkey.another-domain.de,"v=DKIM1; k=rsa; p=..."

# CNAME records
# ----------------------------------------------------------------------------
# Subdomains of example.com
cname=subdomain1.example.com,example.com
cname=subdomain2.example.com,example.com
cname=subdomain3.example.com,example.com
# www. and ftp. for all domains
cname=www.example.com,example.com
cname=ftp.example.com,example.com
cname=www.example.org,example.org
cname=ftp.example.org,example.org
cname=www.example.net,example.net
cname=ftp.example.net,example.net
cname=www.another-domain.de,another-domain.de
cname=ftp.another-domain.de,another-domain.de

# End
# ----------------------------------------------------------------------------

Die Teile der DynDNS-Funktionalität sind in diesem Artikel nachzulesen.


24 andere Seiten unter 'Computer und Netzwerk'

Permalink CC BY-NC 4.0 DEED 52432 2 10.02.2016 26.03.2021