Ref: https://www.richinfante.com/2020/02/21/bind9-on-my-lan
I recently installed bind9 on one of my raspberry pi’s to use as a dns server for my lan. Here’s my notes from the setup:
Installing BIND9
sudo apt install bind9 bind9utils bind9-doc
Configuring as a Forwarder
Configuration files for bind(9) are located in the /etc/bind directory. We can edit the named.conf.options file to configure our server as a forwarder.
// This is the local lan acl, configure to your subnet.
acl local-lan {
localhost;
192.168.1.0/24;
};
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
1.1.1.1; // Cloudflare
8.8.8.8; // Google
};
allow-query { local-lan; };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-enable no; dnssec-validation no;
auth-nxdomain no; // conform to RFC1035
listen-on-v6 { any; };
// Additional config for our usage
recursion yes;
querylog yes; // Disable if you want, nice for debugging.
version "not available"; // Disable for security
};
No comments:
Post a Comment