設定 BIND9 伺服器

關於 BIND 的設定之前(2014)有寫過一篇，不過年代久遠。兩相對照語法，其實架構沒太大改變。現在都用免費託管方案 Cloudflare DNS 顯少自己維運，畢竟還是有機會被打爆。

/etc/bind# vim named.conf.local

zone "example.com" in {
  type master;
  file "/etc/bind/db.example.com";
};

/etc/bind# vim db.example.com

$TTL    86400
$ORIGIN example.com.    ; base domain-name

@  IN  SOA  dns.example.com. admin.example.com. (
   20230909    ; Serial
   43200       ; Refresh
   3600        ; Retry
   1209600     ; Expire
   180 )       ; Minimum TTL

; Nameservers
@                  IN  NS  dns.example.com.;

; Records
dns.example.com.   IN  A   [IP];
test.example.com.  IN  A   [IP];

/etc/bind# vim named.conf.options

options {
  directory "/var/cache/bind";
  dnssec-validation auto;
  
  auth-nxdomain yes;    # conform to RFC1035
  listen-on-v6 { none; };
  listen-on port 53 { any; };
  allow-query { any; };
  allow-query-cache { none; };
  recursion no; 
  also-notify { };
};