Jump to content

Bind/zonefile

From MattWiki

Below is a sample Bind zone file for the domain example.com.

<syntaxhighlight lang="rails">

BIND zone file for the example.com domain

$TTL 6h @ IN SOA ns1.example.com. admin.example.com. (

                                       2017042301      ; Serial
                                       6h              ; Refresh
                                       30m             ; Retry
                                       2w              ; Expire
                                       12h )           ; Negative Cache TTL
The Domains Default Host

@ 5m IN A 123.45.67.89

The Authoritative DNS Servers

@ 1d IN NS ns1.example.com. @ 1d IN NS ns2.example.com. ns1 1d IN A 12.34.56.78 ns1 1d IN AAAA 2604:a880:800:10::1234:1001 ns2 1d IN A 87.65.43.21 ns2 1d IN AAAA 2604:a880:800:10::1234:2001

The Domains Mail Servers

@ 1w IN MX 1 aspmx.l.google.com. @ 1w IN MX 5 alt1.aspmx.l.google.com. @ 1w IN MX 5 alt2.aspmx.l.google.com. @ 1w IN MX 10 alt3.aspmx.l.google.com. @ 1w IN MX 10 alt4.aspmx.l.google.com.

The Domains Main Section

blog IN CNAME example.wordpress.com. gh IN CNAME example.github.com. git IN CNAME example.com. code IN CNAME example.com. pgp IN CNAME example.com. time IN CNAME example.com. ns IN CNAME example.com. openpgpkeys IN CNAME example.com. smtp IN CNAME mail.example.com. status IN CNAME uptime.statuscake.com. wiki IN CNAME example.com. www IN CNAME example.com. technology IN CNAME example.com.

The Domains OpenPGP Keyserver Service

keyserver 5m IN A 73.164.0.249 www.keyserver IN CNAME keyserver.example.com. _pgpkey-https._tcp.keyserver IN SRV 0 1 443 keyserver.example.com.

The Domains XMPP Service

im 5m IN A 123.45.67.89 im 5m IN AAAA 2604:a880:800:10::1234:5001 conference IN CNAME im.example.com. proxy IN CNAME im.example.com. _xmpp-client._tcp IN SRV 0 5 5222 im.example.com. _xmpp-server._tcp IN SRV 0 5 5269 im.example.com. _xmpp-server._tcp.conference IN SRV 0 5 5269 im.example.com.

The Domains Domainkey & SPF Records

@ 1w IN SPF "v=spf1 include:_spf.google.com ~all" @ 1w IN TXT "v=spf1 include:_spf.google.com ~all"

TLSA Record pinned to the TLS/SSL Cert used by the host - updated via script

_443._tcp.code.example.com. IN TLSA 3 1 1 dd5f45b479cc19e697c33c676161df9e6466a9a728584b1c881e18222f9ada31 _443._tcp.keyserver.example.com. IN TLSA 3 1 1 e677073271638e936eb3846c7aacfd3d387b831aa953b7486dc8f6227798f70b _443._tcp.example.com. IN TLSA 3 1 1 666c328a58f4637a485d0ce07da52597df65bde7ff562cc952505ca70cc2d875 _443._tcp.openpgpkeys.example.com. IN TLSA 3 1 1 876d3c502971184112942405ae26439240aaa1ed2373e330a0fe7da5b27405f1 _443._tcp.wiki.example.com. IN TLSA 3 1 1 5f6c8672525e854900a60d0e3a85c22c278944b11a44b07e25b1b13fece1005a _5269._tcp.example.com. IN TLSA 3 1 1 666c328a58f4637a485d0ce07da52597df65bde7ff562cc952505ca70cc2d875 _5269._tcp.im.example.com. IN TLSA 3 1 1 666c328a58f4637a485d0ce07da52597df65bde7ff562cc952505ca70cc2d875 _5222._tcp.example.com. IN TLSA 3 1 1 666c328a58f4637a485d0ce07da52597df65bde7ff562cc952505ca70cc2d875 _5222._tcp.im.example.com. IN TLSA 3 1 1 666c328a58f4637a485d0ce07da52597df65bde7ff562cc952505ca70cc2d875

OpenPGP PKA Records

m._pka IN TXT "v=pka1;fpr=77F1D65B5FF054DC928660780314CD8503305F35;uri=https://example.com/keys/0x03305F35.asc" matt._pka IN TXT "v=pka1;fpr=71FD20E328158C322133FBBEC4909EE495B0761F;uri=https://example.com/keys/0xc4909ee495b0761f.asc"

$INCLUDE /etc/bind/keys/Kexample.com.+007+12303.key $INCLUDE /etc/bind/keys/Kexample.com.+007+16619.key </syntaxhighlight>