Bind/zonefile

From MattWiki
Jump to: navigation, search

Below is a sample Bind zone file for the domain example.com.

;
; BIND zone file for the example.com domain
;
$TTL    6h
@               IN      SOA     ns1.example.com. admin.example.com. (
                                        2017042301      ; Serial
                                        6h              ; Refresh
                                        30m             ; Retry
                                        2w              ; Expire
                                        12h )           ; Negative Cache TTL

; The Domains Default Host
@       5m      IN      A       123.45.67.89

; The Authoritative DNS Servers
@       1d      IN      NS      ns1.example.com.
@       1d      IN      NS      ns2.example.com.
ns1     1d      IN      A       12.34.56.78
ns1     1d      IN      AAAA    2604:a880:800:10::1234:1001
ns2     1d      IN      A       87.65.43.21
ns2     1d      IN      AAAA    2604:a880:800:10::1234:2001

; The Domains Mail Servers
@       1w      IN      MX      1  aspmx.l.google.com.
@       1w      IN      MX      5  alt1.aspmx.l.google.com.
@       1w      IN      MX      5  alt2.aspmx.l.google.com.
@       1w      IN      MX      10 alt3.aspmx.l.google.com.
@       1w      IN      MX      10 alt4.aspmx.l.google.com.

; The Domains Main Section
blog            IN      CNAME   example.wordpress.com.
gh              IN      CNAME   example.github.com.
git             IN      CNAME   example.com.
code            IN      CNAME   example.com.
pgp             IN      CNAME   example.com.
time            IN      CNAME   example.com.
ns              IN      CNAME   example.com.
openpgpkeys     IN      CNAME   example.com.
smtp            IN      CNAME   mail.example.com.
status          IN      CNAME   uptime.statuscake.com.
wiki            IN      CNAME   example.com.
www             IN      CNAME   example.com.
technology      IN      CNAME   example.com.

; The Domains OpenPGP Keyserver Service
keyserver 5m    IN      A       73.164.0.249
www.keyserver   IN      CNAME   keyserver.example.com.
_pgpkey-https._tcp.keyserver IN SRV 0 1 443 keyserver.example.com.

; The Domains XMPP Service
im      5m      IN      A       123.45.67.89
im      5m      IN      AAAA    2604:a880:800:10::1234:5001
conference      IN      CNAME   im.example.com.
proxy           IN      CNAME   im.example.com.
_xmpp-client._tcp IN    SRV     0 5 5222 im.example.com.
_xmpp-server._tcp IN    SRV     0 5 5269 im.example.com.
_xmpp-server._tcp.conference IN SRV 0 5 5269 im.example.com.

; The Domains Domainkey & SPF Records
@       1w      IN      SPF     "v=spf1 include:_spf.google.com ~all"
@       1w      IN      TXT     "v=spf1 include:_spf.google.com ~all"

; TLSA Record pinned to the TLS/SSL Cert used by the host - updated via script
_443._tcp.code.example.com. IN TLSA 3 1 1 dd5f45b479cc19e697c33c676161df9e6466a9a728584b1c881e18222f9ada31
_443._tcp.keyserver.example.com. IN TLSA 3 1 1 e677073271638e936eb3846c7aacfd3d387b831aa953b7486dc8f6227798f70b
_443._tcp.example.com. IN TLSA 3 1 1 666c328a58f4637a485d0ce07da52597df65bde7ff562cc952505ca70cc2d875
_443._tcp.openpgpkeys.example.com. IN TLSA 3 1 1 876d3c502971184112942405ae26439240aaa1ed2373e330a0fe7da5b27405f1
_443._tcp.wiki.example.com. IN TLSA 3 1 1 5f6c8672525e854900a60d0e3a85c22c278944b11a44b07e25b1b13fece1005a
_5269._tcp.example.com. IN TLSA 3 1 1 666c328a58f4637a485d0ce07da52597df65bde7ff562cc952505ca70cc2d875
_5269._tcp.im.example.com. IN TLSA 3 1 1 666c328a58f4637a485d0ce07da52597df65bde7ff562cc952505ca70cc2d875
_5222._tcp.example.com. IN TLSA 3 1 1 666c328a58f4637a485d0ce07da52597df65bde7ff562cc952505ca70cc2d875
_5222._tcp.im.example.com. IN TLSA 3 1 1 666c328a58f4637a485d0ce07da52597df65bde7ff562cc952505ca70cc2d875

; OpenPGP PKA Records
m._pka          IN      TXT     "v=pka1;fpr=77F1D65B5FF054DC928660780314CD8503305F35;uri=https://example.com/keys/0x03305F35.asc"
matt._pka       IN      TXT     "v=pka1;fpr=71FD20E328158C322133FBBEC4909EE495B0761F;uri=https://example.com/keys/0xc4909ee495b0761f.asc"

$INCLUDE /etc/bind/keys/Kexample.com.+007+12303.key
$INCLUDE /etc/bind/keys/Kexample.com.+007+16619.key