DNS server#
- DNS#
(Domain Name System) Service informatique distribué qui associe les noms de domaine Internet avec leurs adresses IP ou d’autres types d’enregistrements. — Wikipedia
CLUB1 self-hosts its own primary authoritative DNS server using BIND. It is replicated on 4 other secondary servers: those of two friends, Aymeric Agon-Rambosson (ricorambo.su) and Etienne Le Louët (jeanpierre.moe) with whom we made an exchange of DNS zones and 2 others, provided free of charge by Hurricane Electrics. This gives a total of 5 authoritative servers:
ns1.club1.fr (primaire)
ns1.ricorambo.su
ns1.jeanpierre.moe
ns1.he.net
ns2.he.net
The zones transfer is secured with TSIG and DNSSEC is enabled on club1.fr. BIND is also used as a DNS resolver for the local network.
See also
Online diagnostic tools: delegation, DNSSEC summary, DNSSEC viewer
Secondary zones hosting#
It is possible for CLUB1 to host DNS zones for other domains as a secondary server. The initial configuration must be done manually, but the updates will then be fully automated. TSIG will be used preferably to authenticate transfers. It is possible to send an email to hostmaster@club1.fr to discuss it.
Administration#
Only members of the sudo group can edit the DNS server configuration and some rules must be followed by administrators:
New zones and key inclusions are to be added to the
/etc/bind/named.conf.localfile.Primary zone files must be created in
/etc/bindwith a symbolic link in/var/lib/bind.Primary zone blocks must refer to the
/var/lib/bindfile.Secondary zone blocks must use a simple file name (which will then be relative to
/var/cache/bind).
Les modifications de zones sont principalement réalisées par les scripts CLUB1,
mais dans le cas d’une modification manuelle,
ne pas oublier de lancer le script dns-bump sur le fichier de zone en question.