DNS server#
- DNS#
(Domain Name System) Distributed computer service that associates Internet domain names with their IP addresses or other types of records. — Wikipedia
CLUB1 self-hosts its own primary authoritative DNS server using BIND. It is replicated on 4 other secondary servers of two friends, Aymeric Agon-Rambosson (ricorambo.su) and Etienne Le Louët (jeanpierre.moe) with whom we made an exchange of DNS zones. This gives a total of 5 authoritative servers:
ns1.club1.fr (primaire)
ns1.ricorambo.su
ns2.ricorambo.su
ns3.ricorambo.su
ns1.jeanpierre.moe
The zones transfer is secured with TSIG and DNSSEC is enabled on club1.fr. BIND is also used as a DNS resolver for the local network.
See also
Online diagnostic tools: DNSSEC summary, DNSSEC viewer
Secondary zones hosting#
It is possible for CLUB1 to host DNS zones for other domains as a secondary server. The initial configuration must be done manually, but the updates will then be fully automated. TSIG will be used preferably to authenticate transfers. It is possible to send an email to hostmaster@club1.fr to discuss it.
Administration#
Only members of the sudo group can edit the DNS server configuration and some rules must be followed by administrators:
New zones and key inclusions are to be added to the
/etc/bind/named.conf.localfile.Primary zone files must be created in
/etc/bindwith a symbolic link in/var/lib/bind.Primary zone blocks must refer to the
/var/lib/bindfile.Secondary zone blocks must use a simple file name (which will then be relative to
/var/cache/bind).
The zone changes are mainly made by CLUB1 scripts, but in the case of a manual modification, do not forget to run the dns-bump script on the corresponding zonefile.