How to Add a Local Zone - secure411dotorg/rpzone GitHub Wiki
###Choosing a name for your zone
We recommend you pick a unique name for your zone and one that does not identify you personally in case you decide to share your zone. In the example below, the zone name is shown as "replace-this". The intent is to discourage the use of a common default zone name.
###Add your zone to your BIND configuration
vi /etc/bind/named.rpzones
Add a block for your zone such as:
zone "replace-this" {
type master;
file "/opt/rpz-deliverables/replace-this.db";
allow-query { superadmin; ixfr_slaves; myresolvers; mytrustedfriends; };
allow-transfer { superadmin; ixfr_slaves; myresolvers; mytrustedfriends; };
allow-update{localhost;};
};
vi /etc/bind/named.conf.local
Add a line within the response-policy clause for your new zone such as:
zone "replace-this" policy GIVEN;
###Plan how you will update your zone
We show two methods here:
- a batch method which creates (or replaces) the entire zone: assemble_dname_zone.sh
VS
- incremental insertion or deletion: nsupdate
#####Only use the batch method the first time you create the zone and in rare cases of corruption or complete wipe out of a zone.
nsupdate can be used to insert or delete large numbers of hosts going forward. It is the correct, best, fastest way to maintain your zone on a day to day or minute to minute basis. Design both your automated and manual zone modifications to be done using nsupdate.
###Initialize your zone file
The helper script /opt/rpzone/scripts/assemble_dname_zone.sh takes an input file of hosts you want to list in your RPZone, adds the required header, and attempts validation of the assembled zone file.
#####1. Format initial hosts or CIDRs as a zone file
#####2. Trial validation of your formatted zone file
#####3. Restart BIND to load your new zone
#####4. Check logs for errors or success messages
#####5. Test queries
###Use nsupdate to add and remove records
[details and link to helper scripts]