# -*- ispell-local-dictionary: "english" -*- #+TITLE: Bind v9 Domain name server * Usage ** Example =compose.yml= #+begin_src yaml dns: charm: bind options: vars: ## these vars are a facility to allow using `$var` in domain defs myip: 1.2.3.4 zones: ## __all__ will be applied to all domains defined here __all__: ns: ## '_' is translated to '@' in BIND v9 zone definition, which in ## in turn refers to the current domain being defined. _: (dns.mycompany.com,sdns1.ovh.net,ns6.gandi.net) mx: _: (1 ,(5 alt(1,2),10 alt(3,4)).)aspmx.l.google.com. mycompany.com: mx: news: 10 news ## Names will generate IN A/CNAME depending if an IP is detected or a name name: ## key and values can be expanded, the syntax uses the same logic ## than shell expansion with `{`, `}` and `,`. So this: ## `(_,dns,core(,-01))` will demux to `_ dns core core-01`, so all ## these keys will receive the following value. (_,dns,core(,-01)): $myip core-02: 4.5.6.7 ## You can specify after a space, a TTL that will be applied to all ## definitions inside the section: name 3h: ## `www` required not to be an IP by zonecheck (www,admin,smtp,beta,alpha,erp(,-beta)): core-01 news: 77.32.131.26 r.news: r.mailin.fr. img.news: img.mailin.fr. spf 3h: ## Remember that this is YAML that also offer nice syntaxic ## feature to avoid repeating values. _: &spf >- v=spf1 a a:smtp.free.fr a:smtp.mycompany.com include:spf.sendinblue.com mx ?all txt 3h: _: - *spf - Sendinblue-code:xxx - google-site-verification=yyy news: "v=spf1 include:spf.sendinblue.com mx ~all" mail._domainkey(,.news): "k=rsa;p=zzz" _dmarc.news: >- v=DMARC1; p=none; sp=none; rua=mailto:dmarc@mailinblue.com!10m; ruf=mailto:dmarc@mailinblue.com!10m; rf=afrf; pct=100; ri=86400 (othercompany.com,other-company.com): name: (_,www,mail): $myip (admin,beta): www #+end_src * Persistence backup will keep: - /etc/bind/rndc.key - /etc/bind/.db.$DOMAIN files keeping a hash of the configuration along with the given serial that matches the zone file. This is to be sure to advertise the same serial after a recovery.