initial

generate-tsig-key.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+# Script to generate TSIG key for BIND
+
+echo "Generating TSIG key for secure zone transfers..."
+
+# Generate a new TSIG key
+tsig-keygen -a HMAC-SHA256 transfer-key > /etc/named/transfer-key.conf
+
+echo "TSIG key generated and saved to /etc/named/transfer-key.conf"
+echo ""
+echo "To use this key:"
+echo "1. Include the key file in your named.conf with: include \"/etc/named/transfer-key.conf\";"
+echo "2. Copy the key to all secondary servers"
+echo "3. Configure secondary servers to use the same key"
+echo ""
+echo "Key content:"
+cat /etc/named/transfer-key.conf

generate-zones.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+
+# Script to generate zone configurations
+
+ZONES_FILE="/etc/named/zones.conf"
+ZONES_DIR="/var/named"
+
+# List of domains
+DOMAINS=(
+    "whiskeylimahotel.de"
+    "example.com"
+    "test.org"
+)
+
+echo "// Auto-generated zone configurations" > $ZONES_FILE
+echo "// Generated on $(date)" >> $ZONES_FILE
+echo "" >> $ZONES_FILE
+
+for domain in "${DOMAINS[@]}"; do
+    cat >> $ZONES_FILE << EOF
+zone "$domain" {
+    type master;
+    file "$domain.zone";
+    allow-transfer { secondaries; };
+    notify yes;
+    also-notify {
+        213.239.242.238;
+        213.133.100.103;
+        193.47.99.3;
+    };
+};
+
+EOF
+done
+
+echo "Zone configurations generated in $ZONES_FILE"

named.conf

@@ -0,0 +1,84 @@
+// BIND Configuration for Hidden Primary Server
+
+options {
+    directory "/var/named";
+    pid-file "/var/run/named/named.pid";
+    
+    // Hide version information
+    version "DNS Server";
+    
+    // Listen on all IPv4 interfaces on port 8053
+    listen-on port 8053 { any; };
+    listen-on-v6 { none; };
+    
+    // Allow queries from anywhere (read-only)
+    allow-query { any; };
+    
+    // Disable recursion (authoritative only)
+    recursion no;
+    
+    // Transfer settings
+    also-notify {
+        213.239.242.238;
+        213.133.100.103;
+        193.47.99.3;
+    };
+    
+    // Default transfer restrictions
+    allow-transfer { none; };
+};
+
+// TSIG Key for secure transfers
+key "transfer-key" {
+    algorithm hmac-sha256;
+    secret "REPLACE_WITH_YOUR_BASE64_ENCODED_KEY";
+};
+
+// ACL for secondary servers
+acl "secondaries" {
+    key transfer-key;
+    213.239.242.238;
+    213.133.100.103;
+    193.47.99.3;
+};
+
+// Template for standard zones
+zone-template "standard-zone" {
+    type master;
+    allow-transfer { secondaries; };
+    notify yes;
+    also-notify {
+        213.239.242.238;
+        213.133.100.103;
+        193.47.99.3;
+    };
+};
+
+// Zone configurations using template
+zone "whiskeylimahotel.de" using-template "standard-zone" {
+    file "whiskeylimahotel.de.zone";
+};
+
+// Logging configuration
+logging {
+    channel default_log {
+        file "/var/log/named/named.log" versions 3 size 5m;
+        severity info;
+        print-time yes;
+        print-severity yes;
+        print-category yes;
+    };
+    
+    channel transfer_log {
+        file "/var/log/named/transfers.log" versions 3 size 5m;
+        severity info;
+        print-time yes;
+        print-severity yes;
+        print-category yes;
+    };
+    
+    category default { default_log; };
+    category xfer-in { transfer_log; };
+    category xfer-out { transfer_log; };
+    category notify { transfer_log; };
+};

readme.md

@@ -0,0 +1,7 @@
+213.239.242.238
+213.133.100.103
+193.47.99.3
+
+ns1.first-ns.de.
+robotns2.second-ns.de.
+robotns3.second-ns.com.

whiskeylimahotel.de.zone

@@ -0,0 +1,16 @@
+$TTL 86400
+@   IN  SOA ns1.first-ns.de. admin.whiskeylimahotel.de. (
+        2025102601  ; Serial (YYYYMMDDNN)
+        3600        ; Refresh
+        1800        ; Retry
+        604800      ; Expire
+        86400       ; Minimum TTL
+)
+
+; Name Servers
+@   IN  NS  ns1.first-ns.de.
+@   IN  NS  robotns2.second-ns.de.
+@   IN  NS  robotns3.second-ns.com.
+
+; MX Record
+@   IN  MX  10  home.of.the.smiling-proxy.de.