separate key

generate-tsig-key.sh

@@ -1,18 +0,0 @@
-#!/bin/bash
-
-# Script to generate TSIG key for BIND
-
-echo "Generating TSIG key for secure zone transfers..."
-
-# Generate a new TSIG key
-tsig-keygen -a HMAC-SHA256 transfer-key > /etc/named/transfer-key.conf
-
-echo "TSIG key generated and saved to /etc/named/transfer-key.conf"
-echo ""
-echo "To use this key:"
-echo "1. Include the key file in your named.conf with: include \"/etc/named/transfer-key.conf\";"
-echo "2. Copy the key to all secondary servers"
-echo "3. Configure secondary servers to use the same key"
-echo ""
-echo "Key content:"
-cat /etc/named/transfer-key.conf

generate-zones.sh

@@ -1,36 +0,0 @@
-#!/bin/bash
-
-# Script to generate zone configurations
-
-ZONES_FILE="/etc/named/zones.conf"
-ZONES_DIR="/var/named"
-
-# List of domains
-DOMAINS=(
-    "whiskeylimahotel.de"
-    "example.com"
-    "test.org"
-)
-
-echo "// Auto-generated zone configurations" > $ZONES_FILE
-echo "// Generated on $(date)" >> $ZONES_FILE
-echo "" >> $ZONES_FILE
-
-for domain in "${DOMAINS[@]}"; do
-    cat >> $ZONES_FILE << EOF
-zone "$domain" {
-    type master;
-    file "$domain.zone";
-    allow-transfer { secondaries; };
-    notify yes;
-    also-notify {
-        213.239.242.238;
-        213.133.100.103;
-        193.47.99.3;
-    };
-};
-
-EOF
-done
-
-echo "Zone configurations generated in $ZONES_FILE"

named.conf

@@ -28,11 +28,8 @@ options {
     allow-transfer { none; };
 };
 
-// TSIG Key for secure transfers
-key "transfer-key" {
-    algorithm hmac-sha256;
-    secret "REPLACE_WITH_YOUR_BASE64_ENCODED_KEY";
-};
+// TSIG Key for secure transfers (loaded from separate file)
+include "/etc/named/keys/transfer-key.conf";
 
 // ACL for secondary servers
 acl "secondaries" {

transfer-key.conf

@@ -0,0 +1,7 @@
+// TSIG Key Configuration
+// This file should have restricted permissions (600, owned by named user)
+
+key "transfer-key" {
+    algorithm hmac-sha256;
+    secret "REPLACE_WITH_YOUR_BASE64_ENCODED_KEY";
+};