| Les deux révisions précédentes Révision précédente Prochaine révision | Révision précédente |
| linux:dns [2026/01/02 18:50] – [Unbound] add link phsw | linux:dns [2026/03/13 14:18] (Version actuelle) – [Unbound] add link about how to turn off dnssec phsw |
|---|
| |
| * [[https://calomel.org/nsd_dns.html|NSD DNS Tutorial]] | * [[https://calomel.org/nsd_dns.html|NSD DNS Tutorial]] |
| | * [[https://www.microlinux.fr/blog/debian-13-dnsmasq/|Dnsmasq sur un routeur sous Debian 13]] |
| | |
| |
| |
| * [[https://calomel.org/unbound_dns.html|Unbound DNS Tutorial]] | * [[https://calomel.org/unbound_dns.html|Unbound DNS Tutorial]] |
| * [[https://rtfm.co.ua/en/freebsd-home-nas-part-4-local-dns-with-unbound/|FreeBSD: Home NAS, part 4 – Local DNS with Unbound]] | * [[https://rtfm.co.ua/en/freebsd-home-nas-part-4-local-dns-with-unbound/|FreeBSD: Home NAS, part 4 – Local DNS with Unbound]] |
| | * [[https://wiki.evolix.org/HowtoUnbound|Howto Unbound]] |
| |
| | Unbound ne supporte pas le mécanisme ''NOTIFY'' pour transférer ses zones vers un serveur secondaire. |
| |
| === Gestion du cache === | === Gestion du cache === |
| |
| * [[https://abridge2devnull.com/posts/2016/03/unbound-dns-server-cache-control/|Unbound DNS Server Cache Control]] | * [[https://abridge2devnull.com/posts/2016/03/unbound-dns-server-cache-control/|Unbound DNS Server Cache Control]] |
| | * [[https://www.nlnetlabs.nl/documentation/unbound/howto-turnoff-dnssec/|Howto Turn Off DNSSEC]] |
| |
| Afficher le cache DNS : | Afficher le cache DNS : |
| </code> | </code> |
| |
| | |
| | === Serveur faisant autorité === |
| | |
| | * [[https://www.aricodes.net/posts/unbound-authoritative-zone/|Using Unbound as an Authoritative Nameserver]] |
| | * [[https://troubleshooters.com/linux/unbound_nsd/nsd.htm|NSD, an Authoritative Server to go with Unbound]] |
| | |
| | ''/etc/unbound/unbound.conf'' : |
| | <code> |
| | server: |
| | prefer-ip4: yes |
| | do-ip4: yes |
| | do-ip6: no |
| | hide-identity: yes |
| | hide-version: yes |
| | prefetch: yes |
| | tls-cert-bundle: "/etc/ssl/certs/ca-certificates.crt" |
| | |
| | forward-zone: |
| | name: "." |
| | forward-addr: 192.168.3.53@53 |
| | |
| | auth-zone: |
| | name: g1.t2 |
| | zonefile: /etc/unbound/g1.t2 |
| | </code> |
| | |
| | ''/etc/unbound/g1.t2'' : |
| | <code> |
| | $TTL 3600 ; 1 Hour |
| | $ORIGIN g1.t2. |
| | g1.t2. IN SOA g1.t2. hostmaster.g1.t2. ( |
| | 20250211 ; serial |
| | 10800 ; refresh |
| | 3600 ; retry |
| | 604800 ; expire |
| | 300 ; minimum |
| | ) |
| | @ 1D IN NS g1.t2. |
| | |
| | ns.foo IN A 192.168.2.212 |
| | foo IN NS ns.foo |
| | </code> |
| |
| |
| |
| * [[https://www.bortzmeyer.org/files/jres2009-dnssec-article.pdf|Sécurité du DNS et DNSSEC]] | * [[https://www.bortzmeyer.org/files/jres2009-dnssec-article.pdf|Sécurité du DNS et DNSSEC]] |
| | |
| | |
| | ==== Bind9 ==== |
| | |
| | * https://bind9.readthedocs.io/en/latest/index.html |
| | |
| | * [[https://calomel.org/dns_bind.html|Bind Authoritative Caching DNS with DNSSEC]] |
| | * [[https://wiki.debian.org/fr/Bind9MasterSlave|Bind9MasterSlave]] |
| | * [[https://wiki.debian.org/fr/Bind9|Bind9]] |
| | * [[https://jensd.be/197/linux/basic-master-and-slave-dns-setup-with-bind|Basic master and slave DNS setup with Bind]] |
| | * [[https://computingforgeeks.com/configure-slave-bind-dns-server-on-ubuntu/|Configure Slave BIND DNS Server on Ubuntu 22.04/20.04]] |
| | * [[https://fr.console-linux.com/?p=20940|Configurer le serveur DNS Slave BIND sur Ubuntu 22.04/20.04]] |
| | * [[https://github.com/0xCyberLiTech/DNS]] |
| | * [[https://www.it-connect.fr/dns-avec-bind-9/|Comment installer et configurer un serveur DNS Bind9 sur Debian ?]] |
| | |
| | |
| | === Désactiver DNSSEC === |
| | |
| | [[https://serverfault.com/questions/1058501/bind9-disable-dnssec-validation-on-per-zone-basis|Source]] |
| | |
| | <code> |
| | dnssec-validation no; |
| | </code> |