# Bind
# Install bind9
# You will need to add a glue record under under domains > manage > glue records
# (example in njal.la)
#
# Name IPv4 Address IPv6 Address
# ns1.tuxmail.io 94.158.244.150
#
# Then add a DNS record under DNS Settings > Use custom name servers
# Enter ns1.tuxmail.io in the first nameserver box
#
# Then click the change name servers button
domain_name=tuxmail.io
wireguard_static_ip=94.158.244.150
user1_email_address="user1"
apt update
apt install bind9 bind9utils bind9-doc
# Start on boot
systemctl enable named
# Add version "not currently available"; to /etc/bind/named.conf.options
# // hides version number from clients for security reasons.
sed '/listen-on-v6 { any; };/a\ \tversion "not currently available";' /etc/bind/named.conf.options > /tmp/named.conf.options-2
mv /tmp/named.conf.options-2 /etc/bind/named.conf.options
# Add recursion no; to /etc/bind/named.conf.options
# // disable recursion on authoritative DNS server
sed '/\tversion "not currently available";/a\ \trecursion no;' /etc/bind/named.conf.options > /tmp/named.conf.options-2
mv /tmp/named.conf.options-2 /etc/bind/named.conf.options
# Add querylog yes; to /etc/bind/named.conf.options
# // enable the query log
sed '/\trecursion no;/a\ \tquerylog yes;' /etc/bind/named.conf.options > /tmp/named.conf.options-2
mv /tmp/named.conf.options-2 /etc/bind/named.conf.options
# Add allow-transfer { none; }; to /etc/bind/named.conf.options
# // disallow zone transfer
sed '/\tquerylog yes;/a\ \tallow-transfer { none; };' /etc/bind/named.conf.options > /tmp/named.conf.options-2
mv /tmp/named.conf.options-2 /etc/bind/named.conf.options
# Restart bind
systemctl restart bind9
# Add a zone for your domain name
cat << EOF >> "/etc/bind/named.conf.local"
zone "$domain_name" {
type master;
file "/etc/bind/db.$domain_name";
allow-query { any; };
};
EOF
# Create a zone file for domain name
cat << EOF > "/etc/bind/db.$domain_name"
; Zone file for example.com
\$TTL 1m ;
\$ORIGIN $domain_name. ;
@ IN SOA ns1.$domain_name. user1.$domain_name. (
2019011603 ; serial number
3600 ; refresh
3600 ; retry
604800 ; expire
3600 ) ; negative cache ttl
; Name servers
IN NS ns1.$domain_name.
; MX records
@ IN MX 10 mail.$domain_name.
; A records
www IN A $wireguard_static_ip
postfixadmin IN A $wireguard_static_ip
mail IN A $wireguard_static_ip
ns1 IN A $wireguard_static_ip
IN A $wireguard_static_ip
EOF
# Restart bind
systemctl restart bind9
# Open ports in firewall
ufw allow 53/tcp
ufw allow 53/udp