vexim · hotstepper13 · Mar 12, 2016 · Mar 12, 2016
diff --git a/docs/bind_configuration/README.md b/docs/bind_configuration/README.md
@@ -0,0 +1,80 @@
+# Virtual Exim 2
+## Optional: Caching DNS daemon to use with DNSBL
+
+In order to make use of DNSBL you mostly need your own caching dns server in order to have now issues with rate limits for free usage.
+If you are hosting within a datacenter with other customers, your povider might provide you with an dns server. Because this dns server is shared for all customers, the rate limit get exhausted rapidly.
+
+To install you own caching dns server install the following package (on Ubuntu, names on other distributions may differ):
+```
+sudo apt-get install bind9 
+```
+
+If you want your dns server to log things, you need to create the directory by yourself (normally dns is a very silent thing)
+Hint: You may change the name of the directory but be sure to change the configuration file to the same directory
+```
+sudo mkdir /var/log/named
+sudo chown bind:bind /var/log/named
+```
+
+Now copy the named.conf.options file from this directory to /etc/bind 
+
+Restart your DNS server
+```
+sudo /etc/init.d/bind9 restart
+```
+
+Last this is to update your */etc/resolv.conf*.
+Ensure that only your own dns server is listed, multiple entries are used round robin
+Example:
+```
+nameserver 127.0.0.1
+#nameserver <ipv6::goes:here>
+```
+
+If you want to use IPv6, uncomment the second line and enter your local IPv6 address.
+
+To check if everything is working use the following commands:
+
+For IPv4:
+```
+host ipv4.google.com
+nslookup ipv4.google.com
+```
+
+For IPv6:
+```
+host ipv6.google.com
+nslookup ipv6.google.com
+```
+
+Sample output for comparison:
+```
+you@your-server ~ # host ipv4.google.com
+ipv4.google.com is an alias for ipv4.l.google.com.
+ipv4.l.google.com has address 216.58.214.142
+root@your-server ~ # nslookup ipv4.google.com
+Server:         127.0.0.1
+Address:        127.0.0.1#53
+
+Non-authoritative answer:
+ipv4.google.com canonical name = ipv4.l.google.com.
+Name:   ipv4.l.google.com
+Address: 216.58.214.142
+
+you@your-server ~ # host ipv6.google.com
+ipv6.google.com is an alias for ipv6.l.google.com.
+ipv6.l.google.com has IPv6 address 2a00:1450:4001:813::200e
+you@your-server ~ # nslookup ipv6.google.com
+Server:         127.0.0.1
+Address:        127.0.0.1#53
+
+Non-authoritative answer:
+ipv6.google.com canonical name = ipv6.l.google.com.
+```
+
+
+
+
+
+
+
diff --git a/docs/bind_configuration/named.conf.options b/docs/bind_configuration/named.conf.options
@@ -0,0 +1,154 @@
+// Define who should be able to use your dns server
+//
+// Limit it to local addresses, otherwise you may need to enhance security
+acl goodclients {
+    localhost;
+    127.0.0.1;
+};
+
+// If you dont want logging, you may remove the complete next paragraph
+// it might be needed to create the directory by yourself
+//
+// To do so, execute the following two commands on your server
+//
+// mkdir /var/log/named
+// chown bind:bind /var/log/named
+
+logging {
+    channel default_file {
+        file "/var/log/named/default.log" versions 3 size 5m;
+        severity dynamic;
+        print-time yes;
+    };
+    channel general_file {
+        file "/var/log/named/general.log" versions 3 size 5m;
+        severity dynamic;
+        print-time yes;
+    };
+    channel database_file {
+        file "/var/log/named/database.log" versions 3 size 5m;
+        severity dynamic;
+        print-time yes;
+    };
+    channel security_file {
+        file "/var/log/named/security.log" versions 3 size 5m;
+        severity dynamic;
+        print-time yes;
+    };
+    channel config_file {
+        file "/var/log/named/config.log" versions 3 size 5m;
+        severity dynamic;
+        print-time yes;
+    };
+    channel resolver_file {
+        file "/var/log/named/resolver.log" versions 3 size 5m;
+        severity dynamic;
+        print-time yes;
+    };
+    channel xfer-in_file {
+        file "/var/log/named/xfer-in.log" versions 3 size 5m;
+        severity dynamic;
+        print-time yes;
+    };
+    channel xfer-out_file {
+        file "/var/log/named/xfer-out.log" versions 3 size 5m;
+        severity dynamic;
+        print-time yes;
+    };
+    channel notify_file {
+        file "/var/log/named/notify.log" versions 3 size 5m;
+        severity dynamic;
+        print-time yes;
+    };
+    channel client_file {
+        file "/var/log/named/client.log" versions 3 size 5m;
+        severity dynamic;
+        print-time yes;
+    };
+    channel unmatched_file {
+        file "/var/log/named/unmatched.log" versions 3 size 5m;
+        severity dynamic;
+        print-time yes;
+    };
+    channel queries_file {
+        file "/var/log/named/queries.log" versions 3 size 5m;
+        severity dynamic;
+        print-time yes;
+    };
+    channel network_file {
+        file "/var/log/named/network.log" versions 3 size 5m;
+        severity dynamic;
+        print-time yes;
+    };
+    channel update_file {
+        file "/var/log/named/update.log" versions 3 size 5m;
+        severity dynamic;
+        print-time yes;
+    };
+    channel dispatch_file {
+        file "/var/log/named/dispatch.log" versions 3 size 5m;
+        severity dynamic;
+        print-time yes;
+    };
+    channel dnssec_file {
+        file "/var/log/named/dnssec.log" versions 3 size 5m;
+        severity dynamic;
+        print-time yes;
+    };
+    channel lame-servers_file {
+        file "/var/log/named/lame-servers.log" versions 3 size 5m;
+        severity dynamic;
+        print-time yes;
+    };
+
+    category default { default_file; };
+    category general { general_file; };
+    category database { database_file; };
+    category security { security_file; };
+    category config { config_file; };
+    category resolver { resolver_file; };
+    category xfer-in { xfer-in_file; };
+    category xfer-out { xfer-out_file; };
+    category notify { notify_file; };
+    category client { client_file; };
+    category unmatched { unmatched_file; };
+    category queries { queries_file; };
+    category network { network_file; };
+    category update { update_file; };
+    category dispatch { dispatch_file; };
+    category dnssec { dnssec_file; };
+    category lame-servers { lame-servers_file; };
+};
+
+options {
+        directory "/var/cache/bind";
+
+        recursion yes;
+        allow-query { goodclients; };
+
+        // If there is a firewall between you and nameservers you want
+        // to talk to, you may need to fix the firewall to allow multiple
+        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+        // If your ISP provided one or more IP addresses for stable
+        // nameservers, you probably want to use them as forwarders.
+        // Uncomment the following block, and insert the addresses replacing
+        // the all-0's placeholder.
+
+        // DO NOT USE if you want to use DNSBL as you would share the rates
+        // with other people who use your providers DNS!
+
+        // forwarders {
+        //      0.0.0.0;
+        // };
+
+        //========================================================================
+        // If BIND logs error messages about the root key being expired,
+        // you will need to update your keys.  See https://www.isc.org/bind-keys
+        //========================================================================
+        dnssec-validation auto;
+
+        auth-nxdomain no;    # conform to RFC1035
+        //Disable the following if you dont want IPv6 support
+        listen-on-v6 { any; };
+};