BIND (Berkeley Internet Name Domain) is a complete, highly portable implementation of the Domain Name System (DNS) protocol.
The BIND name server, named, can act as an authoritative name server, recursive resolver, DNS forwarder, or all three simultaneously. It implements views for split-horizon DNS, automatic DNSSEC zone signing and key management, catalog zones to facilitate provisioning of zone data throughout a name server constellation, response policy zones (RPZ) to protect clients from malicious data, response rate limiting (RRL) and recursive query limits to reduce distributed denial of service attacks, and many other advanced DNS features. BIND also includes a suite of administrative tools, including the dig and delv DNS lookup tools, nsupdate for dynamic DNS zone updates, rndc for remote name server administration, and more.
include "/etc/bind/named.conf.key";acl internal { 192.168.50.0/24; //LAN IP};acl docker { 172.31.0.0/16; //IP of bind docker network};options { forwarders { 192.168.50.3; //IP of AdGuardHome or PiHole 1.1.1.1; // IP of Cloudflare DNS }; allow-query { internal; docker; }; listen-on-v6 { none; }; // Disable listening on IPv6 directory "/var/cache/bind";};zone "home.<sld>.<tld>" IN { type master; file "/etc/bind/home-<sld>-<tld>.zone"; update-policy { grant tsig-key zonesub any; }; // Allow updating of DNS records using the secret key. Mostly used for terraform.};
Zone file
Change sld and tld to your domain, e.g. example.com. Email uses . instead of @.
containers/bind/config/home-<sld>-<tld>.zone
$ORIGIN .$TTL 172800 ; 2 dayshome.<sld.tld> IN SOA ns1.home.<sld.tld>. example.gmail.com. ( 2024062601 ; serial 43200 ; refresh (12 hours) 900 ; retry (15 minutes) 1814400 ; expire (3 weeks) 7200 ; minimum (2 hours) ) NS ns1.home.<sld.tld>.$ORIGIN home.<sld.tld>.$TTL 3600 ; 1 hourns1 A 192.168.50.6pve1 A 192.168.50.2pve2 A 192.168.50.40router A 192.168.50.1