diff options
author | Andreas Baumann <mail@andreasbaumann.cc> | 2016-01-23 20:41:46 +0100 |
---|---|---|
committer | Andreas Baumann <mail@andreasbaumann.cc> | 2016-01-23 20:41:46 +0100 |
commit | 43e45851e0252e752389513211c9a57bda9bb83e (patch) | |
tree | 0d51ec994360b052521a11884d016bb80f752585 /config | |
parent | 6ae34b299bb711f63da760e30ba800b05d408555 (diff) | |
download | OpenBSD-firewall-43e45851e0252e752389513211c9a57bda9bb83e.tar.gz OpenBSD-firewall-43e45851e0252e752389513211c9a57bda9bb83e.tar.bz2 |
- added nsd instead of named
- having nsd server a local 'lan' zone (and reverse zone)
Diffstat (limited to 'config')
-rw-r--r-- | config/obr/named/etc/root.hint | 90 | ||||
-rw-r--r-- | config/obr/named/standard/localhost | 15 | ||||
-rw-r--r-- | config/obr/named/standard/loopback | 14 | ||||
-rw-r--r-- | config/obr/named/standard/loopback6.arpa | 14 | ||||
-rw-r--r-- | config/obr/nsd/db/.gitkeep | 0 | ||||
-rw-r--r-- | config/obr/nsd/etc/nsd.conf | 17 | ||||
-rw-r--r-- | config/obr/nsd/run/.gitkeep | 0 | ||||
-rw-r--r-- | config/obr/nsd/run/xfr/.gitkeep | 0 | ||||
-rw-r--r-- | config/obr/nsd/zones/.gitkeep | 0 | ||||
-rw-r--r-- | config/obr/nsd/zones/1.168.192.in-addr (renamed from config/obr/named/master/1.168.192.in-addr) | 0 | ||||
-rw-r--r-- | config/obr/nsd/zones/lan (renamed from config/obr/named/master/lan) | 0 | ||||
-rw-r--r-- | config/obr/rc.services | 9 | ||||
-rw-r--r-- | config/obr/unbound/etc/unbound.conf | 56 |
13 files changed, 51 insertions, 164 deletions
diff --git a/config/obr/named/etc/root.hint b/config/obr/named/etc/root.hint deleted file mode 100644 index 715a302..0000000 --- a/config/obr/named/etc/root.hint +++ /dev/null @@ -1,90 +0,0 @@ -; $OpenBSD: root.hint,v 1.10 2013/01/03 18:37:19 gonzalo Exp $ -; -; This file holds the information on root name servers needed to -; initialize cache of Internet domain name servers -; (e.g. reference this file in the "cache . <file>" -; configuration file of BIND domain name servers). -; -; This file is made available by InterNIC -; under anonymous FTP as -; file /domain/named.cache -; on server FTP.INTERNIC.NET -; -OR- RS.INTERNIC.NET -; -; last update: Jan 3, 2013 -; related version of root zone: 2013010300 -; -; formerly NS.INTERNIC.NET -; -. 3600000 IN NS A.ROOT-SERVERS.NET. -A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 -A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30 -; -; FORMERLY NS1.ISI.EDU -; -. 3600000 NS B.ROOT-SERVERS.NET. -B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 -; -; FORMERLY C.PSI.NET -; -. 3600000 NS C.ROOT-SERVERS.NET. -C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 -; -; FORMERLY TERP.UMD.EDU -; -. 3600000 NS D.ROOT-SERVERS.NET. -D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13 -D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D -; -; FORMERLY NS.NASA.GOV -; -. 3600000 NS E.ROOT-SERVERS.NET. -E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 -; -; FORMERLY NS.ISC.ORG -; -. 3600000 NS F.ROOT-SERVERS.NET. -F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 -F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F -; -; FORMERLY NS.NIC.DDN.MIL -; -. 3600000 NS G.ROOT-SERVERS.NET. -G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 -; -; FORMERLY AOS.ARL.ARMY.MIL -; -. 3600000 NS H.ROOT-SERVERS.NET. -H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 -H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235 -; -; FORMERLY NIC.NORDU.NET -; -. 3600000 NS I.ROOT-SERVERS.NET. -I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 -I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FE::53 -; -; OPERATED BY VERISIGN, INC. -; -. 3600000 NS J.ROOT-SERVERS.NET. -J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 -J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30 -; -; OPERATED BY RIPE NCC -; -. 3600000 NS K.ROOT-SERVERS.NET. -K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 -K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1 -; -; OPERATED BY ICANN -; -. 3600000 NS L.ROOT-SERVERS.NET. -L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 -L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42 -; -; OPERATED BY WIDE -; -. 3600000 NS M.ROOT-SERVERS.NET. -M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 -M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35 -; End of File diff --git a/config/obr/named/standard/localhost b/config/obr/named/standard/localhost deleted file mode 100644 index 98a4481..0000000 --- a/config/obr/named/standard/localhost +++ /dev/null @@ -1,15 +0,0 @@ -; $OpenBSD: db.localhost,v 1.4 2008/01/03 21:20:25 jakob Exp $ - -$ORIGIN localhost. -$TTL 6h - -@ IN SOA localhost. root.localhost. ( - 1 ; serial - 1h ; refresh - 30m ; retry - 7d ; expiration - 1h ) ; minimum - - NS localhost. - A 127.0.0.1 - AAAA ::1 diff --git a/config/obr/named/standard/loopback b/config/obr/named/standard/loopback deleted file mode 100644 index 2764acb..0000000 --- a/config/obr/named/standard/loopback +++ /dev/null @@ -1,14 +0,0 @@ -; $OpenBSD: db.loopback,v 1.4 2008/01/03 21:20:25 jakob Exp $ - -$ORIGIN 127.in-addr.arpa. -$TTL 6h - -@ IN SOA localhost. root.localhost. ( - 1 ; serial - 1h ; refresh - 30m ; retry - 7d ; expiration - 1h ) ; minimum - - NS localhost. -1.0.0 PTR localhost. diff --git a/config/obr/named/standard/loopback6.arpa b/config/obr/named/standard/loopback6.arpa deleted file mode 100644 index 68d995c..0000000 --- a/config/obr/named/standard/loopback6.arpa +++ /dev/null @@ -1,14 +0,0 @@ -; $OpenBSD: db.loopback6.arpa,v 1.5 2009/11/02 21:12:56 jakob Exp $ - -$ORIGIN 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. -$TTL 6h - -@ IN SOA localhost. root.localhost. ( - 1 ; serial - 1h ; refresh - 30m ; retry - 7d ; expiration - 1h ) ; minimum - - NS localhost. - PTR localhost. diff --git a/config/obr/nsd/db/.gitkeep b/config/obr/nsd/db/.gitkeep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/config/obr/nsd/db/.gitkeep diff --git a/config/obr/nsd/etc/nsd.conf b/config/obr/nsd/etc/nsd.conf new file mode 100644 index 0000000..640de14 --- /dev/null +++ b/config/obr/nsd/etc/nsd.conf @@ -0,0 +1,17 @@ +# $OpenBSD: nsd.conf,v 1.11 2015/04/12 11:49:39 sthen Exp $ + +server: + hide-version: yes + verbosity: 1 + ip-address: 0.0.0.0@8053 + +remote-control: + control-enable: yes + +zone: + name: "lan." + zonefile: "lan" + +zone: + name: "1.168.192.in-addr.arpa." + zonefile: "1.168.192.in-addr" diff --git a/config/obr/nsd/run/.gitkeep b/config/obr/nsd/run/.gitkeep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/config/obr/nsd/run/.gitkeep diff --git a/config/obr/nsd/run/xfr/.gitkeep b/config/obr/nsd/run/xfr/.gitkeep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/config/obr/nsd/run/xfr/.gitkeep diff --git a/config/obr/nsd/zones/.gitkeep b/config/obr/nsd/zones/.gitkeep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/config/obr/nsd/zones/.gitkeep diff --git a/config/obr/named/master/1.168.192.in-addr b/config/obr/nsd/zones/1.168.192.in-addr index b70945c..b70945c 100644 --- a/config/obr/named/master/1.168.192.in-addr +++ b/config/obr/nsd/zones/1.168.192.in-addr diff --git a/config/obr/named/master/lan b/config/obr/nsd/zones/lan index b0d12b6..b0d12b6 100644 --- a/config/obr/named/master/lan +++ b/config/obr/nsd/zones/lan diff --git a/config/obr/rc.services b/config/obr/rc.services index 8cfa65b..955a803 100644 --- a/config/obr/rc.services +++ b/config/obr/rc.services @@ -1,7 +1,8 @@ -echo named: starting Bind name server.. -#cp -R /etc/named /tmp/var/named -#chown -R root:named /tmp/var/named -#/usr/sbin/named +echo nsd: starting authorative name server.. +cp -R /etc/nsd /tmp/var/nsd +chown -R root:_nsd /tmp/var/nsd/{db,etc,run} +chmod 0770 /tmp/var/nsd/{db,run,run/xfr} +/usr/sbin/nsd echo unbound: starting DNS resolver.. mkdir /tmp/var/etc diff --git a/config/obr/unbound/etc/unbound.conf b/config/obr/unbound/etc/unbound.conf index e5b7d96..cd2d25f 100644 --- a/config/obr/unbound/etc/unbound.conf +++ b/config/obr/unbound/etc/unbound.conf @@ -2,6 +2,8 @@ server: interface: 0.0.0.0 + do-ip4: yes + do-udp: yes do-ip6: no access-control: 192.168.1.0/24 allow @@ -10,11 +12,17 @@ server: hide-identity: yes hide-version: yes + num-threads: 1 + + private-address: 192.168.1.0/24 + private-address: 127.0.0.0/8 + + private-domain: "lan" local-zone: "lan." nodefault - local-zone: "1.168.192.in-addr.arpa." nodefault + local-zone: "168.192.in-addr.arpa." nodefault - verbosity: 3 + verbosity: 2 root-hints: "/etc/root.hints" @@ -24,35 +32,29 @@ remote-control: stub-zone: name: "lan." - stub-addr: 127.0.0.1@8053 + stub-addr: 192.168.1.1@8053 stub-zone: name: "1.168.192.in-addr.arpa." - stub-addr: 127.0.0.1@8053 + stub-addr: 192.168.1.1@8053 -stub-zone: - name: "andreasbaumann.cc" - stub-addr: 127.0.0.1@8053 +#stub-zone: +# name: "andreasbaumann.cc" +# stub-addr: 127.0.0.1@8053 -stub-zone: - name: "maschezuoz.ch" - stub-addr: 127.0.0.1@8053 +#stub-zone: +# name: "maschezuoz.ch" +# stub-addr: 127.0.0.1@8053 -stub-zone: - name: "bikecentum.com" - stub-addr: 127.0.0.1@8053 +#stub-zone: +# name: "bikecentum.com" +# stub-addr: 127.0.0.1@8053 -stub-zone: - name: "project-strus.net" - stub-addr: 127.0.0.1@8053 - - -# -#forward-zone: -# name: "." # use for ALL queries -# forward-addr: 74.82.42.42 # he.net -# forward-addr: 2001:470:20::2 # he.net v6 -# forward-addr: 8.8.8.8 # google.com -# forward-addr: 2001:4860:4860::8888 # google.com v6 -# forward-addr: 208.67.222.222 # opendns.com -# forward-first: yes # try direct if forwarder fails +#stub-zone: +# name: "project-strus.net" +# stub-addr: 127.0.0.1@8053 + +forward-zone: + name: "." + forward-addr: 194.246.118.118 + forward-addr: 212.25.28.55 |