- added nsd instead of named

- having nsd server a local 'lan' zone (and reverse zone)
author: Andreas Baumann <mail@andreasbaumann.cc> 2016-01-23 20:41:46 +0100
committer: Andreas Baumann <mail@andreasbaumann.cc> 2016-01-23 20:41:46 +0100
commit: 43e45851e0252e752389513211c9a57bda9bb83e (patch)
tree: 0d51ec994360b052521a11884d016bb80f752585 /config
parent: 6ae34b299bb711f63da760e30ba800b05d408555 (diff)
download: OpenBSD-firewall-43e45851e0252e752389513211c9a57bda9bb83e.tar.gz
OpenBSD-firewall-43e45851e0252e752389513211c9a57bda9bb83e.tar.bz2
13 files changed, 51 insertions, 164 deletions
diff --git a/config/obr/named/etc/root.hint b/config/obr/named/etc/root.hint
deleted file mode 100644
index 715a302..0000000
--- a/config/obr/named/etc/root.hint
+++ /dev/null
@@ -1,90 +0,0 @@
-;	$OpenBSD: root.hint,v 1.10 2013/01/03 18:37:19 gonzalo Exp $
-;
-;       This file holds the information on root name servers needed to
-;       initialize cache of Internet domain name servers
-;       (e.g. reference this file in the "cache  .  <file>"
-;       configuration file of BIND domain name servers).
-;
-;       This file is made available by InterNIC 
-;       under anonymous FTP as
-;           file                /domain/named.cache
-;           on server           FTP.INTERNIC.NET
-;       -OR-                    RS.INTERNIC.NET
-;
-;       last update:    Jan 3, 2013
-;       related version of root zone:   2013010300
-;
-; formerly NS.INTERNIC.NET
-;
-.                        3600000  IN  NS    A.ROOT-SERVERS.NET.
-A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
-A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:BA3E::2:30
-;
-; FORMERLY NS1.ISI.EDU
-;
-.                        3600000      NS    B.ROOT-SERVERS.NET.
-B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
-;
-; FORMERLY C.PSI.NET
-;
-.                        3600000      NS    C.ROOT-SERVERS.NET.
-C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
-;
-; FORMERLY TERP.UMD.EDU
-;
-.                        3600000      NS    D.ROOT-SERVERS.NET.
-D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
-D.ROOT-SERVERS.NET.	 3600000      AAAA  2001:500:2D::D
-;
-; FORMERLY NS.NASA.GOV
-;
-.                        3600000      NS    E.ROOT-SERVERS.NET.
-E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
-;
-; FORMERLY NS.ISC.ORG
-;
-.                        3600000      NS    F.ROOT-SERVERS.NET.
-F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
-F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2F::F
-;
-; FORMERLY NS.NIC.DDN.MIL
-;
-.                        3600000      NS    G.ROOT-SERVERS.NET.
-G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
-;
-; FORMERLY AOS.ARL.ARMY.MIL
-;
-.                        3600000      NS    H.ROOT-SERVERS.NET.
-H.ROOT-SERVERS.NET.      3600000      A     128.63.2.53
-H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::803F:235
-;
-; FORMERLY NIC.NORDU.NET
-;
-.                        3600000      NS    I.ROOT-SERVERS.NET.
-I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
-I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7FE::53
-;
-; OPERATED BY VERISIGN, INC.
-;
-.                        3600000      NS    J.ROOT-SERVERS.NET.
-J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
-J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:C27::2:30
-;
-; OPERATED BY RIPE NCC
-;
-.                        3600000      NS    K.ROOT-SERVERS.NET.
-K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
-K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7FD::1
-;
-; OPERATED BY ICANN
-;
-.                        3600000      NS    L.ROOT-SERVERS.NET.
-L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
-L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:3::42
-;
-; OPERATED BY WIDE
-;
-.                        3600000      NS    M.ROOT-SERVERS.NET.
-M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
-M.ROOT-SERVERS.NET.      3600000      AAAA  2001:DC3::35
-; End of File
diff --git a/config/obr/named/standard/localhost b/config/obr/named/standard/localhost
deleted file mode 100644
index 98a4481..0000000
--- a/config/obr/named/standard/localhost
+++ /dev/null
@@ -1,15 +0,0 @@
-; $OpenBSD: db.localhost,v 1.4 2008/01/03 21:20:25 jakob Exp $
-
-$ORIGIN localhost.
-$TTL 6h
-
-@	IN	SOA	localhost. root.localhost. (
-			1	; serial
-			1h	; refresh
-			30m	; retry
-			7d	; expiration
-			1h )	; minimum
-
-		NS	localhost.
-		A	127.0.0.1
-		AAAA	::1
diff --git a/config/obr/named/standard/loopback b/config/obr/named/standard/loopback
deleted file mode 100644
index 2764acb..0000000
--- a/config/obr/named/standard/loopback
+++ /dev/null
@@ -1,14 +0,0 @@
-; $OpenBSD: db.loopback,v 1.4 2008/01/03 21:20:25 jakob Exp $
-
-$ORIGIN 127.in-addr.arpa.
-$TTL 6h
-
-@	IN	SOA	localhost. root.localhost. (
-			1	; serial
-			1h	; refresh
-			30m	; retry
-			7d	; expiration
-			1h )	; minimum
-
-		NS	localhost.
-1.0.0		PTR	localhost.
diff --git a/config/obr/named/standard/loopback6.arpa b/config/obr/named/standard/loopback6.arpa
deleted file mode 100644
index 68d995c..0000000
--- a/config/obr/named/standard/loopback6.arpa
+++ /dev/null
@@ -1,14 +0,0 @@
-; $OpenBSD: db.loopback6.arpa,v 1.5 2009/11/02 21:12:56 jakob Exp $
-
-$ORIGIN 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.
-$TTL 6h
-
-@	IN	SOA	localhost. root.localhost. (
-			1	; serial
-			1h	; refresh
-			30m	; retry
-			7d	; expiration
-			1h )	; minimum
-
-		NS	localhost.
-		PTR	localhost.
diff --git a/config/obr/nsd/db/.gitkeep b/config/obr/nsd/db/.gitkeep
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/config/obr/nsd/db/.gitkeep
diff --git a/config/obr/nsd/etc/nsd.conf b/config/obr/nsd/etc/nsd.conf
new file mode 100644
index 0000000..640de14
--- /dev/null
+++ b/config/obr/nsd/etc/nsd.conf
@@ -0,0 +1,17 @@
+# $OpenBSD: nsd.conf,v 1.11 2015/04/12 11:49:39 sthen Exp $
+
+server:
+	hide-version: yes
+	verbosity: 1
+	ip-address: 0.0.0.0@8053
+
+remote-control:
+	control-enable: yes
+
+zone:
+	name: "lan."
+	zonefile: "lan"
+
+zone:
+	name: "1.168.192.in-addr.arpa."
+	zonefile: "1.168.192.in-addr"
diff --git a/config/obr/nsd/run/.gitkeep b/config/obr/nsd/run/.gitkeep
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/config/obr/nsd/run/.gitkeep
diff --git a/config/obr/nsd/run/xfr/.gitkeep b/config/obr/nsd/run/xfr/.gitkeep
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/config/obr/nsd/run/xfr/.gitkeep
diff --git a/config/obr/nsd/zones/.gitkeep b/config/obr/nsd/zones/.gitkeep
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/config/obr/nsd/zones/.gitkeep
diff --git a/config/obr/named/master/1.168.192.in-addr b/config/obr/nsd/zones/1.168.192.in-addr
index b70945c..b70945c 100644
--- a/config/obr/named/master/1.168.192.in-addr
+++ b/config/obr/nsd/zones/1.168.192.in-addr
diff --git a/config/obr/named/master/lan b/config/obr/nsd/zones/lan
index b0d12b6..b0d12b6 100644
--- a/config/obr/named/master/lan
+++ b/config/obr/nsd/zones/lan
diff --git a/config/obr/rc.services b/config/obr/rc.services
index 8cfa65b..955a803 100644
--- a/config/obr/rc.services
+++ b/config/obr/rc.services
@@ -1,7 +1,8 @@
-echo named: starting Bind name server..
-#cp -R /etc/named /tmp/var/named
-#chown -R root:named /tmp/var/named
-#/usr/sbin/named
+echo nsd: starting authorative name server..
+cp -R /etc/nsd /tmp/var/nsd
+chown -R root:_nsd /tmp/var/nsd/{db,etc,run}
+chmod 0770 /tmp/var/nsd/{db,run,run/xfr}
+/usr/sbin/nsd
 
 echo unbound: starting DNS resolver..
 mkdir /tmp/var/etc
diff --git a/config/obr/unbound/etc/unbound.conf b/config/obr/unbound/etc/unbound.conf
index e5b7d96..cd2d25f 100644
--- a/config/obr/unbound/etc/unbound.conf
+++ b/config/obr/unbound/etc/unbound.conf
@@ -2,6 +2,8 @@
 	
 server:
 	interface: 0.0.0.0
+	do-ip4: yes
+	do-udp: yes
 	do-ip6: no
 
 	access-control: 192.168.1.0/24 allow
@@ -10,11 +12,17 @@ server:
 
 	hide-identity: yes
 	hide-version: yes
+	num-threads: 1
+
+	private-address: 192.168.1.0/24
+	private-address: 127.0.0.0/8
+
+	private-domain: "lan"
 
 	local-zone: "lan." nodefault
-	local-zone: "1.168.192.in-addr.arpa." nodefault
+	local-zone: "168.192.in-addr.arpa." nodefault
 
- 	verbosity: 3
+ 	verbosity: 2
 
 	root-hints: "/etc/root.hints"
 
@@ -24,35 +32,29 @@ remote-control:
 
 stub-zone:
 	name: "lan."
-	stub-addr: 127.0.0.1@8053
+	stub-addr: 192.168.1.1@8053
 
 stub-zone:
 	name: "1.168.192.in-addr.arpa."
-	stub-addr: 127.0.0.1@8053
+	stub-addr: 192.168.1.1@8053
 
-stub-zone:
-	name: "andreasbaumann.cc"
-	stub-addr: 127.0.0.1@8053
+#stub-zone:
+#	name: "andreasbaumann.cc"
+#	stub-addr: 127.0.0.1@8053
 
-stub-zone:
-	name: "maschezuoz.ch"
-	stub-addr: 127.0.0.1@8053
+#stub-zone:
+#	name: "maschezuoz.ch"
+#	stub-addr: 127.0.0.1@8053
 
-stub-zone:
-	name: "bikecentum.com"
-	stub-addr: 127.0.0.1@8053
+#stub-zone:
+#	name: "bikecentum.com"
+#	stub-addr: 127.0.0.1@8053
 
-stub-zone:
-	name: "project-strus.net"
-	stub-addr: 127.0.0.1@8053
-
-
-#
-#forward-zone:
-#	name: "."				# use for ALL queries
-#	forward-addr: 74.82.42.42		# he.net
-#	forward-addr: 2001:470:20::2		# he.net v6
-#	forward-addr: 8.8.8.8			# google.com
-#	forward-addr: 2001:4860:4860::8888	# google.com v6
-#	forward-addr: 208.67.222.222		# opendns.com
-#	forward-first: yes			# try direct if forwarder fails
+#stub-zone:
+#	name: "project-strus.net"
+#	stub-addr: 127.0.0.1@8053
+
+forward-zone:
+	name: "."
+	forward-addr: 194.246.118.118
+	forward-addr: 212.25.28.55
author	Andreas Baumann <mail@andreasbaumann.cc>	2016-01-23 20:41:46 +0100
committer	Andreas Baumann <mail@andreasbaumann.cc>	2016-01-23 20:41:46 +0100
commit	43e45851e0252e752389513211c9a57bda9bb83e (patch)
tree	0d51ec994360b052521a11884d016bb80f752585 /config
parent	6ae34b299bb711f63da760e30ba800b05d408555 (diff)
download	OpenBSD-firewall-43e45851e0252e752389513211c9a57bda9bb83e.tar.gz OpenBSD-firewall-43e45851e0252e752389513211c9a57bda9bb83e.tar.bz2