diff options
| author | Andreas Baumann <mail@andreasbaumann.cc> | 2016-01-23 14:34:45 +0100 |
|---|---|---|
| committer | Andreas Baumann <mail@andreasbaumann.cc> | 2016-01-23 14:34:45 +0100 |
| commit | f58b27b8673a3cdb21092823b6685e83448e1556 (patch) | |
| tree | 0ccafa78f338c387adaa66db1dacbaa30f28a995 /config | |
| parent | 0b18e19e1082ababd6f651e71001efec73713597 (diff) | |
| download | OpenBSD-firewall-f58b27b8673a3cdb21092823b6685e83448e1556.tar.gz OpenBSD-firewall-f58b27b8673a3cdb21092823b6685e83448e1556.tar.bz2 | |
added unbound (prelimiary)
Diffstat (limited to 'config')
| -rw-r--r-- | config/obr/rc.services | 9 | ||||
| -rw-r--r-- | config/obr/unbound/db/.gitkeep | 0 | ||||
| -rw-r--r-- | config/obr/unbound/etc/unbound.conf | 54 |
3 files changed, 62 insertions, 1 deletions
diff --git a/config/obr/rc.services b/config/obr/rc.services index 5f939ec..8cfa65b 100644 --- a/config/obr/rc.services +++ b/config/obr/rc.services @@ -1,5 +1,12 @@ echo named: starting Bind name server.. -/usr/sbin/named +#cp -R /etc/named /tmp/var/named +#chown -R root:named /tmp/var/named +#/usr/sbin/named + +echo unbound: starting DNS resolver.. +mkdir /tmp/var/etc +cp -R /etc/unbound /tmp/var/unbound +/usr/sbin/unbound echo dhcp: starting DHCP server... touch /var/db/dhcpd.leases diff --git a/config/obr/unbound/db/.gitkeep b/config/obr/unbound/db/.gitkeep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/config/obr/unbound/db/.gitkeep diff --git a/config/obr/unbound/etc/unbound.conf b/config/obr/unbound/etc/unbound.conf new file mode 100644 index 0000000..2a1201a --- /dev/null +++ b/config/obr/unbound/etc/unbound.conf @@ -0,0 +1,54 @@ +# $OpenBSD: unbound.conf,v 1.5 2015/07/19 17:29:42 sthen Exp $ + +server: + interface: 0.0.0.0 + do-ip6: no + + access-control: 192.168.1.0/24 allow + access-control: 127.0.0.0/8 allow + access-control: 0.0.0.0/0 refuse + + hide-identity: yes + hide-version: yes + + local-zone: "lan." nodefault + local-zone: "1.168.192.in-addr.arpa." nodefault + +remote-control: + control-enable: yes + control-interface: 127.0.0.1 + +stub-zone: + name: "lan." + stub-addr: 127.0.0.1@8053 + +stub-zone: + name: "1.168.192.in-addr.arpa." + stub-addr: 127.0.0.1@8053 + +stub-zone: + name: "andreasbaumann.cc" + stub-addr: 127.0.0.1@8053 + +stub-zone: + name: "maschezuoz.ch" + stub-addr: 127.0.0.1@8053 + +stub-zone: + name: "bikecentum.com" + stub-addr: 127.0.0.1@8053 + +stub-zone: + name: "project-strus.net" + stub-addr: 127.0.0.1@8053 + + +# +#forward-zone: +# name: "." # use for ALL queries +# forward-addr: 74.82.42.42 # he.net +# forward-addr: 2001:470:20::2 # he.net v6 +# forward-addr: 8.8.8.8 # google.com +# forward-addr: 2001:4860:4860::8888 # google.com v6 +# forward-addr: 208.67.222.222 # opendns.com +# forward-first: yes # try direct if forwarder fails |