From 0bf1eb66694289608b11b53c96e63af8d0456dcb Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Tue, 19 Dec 2023 14:38:32 +0100 Subject: added unbound sample config to firewall-test --- config/firewall-test/unbound/etc/root.hints | 39 ++++++++++++++++ config/firewall-test/unbound/etc/unbound.conf | 65 +++++++++++++++++++++++++++ 2 files changed, 104 insertions(+) create mode 100644 config/firewall-test/unbound/etc/root.hints create mode 100644 config/firewall-test/unbound/etc/unbound.conf diff --git a/config/firewall-test/unbound/etc/root.hints b/config/firewall-test/unbound/etc/root.hints new file mode 100644 index 0000000..f752a83 --- /dev/null +++ b/config/firewall-test/unbound/etc/root.hints @@ -0,0 +1,39 @@ +. 3600000 IN NS a.root-servers.net. +. 3600000 IN NS b.root-servers.net. +. 3600000 IN NS c.root-servers.net. +. 3600000 IN NS d.root-servers.net. +. 3600000 IN NS e.root-servers.net. +. 3600000 IN NS f.root-servers.net. +. 3600000 IN NS g.root-servers.net. +. 3600000 IN NS h.root-servers.net. +. 3600000 IN NS i.root-servers.net. +. 3600000 IN NS j.root-servers.net. +. 3600000 IN NS k.root-servers.net. +. 3600000 IN NS l.root-servers.net. +. 3600000 IN NS m.root-servers.net. +a.root-servers.net. 3600000 IN A 198.41.0.4 +a.root-servers.net. 3600000 IN AAAA 2001:503:ba3e:0:0:0:2:30 +b.root-servers.net. 3600000 IN A 199.9.14.201 +b.root-servers.net. 3600000 IN AAAA 2001:500:200:0:0:0:0:b +c.root-servers.net. 3600000 IN A 192.33.4.12 +c.root-servers.net. 3600000 IN AAAA 2001:500:2:0:0:0:0:c +d.root-servers.net. 3600000 IN A 199.7.91.13 +d.root-servers.net. 3600000 IN AAAA 2001:500:2d:0:0:0:0:d +e.root-servers.net. 3600000 IN A 192.203.230.10 +e.root-servers.net. 3600000 IN AAAA 2001:500:a8:0:0:0:0:e +f.root-servers.net. 3600000 IN A 192.5.5.241 +f.root-servers.net. 3600000 IN AAAA 2001:500:2f:0:0:0:0:f +g.root-servers.net. 3600000 IN A 192.112.36.4 +g.root-servers.net. 3600000 IN AAAA 2001:500:12:0:0:0:0:d0d +h.root-servers.net. 3600000 IN A 198.97.190.53 +h.root-servers.net. 3600000 IN AAAA 2001:500:1:0:0:0:0:53 +i.root-servers.net. 3600000 IN A 192.36.148.17 +i.root-servers.net. 3600000 IN AAAA 2001:7fe:0:0:0:0:0:53 +j.root-servers.net. 3600000 IN A 192.58.128.30 +j.root-servers.net. 3600000 IN AAAA 2001:503:c27:0:0:0:2:30 +k.root-servers.net. 3600000 IN A 193.0.14.129 +k.root-servers.net. 3600000 IN AAAA 2001:7fd:0:0:0:0:0:1 +l.root-servers.net. 3600000 IN A 199.7.83.42 +l.root-servers.net. 3600000 IN AAAA 2001:500:9f:0:0:0:0:42 +m.root-servers.net. 3600000 IN A 202.12.27.33 +m.root-servers.net. 3600000 IN AAAA 2001:dc3:0:0:0:0:0:35 diff --git a/config/firewall-test/unbound/etc/unbound.conf b/config/firewall-test/unbound/etc/unbound.conf new file mode 100644 index 0000000..86bc776 --- /dev/null +++ b/config/firewall-test/unbound/etc/unbound.conf @@ -0,0 +1,65 @@ +# $OpenBSD: unbound.conf,v 1.5 2015/07/19 17:29:42 sthen Exp $ + +server: + interface: 127.0.0.1@53 + interface: 192.168.0.1@53 + do-ip4: yes + do-udp: yes + do-ip6: no + + access-control: 192.168.0.0/24 allow + access-control: 192.168.10.0/24 allow + access-control: 192.168.20.0/24 allow + access-control: 192.168.30.0/24 allow + access-control: 127.0.0.0/8 allow + access-control: 0.0.0.0/0 refuse + + hide-identity: yes + hide-version: yes + num-threads: 1 + + private-address: 192.168.0.0/24 + private-address: 192.168.10.0/24 + private-address: 192.168.20.0/24 + private-address: 192.168.30.0/24 + private-address: 127.0.0.0/8 + + private-domain: "eurospider.ch" + + local-zone: "lan." nodefault + local-zone: "168.192.in-addr.arpa." nodefault + + verbosity: 0 + + root-hints: "/etc/root.hints" + + do-not-query-localhost: no + +remote-control: + control-enable: yes + control-interface: 127.0.0.1 + +stub-zone: + name: "eurospider.ch." + stub-addr: 192.168.0.11 + +stub-zone: + name: "0.168.192.in-addr.arpa." + stub-addr: 192.168.0.11 + +stub-zone: + name: "10.168.192.in-addr.arpa." + stub-addr: 192.168.0.11 + +stub-zone: + name: "20.168.192.in-addr.arpa." + stub-addr: 192.168.0.11 + +stub-zone: + name: "30.168.192.in-addr.arpa." + stub-addr: 192.168.0.11 + +forward-zone: + name: "." + forward-addr: 62.12.130.66 + forward-addr: 193.246.253.10 -- cgit v1.2.3-54-g00ecf