maybe chmod 0755 './bind'
maybe chgrp named './bind/bind.keys'
maybe chmod 0640 './bind/bind.keys'
+maybe chmod 0644 './bind/named-acl.conf'
+maybe chmod 0644 './bind/named-dyn.conf'
+maybe chmod 0644 './bind/named-log.conf'
+maybe chmod 0644 './bind/named-pri.conf'
+maybe chmod 0644 './bind/named-sec.conf'
maybe chgrp named './bind/named.conf'
maybe chmod 0640 './bind/named.conf'
+maybe chgrp named './bind/named.conf.orig'
+maybe chmod 0640 './bind/named.conf.orig'
maybe chgrp named './bind/rndc.key'
maybe chmod 0640 './bind/rndc.key'
maybe chmod 0755 './ca-certificates'
--- /dev/null
+//###############################################################
+//# Bind9-Konfigurationsdatei - Access-Control-Listen
+//# /etc/bind/named-acl.conf
+//#
+//# $Header: /etc/bind/.rcs/named-acl.conf,v 1.8 2011/01/09 18:18:18 root Exp $
+//#
+//# Host Helga
+//#
+//# Generiert am: 26.05.2010
+//# von: frank@brehm-online.com
+//#
+//###############################################################
+
+//###############################################################
+//# Access-Control-Listen
+
+acl common-allow-transfer {
+ 213.20.92.7;
+ 80.154.16.7;
+ 85.199.64.7;
+ 46.16.73.175;
+ 85.214.43.33;
+ 85.214.134.152;
+ 85.214.147.150;
+ 195.50.185.7;
+ 2a01:238:4239:8a00:d4da:215d:3d01:f9b9;
+ 127.0.0.1;
+ ::1;
+ 85.214.134.152;
+ 2a01:238:4225:6e00:8f8c:808a:7fb8:88df;
+ 2001:6f8:1db7::1;
+ 2001:6f8:1c00:365::2;
+};
+
+acl allow-dyn-update {
+ 127.0.0.1;
+ 85.214.134.152;
+ 46.16.73.175;
+};
+
+
+# vim: ts=4 filetype=named noai
--- /dev/null
+//###############################################################
+//# Bind9-Konfigurationsdatei - Dynamische Master-Zonen
+//# /etc/bind/named-dyn.conf
+//#
+//# Host Uhu1
+//#
+//# Generiert am: 26.05.2010
+//# von: frank@brehm-online.com
+//#
+//###############################################################
+
+//###############################################################
+//# dynamische Zonen (sind aber Master)
+
+// Keine!
+
+# vim: ts=4 filetype=named noai
--- /dev/null
+//###############################################################
+//# Bind9-Konfigurationsdatei Logging
+//# /etc/bind/named-log.conf
+//#
+//# Host Uhu1
+//#
+//# Generiert am: 26.05.2010
+//# von: frank@brehm-online.com
+//#
+//###############################################################
+
+//###############################################################
+//# Angaben zum Logging
+
+logging {
+
+ // Kategorien
+
+ category default {
+ default_debug;
+ logtofile;
+ };
+ category general {
+ logtofile;
+ syslog-warning;
+ };
+ category lame-servers {
+ null;
+ };
+ category queries {
+ query_logging;
+ };
+
+ // Kanäle
+
+ channel complete_debug {
+ file "/var/log/bind/complete-debug.log";
+ print-category yes;
+ print-severity yes;
+ print-time yes;
+ severity debug 99;
+ };
+ channel logtofile {
+ file "/var/log/bind/named.log";
+ print-category yes;
+ print-severity yes;
+ print-time yes;
+ severity info;
+ };
+ channel moderate_debug {
+ file "/var/log/bind/debug.log";
+ print-category yes;
+ print-severity yes;
+ print-time yes;
+ severity debug 1;
+ };
+ channel query_logging {
+ file "/var/log/bind/query.log";
+ print-time yes;
+ };
+ channel syslog-warning {
+ syslog daemon;
+ severity warning;
+ };
+
+};
+
+# vim: ts=4 filetype=named noai
--- /dev/null
+//###############################################################
+//# Bind9-Konfigurationsdatei - Primäre Zonen
+//# /etc/bind/named-pri.conf
+//#
+//# Host Uhu1
+//#
+//# Generiert am: 26.05.2010
+//# von: frank@brehm-online.com
+//#
+//###############################################################
+
+//###############################################################
+//# Master-Zonen (Primary)
+
+// Keine!
+
+# vim: ts=4 filetype=named noai
--- /dev/null
+//###############################################################
+//# Bind9-Konfigurationsdatei - Sekundäre Zonen
+//# /etc/bind/named-sec
+//#
+//# Host Uhu1
+//#
+//# Generiert am: 26.05.2010
+//# von: frank@brehm-online.com
+//#
+//###############################################################
+
+//###############################################################
+//# Slave-Zonen (Secondary)
+
+zone "home.brehm-online.com" IN {
+ type slave;
+ file "sec/home.brehm-online.com.zone";
+ masters {
+ 85.214.134.152;
+ };
+ allow-transfer {
+ common-allow-transfer;
+ };
+};
+
+# vim: ts=4 filetype=named noai
+//###############################################################
+//# Bind9-Konfigurationsdatei
+//# /etc/bind/named.conf
+//#
+//# Host Helga
+//#
+//# Generiert am: 26.05.2010
+//# von: frank@brehm-online.com
+//#
+//###############################################################
+
+
/*
* Refer to the named.conf(5) and named(8) man pages, and the documentation
* in /usr/share/doc/bind-9 for more details.
* useless Internet traffic.
*/
-acl "xfer" {
- /* Deny transfers by default except for the listed hosts.
- * If we have other name servers, place them here.
- */
- none;
-};
-
-/*
- * You might put in here some ips which are allowed to use the cache or
- * recursive queries
- */
-acl "trusted" {
- 127.0.0.0/8;
- ::1/128;
-};
+//###############################################################
+//# Allgemeine Optionen
options {
+
directory "/var/bind";
pid-file "/var/run/named/named.pid";
/* https://www.isc.org/solutions/dlv >=bind-9.7.x only */
//bindkeys-file "/etc/bind/bind.keys";
- listen-on-v6 { ::1; };
- listen-on { 127.0.0.1; };
-
- allow-query {
- /*
- * Accept queries from our "trusted" ACL. We will
- * allow anyone to query our master zones below.
- * This prevents us from becoming a free DNS server
- * to the masses.
- */
- trusted;
+ listen-on-v6 {
+ any;
};
-
- allow-query-cache {
- /* Use the cache for the "trusted" ACL. */
- trusted;
- };
-
- allow-recursion {
- /* Only trusted addresses are allowed to use recursion. */
- trusted;
- };
-
- allow-transfer {
- /* Zone tranfers are denied by default. */
- none;
+ listen-on {
+ any;
};
- allow-update {
- /* Don't allow updates, e.g. via nsupdate. */
- none;
- };
-
- /*
- * If you've got a DNS server around at your upstream provider, enter its
- * IP address here, and enable the line below. This will make you benefit
- * from its cache, thus reduce overall DNS traffic in the Internet.
- *
- * Uncomment the following lines to turn on DNS forwarding, and change
- * and/or update the forwarding ip address(es):
- */
-/*
- forward first;
- forwarders {
- // 123.123.123.123; // Your ISP NS
- // 124.124.124.124; // Your ISP NS
- // 4.2.2.1; // Level3 Public DNS
- // 4.2.2.2; // Level3 Public DNS
- 8.8.8.8; // Google Open DNS
- 8.8.4.4; // Google Open DNS
+ allow-notify {
+ 85.214.147.150;
+ 85.214.134.152;
+ 46.16.73.175;
+ 127.0.0.1/8;
+ ::1;
+ 2a01:238:4225:6e00:8f8c:808a:7fb8:88df;
+ 2a01:238:4239:8a00:d4da:215d:3d01:f9b9;
};
-*/
-
//dnssec-enable yes;
//dnssec-validation yes;
/* if you have problems and are behind a firewall: */
//query-source address * port 53;
+
+ // pid-file "/var/run/named/named.pid";
+
+ version "none";
};
/*
};
*/
+// Logging
+include "/etc/bind/named-log.conf";
+
+// Managed Keys
+include "/etc/bind/bind.keys";
+
+//###############################################################
+//# Kontrollkanäle für RNDC
+
include "/etc/bind/rndc.key";
+
controls {
- inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; };
+ inet 127.0.0.1 port 953 allow {
+ 127.0.0.1;
+ ::1/128;
+ } keys {
+ "rndc-key";
+ };
};
+key DYN_DNS_UPDATER {
+ algorithm hmac-md5;
+ secret "gi69Yjzo1OSPVQ/oTTgw+Q==";
+};
+
+// Access-Control-Listen
+include "/etc/bind/named-acl.conf";
+
+//###############################################################
+//# Hint-Zonen (zum Finden der Root-Server)
+
zone "." in {
type hint;
file "/var/bind/root.cache";
notify no;
};
-/*
- * Briefly, a zone which has been declared delegation-only will be effectively
- * limited to containing NS RRs for subdomains, but no actual data beyond its
- * own apex (for example, its SOA RR and apex NS RRset). This can be used to
- * filter out "wildcard" or "synthesized" data from NAT boxes or from
- * authoritative name servers whose undelegated (in-zone) data is of no
- * interest.
- * See http://www.isc.org/software/bind/delegation-only for more info
- */
+//###############################################################
+// Include der Zonendefinitionen
+
+// Master-Zonen
+include "/etc/bind/named-pri.conf";
+
+// Dynamische Zonen
+include "/etc/bind/named-dyn.conf";
+
+// Slave-Zonen
+include "/etc/bind/named-sec.conf";
-//zone "COM" { type delegation-only; };
-//zone "NET" { type delegation-only; };
-
-//zone "YOUR-DOMAIN.TLD" {
-// type master;
-// file "/var/bind/pri/YOUR-DOMAIN.TLD.zone";
-// allow-query { any; };
-// allow-transfer { xfer; };
-//};
-
-//zone "YOUR-SLAVE.TLD" {
-// type slave;
-// file "/var/bind/sec/YOUR-SLAVE.TLD.zone";
-// masters { <MASTER>; };
-
- /* Anybody is allowed to query but transfer should be controlled by the master. */
-// allow-query { any; };
-// allow-transfer { none; };
-
- /* The master should be the only one who notifies the slaves, shouldn't it? */
-// allow-notify { <MASTER>; };
-// notify no;
-//};
+# vim: ts=4 filetype=named noai
--- /dev/null
+/*
+ * Refer to the named.conf(5) and named(8) man pages, and the documentation
+ * in /usr/share/doc/bind-9 for more details.
+ * Online versions of the documentation can be found here:
+ * http://www.isc.org/software/bind/documentation
+ *
+ * If you are going to set up an authoritative server, make sure you
+ * understand the hairy details of how DNS works. Even with simple mistakes,
+ * you can break connectivity for affected parties, or cause huge amounts of
+ * useless Internet traffic.
+ */
+
+acl "xfer" {
+ /* Deny transfers by default except for the listed hosts.
+ * If we have other name servers, place them here.
+ */
+ none;
+};
+
+/*
+ * You might put in here some ips which are allowed to use the cache or
+ * recursive queries
+ */
+acl "trusted" {
+ 127.0.0.0/8;
+ ::1/128;
+};
+
+options {
+ directory "/var/bind";
+ pid-file "/var/run/named/named.pid";
+
+ /* https://www.isc.org/solutions/dlv >=bind-9.7.x only */
+ //bindkeys-file "/etc/bind/bind.keys";
+
+ listen-on-v6 { ::1; };
+ listen-on { 127.0.0.1; };
+
+ allow-query {
+ /*
+ * Accept queries from our "trusted" ACL. We will
+ * allow anyone to query our master zones below.
+ * This prevents us from becoming a free DNS server
+ * to the masses.
+ */
+ trusted;
+ };
+
+ allow-query-cache {
+ /* Use the cache for the "trusted" ACL. */
+ trusted;
+ };
+
+ allow-recursion {
+ /* Only trusted addresses are allowed to use recursion. */
+ trusted;
+ };
+
+ allow-transfer {
+ /* Zone tranfers are denied by default. */
+ none;
+ };
+
+ allow-update {
+ /* Don't allow updates, e.g. via nsupdate. */
+ none;
+ };
+
+ /*
+ * If you've got a DNS server around at your upstream provider, enter its
+ * IP address here, and enable the line below. This will make you benefit
+ * from its cache, thus reduce overall DNS traffic in the Internet.
+ *
+ * Uncomment the following lines to turn on DNS forwarding, and change
+ * and/or update the forwarding ip address(es):
+ */
+/*
+ forward first;
+ forwarders {
+ // 123.123.123.123; // Your ISP NS
+ // 124.124.124.124; // Your ISP NS
+ // 4.2.2.1; // Level3 Public DNS
+ // 4.2.2.2; // Level3 Public DNS
+ 8.8.8.8; // Google Open DNS
+ 8.8.4.4; // Google Open DNS
+ };
+
+*/
+
+ //dnssec-enable yes;
+ //dnssec-validation yes;
+
+ /*
+ * As of bind 9.8.0:
+ * "If the root key provided has expired,
+ * named will log the expiration and validation will not work."
+ */
+ //dnssec-validation auto;
+
+ /* if you have problems and are behind a firewall: */
+ //query-source address * port 53;
+};
+
+/*
+logging {
+ channel default_log {
+ file "/var/log/named/named.log" versions 5 size 50M;
+ print-time yes;
+ print-severity yes;
+ print-category yes;
+ };
+
+ category default { default_log; };
+ category general { default_log; };
+};
+*/
+
+include "/etc/bind/rndc.key";
+controls {
+ inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; };
+};
+
+zone "." in {
+ type hint;
+ file "/var/bind/root.cache";
+};
+
+zone "localhost" IN {
+ type master;
+ file "pri/localhost.zone";
+ notify no;
+};
+
+zone "127.in-addr.arpa" IN {
+ type master;
+ file "pri/127.zone";
+ notify no;
+};
+
+/*
+ * Briefly, a zone which has been declared delegation-only will be effectively
+ * limited to containing NS RRs for subdomains, but no actual data beyond its
+ * own apex (for example, its SOA RR and apex NS RRset). This can be used to
+ * filter out "wildcard" or "synthesized" data from NAT boxes or from
+ * authoritative name servers whose undelegated (in-zone) data is of no
+ * interest.
+ * See http://www.isc.org/software/bind/delegation-only for more info
+ */
+
+//zone "COM" { type delegation-only; };
+//zone "NET" { type delegation-only; };
+
+//zone "YOUR-DOMAIN.TLD" {
+// type master;
+// file "/var/bind/pri/YOUR-DOMAIN.TLD.zone";
+// allow-query { any; };
+// allow-transfer { xfer; };
+//};
+
+//zone "YOUR-SLAVE.TLD" {
+// type slave;
+// file "/var/bind/sec/YOUR-SLAVE.TLD.zone";
+// masters { <MASTER>; };
+
+ /* Anybody is allowed to query but transfer should be controlled by the master. */
+// allow-query { any; };
+// allow-transfer { none; };
+
+ /* The master should be the only one who notifies the slaves, shouldn't it? */
+// allow-notify { <MASTER>; };
+// notify no;
+//};
--- /dev/null
+/etc/init.d/iptables
\ No newline at end of file
--- /dev/null
+/etc/init.d/named
\ No newline at end of file
projects / config / uhu1 / etc.git / commitdiff