From 3782cb8ce9639b47a297049c655327e53f38c9f2 Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Wed, 7 Apr 2021 21:39:36 +0200 Subject: [PATCH] saving uncommitted changes in /etc prior to apt run --- .etckeeper | 10 +++ bind/named-acl.conf | 145 ++++++++++++++++++++++++++++++++++ bind/named-dyn.conf | 11 +++ bind/named-log.conf | 87 ++++++++++++++++++++ bind/named-pri.conf | 14 ++++ bind/named-sec.conf | 14 ++++ bind/named.conf | 35 ++++++++ bind/named.conf.default-zones | 10 ++- bind/named.conf.local | 10 ++- bind/named.conf.options | 69 ++++++++++++++-- 10 files changed, 397 insertions(+), 8 deletions(-) create mode 100644 bind/named-acl.conf create mode 100644 bind/named-dyn.conf create mode 100644 bind/named-log.conf create mode 100644 bind/named-pri.conf create mode 100644 bind/named-sec.conf diff --git a/.etckeeper b/.etckeeper index e7073c9..9beebd7 100755 --- a/.etckeeper +++ b/.etckeeper @@ -105,6 +105,16 @@ maybe chmod 0644 'bind/db.127' maybe chmod 0644 'bind/db.255' maybe chmod 0644 'bind/db.empty' maybe chmod 0644 'bind/db.local' +maybe chgrp 'bind' 'bind/named-acl.conf' +maybe chmod 0644 'bind/named-acl.conf' +maybe chgrp 'bind' 'bind/named-dyn.conf' +maybe chmod 0644 'bind/named-dyn.conf' +maybe chgrp 'bind' 'bind/named-log.conf' +maybe chmod 0644 'bind/named-log.conf' +maybe chgrp 'bind' 'bind/named-pri.conf' +maybe chmod 0644 'bind/named-pri.conf' +maybe chgrp 'bind' 'bind/named-sec.conf' +maybe chmod 0644 'bind/named-sec.conf' maybe chgrp 'bind' 'bind/named.conf' maybe chmod 0644 'bind/named.conf' maybe chgrp 'bind' 'bind/named.conf.default-zones' diff --git a/bind/named-acl.conf b/bind/named-acl.conf new file mode 100644 index 0000000..f5feeff --- /dev/null +++ b/bind/named-acl.conf @@ -0,0 +1,145 @@ +//############################################################### +//# Bind9-Konfigurationsdatei - Access-Control-Listen +//# /etc/bind/named-acl.conf +//# +//# Host sarah.uhu-banane.de +//# +//############################################################### + +//############################################################### +//# Access-Control-Listen + +#---------------------------------------- +acl allow-dyn-update { + 46.16.73.175; + 2001:4dd0:ff00:cd3::2; + 188.34.187.246; + 2a01:4f8:c010:80ee::1; + 144.76.221.169; + 2a01:4f8:200:94a8::2; + 138.201.28.135; + 2a01:4f8:171:3006::2; + 185.48.118.128; + 162.254.24.33; + 185.102.95.107; + 2a06:2380:0:1::3a; + 2a02:8109:ae3f:fa04:5604:a6ff:fe38:99f9; + 127.0.0.1; + ::1; +}; + +#---------------------------------------- +acl allow-notify { + 46.16.73.175; + 2001:4dd0:ff00:cd3::2; + 188.34.187.246; + 2a01:4f8:c010:80ee::1; + 144.76.221.169; + 2a01:4f8:200:94a8::2; + 138.201.28.135; + 2a01:4f8:171:3006::2; + 185.48.118.128; + 162.254.24.33; + 185.102.95.107; + 2a06:2380:0:1::3a; + 2a02:8109:ae3f:fa04:5604:a6ff:fe38:99f9; + 127.0.0.1; + ::1; +}; + +#---------------------------------------- +acl allow-recursion { + 46.16.73.175; + 2001:4dd0:ff00:cd3::2; + 188.34.187.246; + 2a01:4f8:c010:80ee::1; + 144.76.221.169; + 2a01:4f8:200:94a8::2; + 185.48.118.128; + 162.254.24.33; + 185.102.95.107; + 2a06:2380:0:1::3a; + 2a02:8109:ae3f:fa04:5604:a6ff:fe38:99f9; + 138.201.28.135; + 138.201.28.184; + 138.201.28.185; + 138.201.28.186; + 2a01:4f8:171:3006::/64; + 127.0.0.0/8; + ::1/128; + fe80::/10; +}; + +#---------------------------------------- +acl also-notify-acwain { + 144.76.221.169; + 2a01:4f8:200:94a8::2; + 2a02:8109:ae3f:fa04:5604:a6ff:fe38:99f9; + 138.201.28.135; + 2a01:4f8:171:3006::2; +}; + +#---------------------------------------- +acl also-notify-boreus { + 195.50.185.7; + 46.189.56.7; + 85.199.64.7; +}; + +#---------------------------------------- +acl also-notify-uhu-banane { + 185.48.118.128; + 162.254.24.33; +}; + +#---------------------------------------- +acl common-allow-transfer { + 195.50.185.7; + 46.189.56.7; + 85.199.64.7; + 46.16.73.175; + 2001:4dd0:ff00:cd3::2; + 188.34.187.246; + 2a01:4f8:c010:80ee::1; + 144.76.221.169; + 2a01:4f8:200:94a8::2; + 138.201.28.135; + 2a01:4f8:171:3006::2; + 185.48.118.128; + 162.254.24.33; + 185.102.95.107; + 2a06:2380:0:1::3a; + 2a02:8109:ae3f:fa04:5604:a6ff:fe38:99f9; + 127.0.0.1; + ::1; +}; + +#---------------------------------------- +acl local-host-ips { + 127.0.0.1/8; + ::1/128; +}; + +#---------------------------------------- +acl local-net-ips { + 127.0.0.0/8; + 10.0.0.0/8; + 172.16.0.0/12; + 192.168.0.0/16; + ::1/128; + fe80::/10; +}; + +#---------------------------------------- +acl private-net-ips { + 10.12.11.0/24; + 46.16.73.175; + 2001:4dd0:ff00:cd3::2; + 2a02:8109:ae3f:fa04:5604:a6ff:fe38:99f9; + 188.34.187.246; + 2a01:4f8:c010:80ee::1; + 185.102.95.107; + 2a06:2380:0:1::3a; +}; + +# vim: ts=4 filetype=named noai diff --git a/bind/named-dyn.conf b/bind/named-dyn.conf new file mode 100644 index 0000000..9b737a8 --- /dev/null +++ b/bind/named-dyn.conf @@ -0,0 +1,11 @@ +//############################################################### +//# Bind9-Konfigurationsdatei - Dynamische Zonen +//# /etc/bind/named-dyn.conf +//# +//# Host helga.uhu-banane.de +//# +//############################################################### + + + +# vim: ts=4 filetype=named noai diff --git a/bind/named-log.conf b/bind/named-log.conf new file mode 100644 index 0000000..c61b561 --- /dev/null +++ b/bind/named-log.conf @@ -0,0 +1,87 @@ +//############################################################### +//# Bind9-Konfigurationsdatei Logging +//# /etc/bind/named-log.conf +//# +//# Host helga.uhu-banane.de +//# +//############################################################### + +//############################################################### +//# Angaben zum Logging + +logging { + + //--------------------------------------- + // Channels + + channel complete_debug { + file "/var/log/bind/complete-debug.log"; + print-category yes; + print-severity yes; + print-time yes; + severity debug 99; + }; + + channel logtofile { + file "/var/log/bind/named.log"; + print-category yes; + print-severity yes; + print-time yes; + severity info; + }; + + channel moderate_debug { + file "/var/log/bind/debug.log"; + print-category yes; + print-severity yes; + print-time yes; + severity debug 1; + }; + + channel query_logging { + file "/var/log/bind/query.log"; + print-time yes; + }; + + channel security_file { + file "/var/log/bind/security.log"; + print-category yes; + print-severity yes; + print-time yes; + severity dynamic; + }; + + channel syslog-warning { + syslog daemon; + severity warning; + }; + + + //--------------------------------------- + // Categories + + category default { + default_debug; + logtofile; + }; + + category general { + logtofile; + syslog-warning; + }; + + category lame-servers { + null; + }; + + category queries { + query_logging; + }; + + category security { + security_file; + }; + +}; + +# vim: ts=4 filetype=named noai diff --git a/bind/named-pri.conf b/bind/named-pri.conf new file mode 100644 index 0000000..f84689d --- /dev/null +++ b/bind/named-pri.conf @@ -0,0 +1,14 @@ +//############################################################### +//# Bind9-Konfigurationsdatei - Primaere Zonen +//# /etc/bind/named-pri.conf +//# +//# Host helga.uhu-banane.de +//# +//############################################################### + +//############################################################### +//# Master-Zonen (Primary) + + + +# vim: ts=4 filetype=named noai diff --git a/bind/named-sec.conf b/bind/named-sec.conf new file mode 100644 index 0000000..5a1bd8e --- /dev/null +++ b/bind/named-sec.conf @@ -0,0 +1,14 @@ +//############################################################### +//# Bind9-Konfigurationsdatei - Sekundaere Zonen +//# /etc/bind/named-sec +//# +//# Host helga.uhu-banane.de +//# +//############################################################### + +//############################################################### +//# Slave-Zonen (Secondary) + + + +# vim: ts=4 filetype=named noai diff --git a/bind/named.conf b/bind/named.conf index 880786a..3dda521 100644 --- a/bind/named.conf +++ b/bind/named.conf @@ -1,3 +1,11 @@ +//############################################################### +//# Bind9-Konfigurationsdatei +//# /etc/bind/named.conf +//# +//# Host helga.uhu-banane.de +//# +//############################################################### + // This is the primary configuration file for the BIND DNS server named. // // Please read /usr/share/doc/bind9/README.Debian.gz for information on the @@ -6,6 +14,33 @@ // // If you are just adding zones, please do that in /etc/bind/named.conf.local +// access control lists +include "/etc/bind/named-acl.conf"; + +// global options include "/etc/bind/named.conf.options"; + +// logging configuration +include "/etc/bind/named-log.conf"; + +// local configuration include "/etc/bind/named.conf.local"; + +// Manual changes (not in Salt) +include "/etc/bind/named.conf.local"; + +// Default zones include "/etc/bind/named.conf.default-zones"; + +// master zones +include "/etc/bind/named-pri.conf"; + +// dynamic zones +include "/etc/bind/named-dyn.conf"; + +// slave zones +include "/etc/bind/named-sec.conf"; + + + +# vim: ts=4 filetype=named noai diff --git a/bind/named.conf.default-zones b/bind/named.conf.default-zones index 1a85ad3..da52008 100644 --- a/bind/named.conf.default-zones +++ b/bind/named.conf.default-zones @@ -1,3 +1,11 @@ +//############################################################### +//# Bind9-Konfigurationsdatei Default zones +//# /etc/bind/named.conf.default-zones +//# +//# Host helga.uhu-banane.de +//# +//############################################################### + // prime the server with knowledge of the root servers zone "." { type hint; @@ -27,4 +35,4 @@ zone "255.in-addr.arpa" { file "/etc/bind/db.255"; }; - +// vim: ts=4 filetype=named noai diff --git a/bind/named.conf.local b/bind/named.conf.local index 7a57b10..7c9776a 100644 --- a/bind/named.conf.local +++ b/bind/named.conf.local @@ -1,8 +1,16 @@ +//# Bind9-Konfigurationsdatei Lokeles Geruempel +//# /etc/bind/named.conf.local +//# +//# Host helga.uhu-banane.de +//# +//############################################################### + // // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization -//include "/etc/bind/zones.rfc1918"; +include "/etc/bind/zones.rfc1918"; +// vim: ts=4 filetype=named noai diff --git a/bind/named.conf.options b/bind/named.conf.options index 4778d18..6a524a7 100644 --- a/bind/named.conf.options +++ b/bind/named.conf.options @@ -1,3 +1,15 @@ +//############################################################### +//# Bind9-Konfigurationsdatei for general options +//# /etc/bind/named.conf.options +//# +//# Host helga.uhu-banane.de +//# +//############################################################### + + +//############################################################### +//# Allgemeine Optionen + options { directory "/var/cache/bind"; @@ -14,11 +26,56 @@ options { // 0.0.0.0; // }; - //======================================================================== - // If BIND logs error messages about the root key being expired, - // you will need to update your keys. See https://www.isc.org/bind-keys - //======================================================================== - dnssec-validation auto; - listen-on-v6 { any; }; + listen-on { any; }; + + allow-notify { + allow-notify; + }; + + allow-recursion { + allow-recursion; + }; + + //======================================================================== + // If BIND logs error messages about the root key being expired, + // you will need to update your keys. See https://www.isc.org/bind-keys + //======================================================================== + //dnssec-enable yes; + dnssec-validation auto; + // dnssec-lookaside auto; + + /* if you have problems and are behind a firewall: */ + //query-source address * port 53; + + // pid-file "/var/run/named/named.pid"; + + version "none"; + +}; + +// Managed Keys +include "/etc/bind/bind.keys"; + +key "dyn-dns-updater" { + algorithm hmac-md5; + secret "gi69Yjzo1OSPVQ/oTTgw+Q=="; +}; + +//############################################################### +//# Kontrollkanäle für RNDC + +include "/etc/bind/rndc.key"; + +controls { + inet 127.0.0.1 port 953 allow { + 127.0.0.1; + ::1/128; + } keys { + "rndc-key"; + }; }; + + +# vim: ts=4 filetype=named noai +// vim: ts=4 filetype=named noai -- 2.39.5