saving uncommitted changes in /etc prior to apt run

diff --git a/bind/bind.keys b/bind/bind.keys
index 6d4217f1a6d6494dd15ef89ddf88b8859d2be8bb..5e5a32ba9c7bd60733860ebcb7b1bebf4c25ae6a 100644 (file)
--- a/bind/bind.keys
+++ b/bind/bind.keys
@@ -4,30 +4,42 @@
 # be configured elsewhere; if they are configured here, they will not be
 # recognized or used by named.
 #
-# To use the built-in root key, set "dnssec-validation auto;" in the
-# named.conf options, or else leave "dnssec-validation" unset.  If
-# "dnssec-validation" is set to "yes", then the keys in this file are
-# ignored; keys will need to be explicitly configured in named.conf for
-# validation to work.  "auto" is the default setting, unless named is
-# built with "configure --disable-auto-validation", in which case the
-# default is "yes".
+# The built-in trust anchors are provided for convenience of configuration.
+# They are not activated within named.conf unless specifically switched on.
+# To use the built-in key, use "dnssec-validation auto;" in the
+# named.conf options.  Without this option being set, the keys in this
+# file are ignored.
 #
 # This file is NOT expected to be user-configured.
 #
-# Servers being set up for the first time can use the contents of this file
-# as initializing keys; thereafter, the keys in the managed key database
-# will be trusted and maintained automatically.
+# These keys are current as of October 2017.  If any key fails to
+# initialize correctly, it may have expired.  In that event you should
+# replace this file with a current version.  The latest version of
+# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
 #
-# These keys are current as of Mar 2019.  If any key fails to initialize
-# correctly, it may have expired.  In that event you should replace this
-# file with a current version.  The latest version of bind.keys can always
-# be obtained from ISC at https://www.isc.org/bind-keys.
-#
-# See https://data.iana.org/root-anchors/root-anchors.xml for current trust
-# anchor information for the root zone.
+# See https://data.iana.org/root-anchors/root-anchors.xml
+# for current trust anchor information for the root zone.
+
+managed-keys {
+        # This key (19036) is to be phased out starting in 2017. It will
+        # remain in the root zone for some time after its successor key
+        # has been added. It will remain this file until it is removed from
+        # the root zone.
+        . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
+                FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
+                bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
+                X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
+                W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
+                Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
+                QxA+Uk1ihz0=";
 
-trust-anchors {
         # This key (20326) was published in the root zone in 2017.
+        # Servers which were already using the old key (19036) should
+        # roll seamlessly to this new one via RFC 5011 rollover. Servers
+        # being set up for the first time can use the contents of this
+        # file as initializing keys; thereafter, the keys in the
+        # managed key database will be trusted and maintained
+        # automatically.
         . initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
                 +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
                 ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF

diff --git a/bind/named-acl.conf b/bind/named-acl.conf
index 4f643bb361e6e9e2eb567d319d90dee3d2f39299..28ffc707a44f2f3ecf02e5f640b827518c1cd018 100644 (file)
--- a/bind/named-acl.conf
+++ b/bind/named-acl.conf
@@ -11,14 +11,8 @@
 
 #----------------------------------------
 acl allow-dyn-update {
-       46.16.73.175;
-       2001:4dd0:ff00:cd3::2;
        188.34.187.246;
        2a01:4f8:c010:80ee::1;
-       144.76.221.169;
-       2a01:4f8:200:94a8::2;
-       138.201.28.135;
-       2a01:4f8:171:3006::2;
        185.48.118.128;
        162.254.24.33;
        185.102.95.107;
@@ -30,14 +24,8 @@ acl allow-dyn-update {
 
 #----------------------------------------
 acl allow-notify {
-       46.16.73.175;
-       2001:4dd0:ff00:cd3::2;
        188.34.187.246;
        2a01:4f8:c010:80ee::1;
-       144.76.221.169;
-       2a01:4f8:200:94a8::2;
-       138.201.28.135;
-       2a01:4f8:171:3006::2;
        185.48.118.128;
        162.254.24.33;
        185.102.95.107;
@@ -49,22 +37,13 @@ acl allow-notify {
 
 #----------------------------------------
 acl allow-recursion {
-       46.16.73.175;
-       2001:4dd0:ff00:cd3::2;
        188.34.187.246;
        2a01:4f8:c010:80ee::1;
-       144.76.221.169;
-       2a01:4f8:200:94a8::2;
        185.48.118.128;
        162.254.24.33;
        185.102.95.107;
        2a06:2380:0:1::3a;
        2a02:8109:ae3f:fa04:5604:a6ff:fe38:99f9;
-       138.201.28.135;
-       138.201.28.184;
-       138.201.28.185;
-       138.201.28.186;
-       2a01:4f8:171:3006::/64;
        127.0.0.0/8;
        ::1/128;
        fe80::/10;
@@ -72,11 +51,7 @@ acl allow-recursion {
 
 #----------------------------------------
 acl also-notify-acwain {
-       144.76.221.169;
-       2a01:4f8:200:94a8::2;
        2a02:8109:ae3f:fa04:5604:a6ff:fe38:99f9;
-       138.201.28.135;
-       2a01:4f8:171:3006::2;
 };
 
 #----------------------------------------
@@ -97,14 +72,8 @@ acl common-allow-transfer {
        195.50.185.7;
        46.189.56.7;
        85.199.64.7;
-       46.16.73.175;
-       2001:4dd0:ff00:cd3::2;
        188.34.187.246;
        2a01:4f8:c010:80ee::1;
-       144.76.221.169;
-       2a01:4f8:200:94a8::2;
-       138.201.28.135;
-       2a01:4f8:171:3006::2;
        185.48.118.128;
        162.254.24.33;
        185.102.95.107;
@@ -116,7 +85,7 @@ acl common-allow-transfer {
 
 #----------------------------------------
 acl local-host-ips {
-       127.0.0.0/8;
+       127.0.0.1/8;
        ::1/128;
 };
 
@@ -133,8 +102,6 @@ acl local-net-ips {
 #----------------------------------------
 acl private-net-ips {
        10.12.11.0/24;
-       46.16.73.175;
-       2001:4dd0:ff00:cd3::2;
        2a02:8109:ae3f:fa04:5604:a6ff:fe38:99f9;
        188.34.187.246;
        2a01:4f8:c010:80ee::1;

diff --git a/bind/named-sec.conf b/bind/named-sec.conf
index dc59d733c3c3e588dea8fff60fd1eb82e560e50b..5e71ab9ecec05eb587e1ef166a3010495c1ee871 100644 (file)
--- a/bind/named-sec.conf
+++ b/bind/named-sec.conf
@@ -10,28 +10,6 @@
 //# Slave-Zonen (Secondary)
 
 
-zone "0.0.0.1.6.0.0.3.1.7.1.0.8.f.4.0.1.0.a.2.ip6.arpa" {
-       type slave;
-       file "rev.2a01-4f8-171-3006-1000.zone";
-       masters {
-               138.201.28.135;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "0.0.0.2.6.0.0.3.1.7.1.0.8.f.4.0.1.0.a.2.ip6.arpa" {
-       type slave;
-       file "rev.2a01-4f8-171-3006-2000.zone";
-       masters {
-               138.201.28.135;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
 zone "0.29.172.in-addr.arpa" {
        type slave;
        file "rev.172.29.0.zone";
@@ -43,676 +21,5 @@ zone "0.29.172.in-addr.arpa" {
        };
 };
 
-zone "0.31.172.in-addr.arpa" {
-       type slave;
-       file "rev.172.31.0.zone";
-       masters {
-               138.201.28.135;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "0.32.172.in-addr.arpa" {
-       type slave;
-       file "rev.172.32.0.zone";
-       masters {
-               138.201.28.135;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "acwain.com" {
-       type slave;
-       file "acwain.com.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "acwain.de" {
-       type slave;
-       file "acwain.de.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "acwain.net" {
-       type slave;
-       file "acwain.net.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "acwain.org" {
-       type slave;
-       file "acwain.org.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "dkn-die-zahnaerzte.de" {
-       type slave;
-       file "dkn-die-zahnaerzte.de.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "domaniecki.com" {
-       type slave;
-       file "domaniecki.com.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "dyn.acwain.net" {
-       type slave;
-       file "dyn.acwain.net.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "e-nergieplus.de" {
-       type slave;
-       file "e-nergieplus.de.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "ereda.de" {
-       type slave;
-       file "ereda.de.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "gl-versicherungsmakler.de" {
-       type slave;
-       file "gl-versicherungsmakler.de.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "haemato-onkologie-hamburg.de" {
-       type slave;
-       file "haemato-onkologie-hamburg.de.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "haemato-onkologie-hh.de" {
-       type slave;
-       file "haemato-onkologie-hh.de.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "hausarztpraxis-hoheluft.de" {
-       type slave;
-       file "hausarztpraxis-hoheluft.de.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "ihrezahnaerzte.com" {
-       type slave;
-       file "ihrezahnaerzte.com.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "irtk.de" {
-       type slave;
-       file "irtk.de.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "kleinanzeigen-mv.de" {
-       type slave;
-       file "kleinanzeigen-mv.de.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "krebszentrum-hoheluft.de" {
-       type slave;
-       file "krebszentrum-hoheluft.de.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "krebszentrum-laack.de" {
-       type slave;
-       file "krebszentrum-laack.de.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "krebszentrum-suederelbe.de" {
-       type slave;
-       file "krebszentrum-suederelbe.de.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "mexico-language-school.com" {
-       type slave;
-       file "mexico-language-school.com.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "mexico-travel-and-tours.com" {
-       type slave;
-       file "mexico-travel-and-tours.com.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "mexventure.com" {
-       type slave;
-       file "mexventure.com.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "mexventure.de" {
-       type slave;
-       file "mexventure.de.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "mexventures.com" {
-       type slave;
-       file "mexventures.com.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "mexventures.de" {
-       type slave;
-       file "mexventures.de.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "mypettown.com" {
-       type slave;
-       file "mypettown.com.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "mypettown.de" {
-       type slave;
-       file "mypettown.de.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "nexunus.com" {
-       type slave;
-       file "nexunus.com.zone";
-       masters {
-               138.201.28.135;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "nexunus.de" {
-       type slave;
-       file "nexunus.de.zone";
-       masters {
-               138.201.28.135;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "nexunus.net" {
-       type slave;
-       file "nexunus.net.zone";
-       masters {
-               138.201.28.135;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "onkologie-hoheluft.de" {
-       type slave;
-       file "onkologie-hoheluft.de.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "onkologie-laack.de" {
-       type slave;
-       file "onkologie-laack.de.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "onkologie-suederelbe.de" {
-       type slave;
-       file "onkologie-suederelbe.de.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "planetec.de" {
-       type slave;
-       file "planetec.de.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "pontilus.com" {
-       type slave;
-       file "pontilus.com.zone";
-       masters {
-               138.201.28.135;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "pontilus.de" {
-       type slave;
-       file "pontilus.de.zone";
-       masters {
-               138.201.28.135;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "saeger.cc" {
-       type slave;
-       file "saeger.cc.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "saeger.net" {
-       type slave;
-       file "saeger.net.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "sg-hohh.de" {
-       type slave;
-       file "sg-hohh.de.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "shop-yoo.com" {
-       type slave;
-       file "shop-yoo.com.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "shop-yoo.de" {
-       type slave;
-       file "shop-yoo.de.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "shop-you.de" {
-       type slave;
-       file "shop-you.de.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "shopyoo.com" {
-       type slave;
-       file "shopyoo.com.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "shopyoo.de" {
-       type slave;
-       file "shopyoo.de.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "shopyou.com" {
-       type slave;
-       file "shopyou.com.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "shopyou.de" {
-       type slave;
-       file "shopyou.de.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "spanish-school-mexico.com" {
-       type slave;
-       file "spanish-school-mexico.com.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "sprachreisen-mexiko.com" {
-       type slave;
-       file "sprachreisen-mexiko.com.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "sprachschule-mexiko.com" {
-       type slave;
-       file "sprachschule-mexiko.com.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "spridget-register.com" {
-       type slave;
-       file "spridget-register.com.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "spridgets.net" {
-       type slave;
-       file "spridgets.net.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "timo-adam.de" {
-       type slave;
-       file "timo-adam.de.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "timoadam.de" {
-       type slave;
-       file "timoadam.de.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "vital-beauty.net" {
-       type slave;
-       file "vital-beauty.net.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "vitalbeauty.net" {
-       type slave;
-       file "vitalbeauty.net.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "xn--hmato-onkologie-hamburg-v7b.de" {
-       type slave;
-       file "xn--hmato-onkologie-hamburg-v7b.de.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "xn--hmato-onkologie-hh-ltb.de" {
-       type slave;
-       file "xn--hmato-onkologie-hh-ltb.de.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "zahnpiraten-hamburg.com" {
-       type slave;
-       file "zahnpiraten-hamburg.com.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
-zone "zahnpiraten.com" {
-       type slave;
-       file "zahnpiraten.com.zone";
-       masters {
-               144.76.221.169;
-       };
-       allow-transfer {
-               common-allow-transfer;
-       };
-};
-
 
 # vim: ts=4 filetype=named noai

diff --git a/bind/named.conf.default-zones b/bind/named.conf.default-zones
index 71b56c86dc060d3d157b192ed0f9b4deb0b4aea3..952ae71bed7f46f6bc7e718536f6ea35d7767c5f 100644 (file)
--- a/bind/named.conf.default-zones
+++ b/bind/named.conf.default-zones
@@ -9,7 +9,7 @@
 // prime the server with knowledge of the root servers
 zone "." {
        type hint;
-       file "/usr/share/dns/root.hints";
+       file "/etc/bind/db.root";
 };
 
 // be authoritative for the localhost forward and reverse zones, and for

diff --git a/bind/named.conf.options b/bind/named.conf.options
index 0b087857cbd06f794934b9e9b793452e08b47f13..44af16c8d30b40ed23c849cd3666334485e21a1c 100644 (file)
--- a/bind/named.conf.options
+++ b/bind/named.conf.options
@@ -18,9 +18,9 @@ options {
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
 
-       // If your ISP provided one or more IP addresses for stable 
-       // nameservers, you probably want to use them as forwarders.  
-       // Uncomment the following block, and insert the addresses replacing 
+       // If your ISP provided one or more IP addresses for stable
+       // nameservers, you probably want to use them as forwarders.
+       // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.
 
        // forwarders {
@@ -47,7 +47,7 @@ options {
        //========================================================================
        //dnssec-enable yes;
        dnssec-validation auto;
-       # dnssec-lookaside auto;
+       dnssec-lookaside auto;
 
        /*
         * As of bind 9.8.0:
@@ -73,11 +73,6 @@ key "dyn-dns-updater" {
        secret "gi69Yjzo1OSPVQ/oTTgw+Q==";
 };
 
-key "uhu-banane.de" {
-       algorithm hmac-sha256;
-       secret "Fp7S3LW+bSZZi2hFZUwFje47xW4cYTR6O4QfCUPoAGM=";
-};
-
 //###############################################################
 //# Kontrollkanäle für RNDC