Include all other files, too

2014-09-15 21:02:49 +02:00 · 2014-09-15 21:02:49 +02:00 · 7c1f7f8300
parent b2c971db62
commit 7c1f7f8300
8 changed files with 242 additions and 1 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,7 +1,14 @@
 #alle Dateie ignorieren...
-*
+/secrets.conf
+*.private
+*.key
+/bind.keys
+db*
+/slave/ffa.zone
+/zones.rfc1918

 #ausser...
+!named.conf
 !/master
 !/master/*
 !.gitignore
--- a/ffhh.conf
+++ b/ffhh.conf
@ -0,0 +1,87 @@
+# Keys we allow for editing
+
+include "/etc/bind/secrets.conf";
+
+#Zones WE have authority over!
+
+#Apperantly for ffhh.
+zone "ffhh" IN {
+    type master;
+    file "/etc/bind/master/db.ffhh";
+    allow-transfer { any; };
+    also-notify {
+        10.112.14.1;	fd51:2bb2:fd0d::e01; #gw01
+        10.112.18.1;    fd51:2bb2:fd0d::d01; #gw05
+	10.112.16.1;	fd51:2bb2:fd0d::a01; #gw07
+	10.112.22.1;	fd51:2bb2:fd0d::b01; #gw08
+	10.112.24.1;	fd51:2bb2:fd0d::901; #gw09
+	10.112.30.1;	fd51:2bb2:fd0d::501; #gw12
+	10.112.32.1;	fd51:2bb2:fd0d::401; #gw13
+    };
+    allow-update { key srv01-zone-key.; key srv01-userdomain-key.; };
+};
+
+zone "hamburg.freifunk.net" IN {
+    type master;
+    allow-transfer {
+        10.112.14.1;	fd51:2bb2:fd0d::e01; #gw01
+        10.112.18.1;    fd51:2bb2:fd0d::d01; #gw05
+	10.112.16.1;	fd51:2bb2:fd0d::a01; #gw07
+	10.112.22.1;	fd51:2bb2:fd0d::b01; #gw08
+	10.112.24.1;	fd51:2bb2:fd0d::901; #gw09
+	10.112.30.1;	fd51:2bb2:fd0d::501; #gw12
+	10.112.32.1;	fd51:2bb2:fd0d::401; #gw13
+	81.7.15.101; # named.exosphere.de
+	78.47.49.236; # ns.ohrensessel.net
+    };
+    also-notify {
+        10.112.14.1;	fd51:2bb2:fd0d::e01; #gw01
+        10.112.18.1;    fd51:2bb2:fd0d::d01; #gw05
+	10.112.16.1;	fd51:2bb2:fd0d::a01; #gw07
+	10.112.22.1;	fd51:2bb2:fd0d::b01; #gw08
+	10.112.24.1;	fd51:2bb2:fd0d::901; #gw09
+	10.112.30.1;	fd51:2bb2:fd0d::501; #gw12
+	10.112.32.1;	fd51:2bb2:fd0d::401; #gw13
+	81.7.15.101; # named.exosphere.de
+        78.47.49.236; # ns.ohrensessel.net
+    };
+    file "/etc/bind/master/db.net.freifunk.hamburg";
+};
+
+#And the reverse Zone for our IPv4 subnet
+zone "112.10.in-addr.arpa" IN {
+    type master;
+    file "/etc/bind/master/db.arpa.in-addr.10.112";
+    allow-transfer { any; };
+    also-notify {
+        10.112.14.1;	fd51:2bb2:fd0d::e01; #gw01
+        10.112.18.1;    fd51:2bb2:fd0d::d01; #gw05
+	10.112.16.1;	fd51:2bb2:fd0d::a01; #gw07
+	10.112.22.1;	fd51:2bb2:fd0d::b01; #gw08
+	10.112.24.1;	fd51:2bb2:fd0d::901; #gw09
+	10.112.30.1;	fd51:2bb2:fd0d::501; #gw12
+	10.112.32.1;	fd51:2bb2:fd0d::401; #gw13
+    };
+    allow-update { key srv01-zone-key.; };
+};
+
+#And the reverse Zone for our IPv6 prefix
+zone "d.0.d.f.2.b.b.2.1.5.d.f.ip6.arpa" IN {
+    type master;
+    file "/etc/bind/master/db.arpa.ip6.f.d.5.1.2.b.b.2.f.d.0.d";
+    allow-transfer { any; };
+    also-notify {
+        10.112.14.1;	fd51:2bb2:fd0d::e01; #gw01
+        10.112.18.1;    fd51:2bb2:fd0d::d01; #gw05
+	10.112.16.1;	fd51:2bb2:fd0d::a01; #gw07
+	10.112.22.1;	fd51:2bb2:fd0d::b01; #gw08
+	10.112.24.1;	fd51:2bb2:fd0d::901; #gw09
+	10.112.30.1;	fd51:2bb2:fd0d::501; #gw12
+	10.112.32.1;	fd51:2bb2:fd0d::401; #gw13
+    };
+    allow-update { key srv01-zone-key.; };
+};
+
+include "/etc/bind/forward-zones.conf";
+include "/etc/bind/mirror-zones.conf";
+
--- a/forward-zones.conf
+++ b/forward-zones.conf
@ -0,0 +1,50 @@
+## Freifunk Augsburg
+zone "ffa" in {
+	type forward;
+	forwarders { 10.11.10.15; 10.11.0.8; };
+};
+
+#DN42
+zone "dn42" {
+  type forward;
+  forwarders { 172.22.0.53; };
+};
+zone "22.172.in-addr.arpa" {
+  type forward;
+  forwarders { 172.22.0.53; };
+};
+zone "23.172.in-addr.arpa" {
+  type forward;
+  forwarders { 172.22.0.53; };
+};
+
+zone "hack" IN {
+  type static-stub; 
+   server-addresses { 172.31.0.5; };      
+};
+zone "31.172.in-addr.arpa" IN {
+  type static-stub;      
+  server-addresses { 172.31.0.5; };
+};
+zone "100.10.in-addr.arpa" IN {
+  type static-stub;      
+  server-addresses { 172.31.0.5; };
+};
+zone "101.10.in-addr.arpa" IN {
+  type static-stub;      
+  server-addresses { 172.31.0.5; };
+};
+zone "102.10.in-addr.arpa" IN {
+  type static-stub;      
+  server-addresses { 172.31.0.5; };
+};
+zone "103.10.in-addr.arpa" IN {
+  type static-stub;      
+  server-addresses { 172.31.0.5; };
+};
+//Freifunk Chemnitz .ffc
+zone "ffc" in {
+    type forward;
+    forwarders { 10.8.6.6; };
+};
+
--- a/mirror-zones.conf
+++ b/mirror-zones.conf
@ -0,0 +1,18 @@
+#Freifunk Luebeck
+zone "ffhl" IN {
+    type slave;
+    file "/etc/bind/slave/db.ffhl";
+    masters { fdef:ffc0:3dd7::a01; fdef:ffc0:3dd7::c01; fdef:ffc0:3dd7::e01; 10.130.10.1; 10.130.12.1; 10.130.14.1; }; 
+    allow-transfer { any; };
+    forwarders { };
+};
+
+#Freifunk Kiel
+zone "ffki" IN {
+    type slave;
+    file "/etc/bind/slave/db.ffki";
+    masters { fda1:384a:74de:4242::1; fda1:384a:74de:4242::2; };
+    allow-transfer { any; };
+    forwarders { };
+};
+
--- a/named.conf
+++ b/named.conf
@ -0,0 +1,12 @@
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
+// structure of BIND configuration files in Debian, *BEFORE* you customize 
+// this configuration file.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+include "/etc/bind/named.conf.options";
+include "/etc/bind/named.conf.local";
+include "/etc/bind/named.conf.default-zones";
+include "/etc/bind/ffhh.conf";
--- a/named.conf.default-zones
+++ b/named.conf.default-zones
@ -0,0 +1,30 @@
+// prime the server with knowledge of the root servers
+zone "." {
+	type hint;
+	file "/etc/bind/db.root";
+};
+
+// be authoritative for the localhost forward and reverse zones, and for
+// broadcast zones as per RFC 1912
+
+zone "localhost" {
+	type master;
+	file "/etc/bind/db.local";
+};
+
+zone "127.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.127";
+};
+
+zone "0.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.0";
+};
+
+zone "255.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.255";
+};
+
+
--- a/named.conf.local
+++ b/named.conf.local
@ -0,0 +1,8 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+# Conflicts with DN42
--- a/named.conf.options
+++ b/named.conf.options
@ -0,0 +1,29 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	// forwarders {
+	// 	0.0.0.0;
+	// };
+
+	//========================================================================
+	// If BIND logs error messages about the root key being expired,
+	// you will need to update your keys.  See https://www.isc.org/bind-keys
+	//========================================================================
+	dnssec-validation no;
+
+	auth-nxdomain no;    # conform to RFC1035
+	listen-on-v6 { any; };
+
+	edns-udp-size 512;
+	max-udp-size 512;
+};
+