mkdir -p './apm/event.d'
mkdir -p './apparmor.d/force-complain'
mkdir -p './apt/preferences.d'
+mkdir -p './bind/dyn'
+mkdir -p './bind/zones'
mkdir -p './binfmt.d'
mkdir -p './ca-certificates/update.d'
mkdir -p './clamav/onerrorexecute.d'
maybe chmod 0644 'bind/db.empty'
maybe chmod 0644 'bind/db.local'
maybe chmod 0644 'bind/db.root'
-maybe chgrp 'bind' 'bind/named.conf'
+maybe chmod 0700 'bind/dnssec'
+maybe chmod 0600 'bind/dnssec/Kdns-uhu-banane.+157+21915.key'
+maybe chmod 0600 'bind/dnssec/Kdns-uhu-banane.+157+21915.private'
+maybe chmod 0600 'bind/dnssec/Kdyn-dns-updater.+157+29290.key'
+maybe chmod 0600 'bind/dnssec/Kdyn-dns-updater.+157+29290.private'
+maybe chown 'bind' 'bind/dyn'
+maybe chgrp 'bind' 'bind/dyn'
+maybe chmod 0770 'bind/dyn'
+maybe chmod 0644 'bind/named-acl.conf'
+maybe chmod 0644 'bind/named-dyn.conf'
+maybe chmod 0644 'bind/named-log.conf'
+maybe chmod 0644 'bind/named-pri.conf'
+maybe chmod 0644 'bind/named-sec.conf'
maybe chmod 0644 'bind/named.conf'
-maybe chgrp 'bind' 'bind/named.conf.default-zones'
maybe chmod 0644 'bind/named.conf.default-zones'
-maybe chgrp 'bind' 'bind/named.conf.local'
maybe chmod 0644 'bind/named.conf.local'
-maybe chgrp 'bind' 'bind/named.conf.options'
maybe chmod 0644 'bind/named.conf.options'
maybe chown 'bind' 'bind/rndc.key'
maybe chgrp 'bind' 'bind/rndc.key'
maybe chmod 0640 'bind/rndc.key'
+maybe chgrp 'bind' 'bind/zones'
+maybe chmod 0755 'bind/zones'
maybe chmod 0644 'bind/zones.rfc1918'
maybe chmod 0644 'bindresvport.blacklist'
maybe chmod 0755 'binfmt.d'
maybe chmod 0755 'logrotate.d'
maybe chmod 0644 'logrotate.d/apt'
maybe chmod 0644 'logrotate.d/aptitude'
+maybe chmod 0644 'logrotate.d/bind'
maybe chmod 0644 'logrotate.d/chrony'
maybe chmod 0644 'logrotate.d/clamav-daemon'
maybe chmod 0644 'logrotate.d/clamav-freshclam'
--- /dev/null
+dns-uhu-banane. IN KEY 512 3 157 eMhLmrsWxS28+oUnhbjwE6xYhMCvDKtsEBEc6TzD62mPMQ3R57xDb6McBAduXo56/a1xOtrX/tFs4CVnDnYdMw==
--- /dev/null
+Private-key-format: v1.3
+Algorithm: 157 (HMAC_MD5)
+Key: eMhLmrsWxS28+oUnhbjwE6xYhMCvDKtsEBEc6TzD62mPMQ3R57xDb6McBAduXo56/a1xOtrX/tFs4CVnDnYdMw==
+Bits: AAA=
+Created: 20160308220200
+Publish: 20160308220200
+Activate: 20160308220200
--- /dev/null
+dyn-dns-updater. IN KEY 0 3 157 gi69Yjzo1OSPVQ/oTTgw+Q==
--- /dev/null
+Private-key-format: v1.2
+Algorithm: 157 (HMAC_MD5)
+Key: gi69Yjzo1OSPVQ/oTTgw+Q==
+Bits: AAA=
--- /dev/null
+//###############################################################
+//# Bind9-Konfigurationsdatei - Access-Control-Listen
+//# /etc/bind/named-acl.conf
+//#
+//# Host sarah.uhu-banane.de
+//#
+//###############################################################
+
+//###############################################################
+//# Access-Control-Listen
+
+#----------------------------------------
+acl allow-dyn-update {
+ 46.16.73.175;
+ 2001:4dd0:ff00:cd3::2;
+ 85.214.134.152;
+ 2a01:238:4225:6e00:8f8c:808a:7fb8:88df;
+ 144.76.221.169;
+ 2a01:4f8:200:94a8::2;
+ 138.201.28.135;
+ 2a01:4f8:171:3006::2;
+ 185.48.118.128;
+ 162.254.24.33;
+ 185.102.95.107;
+ 2a06:2380:0:1::3a;
+ 2a02:8109:ae3f:fa04:5604:a6ff:fe38:99f9;
+ 127.0.0.1;
+ ::1;
+};
+
+#----------------------------------------
+acl allow-notify {
+ 46.16.73.175;
+ 2001:4dd0:ff00:cd3::2;
+ 85.214.134.152;
+ 2a01:238:4225:6e00:8f8c:808a:7fb8:88df;
+ 144.76.221.169;
+ 2a01:4f8:200:94a8::2;
+ 138.201.28.135;
+ 2a01:4f8:171:3006::2;
+ 185.48.118.128;
+ 162.254.24.33;
+ 185.102.95.107;
+ 2a06:2380:0:1::3a;
+ 2a02:8109:ae3f:fa04:5604:a6ff:fe38:99f9;
+ 127.0.0.1;
+ ::1;
+};
+
+#----------------------------------------
+acl allow-recursion {
+ 46.16.73.175;
+ 2001:4dd0:ff00:cd3::2;
+ 85.214.134.152;
+ 2a01:238:4225:6e00:8f8c:808a:7fb8:88df;
+ 144.76.221.169;
+ 2a01:4f8:200:94a8::2;
+ 185.48.118.128;
+ 162.254.24.33;
+ 185.102.95.107;
+ 2a06:2380:0:1::3a;
+ 2a02:8109:ae3f:fa04:5604:a6ff:fe38:99f9;
+ 138.201.28.135;
+ 138.201.28.184;
+ 138.201.28.185;
+ 138.201.28.186;
+ 2a01:4f8:171:3006::/64;
+ 127.0.0.0/8;
+ ::1/128;
+ fe80::/10;
+};
+
+#----------------------------------------
+acl also-notify-acwain {
+ 144.76.221.169;
+ 2a01:4f8:200:94a8::2;
+ 2a02:8109:ae3f:fa04:5604:a6ff:fe38:99f9;
+ 138.201.28.135;
+ 2a01:4f8:171:3006::2;
+};
+
+#----------------------------------------
+acl also-notify-boreus {
+ 195.50.185.7;
+ 46.189.56.7;
+ 85.199.64.7;
+};
+
+#----------------------------------------
+acl also-notify-uhu-banane {
+ 185.48.118.128;
+ 162.254.24.33;
+};
+
+#----------------------------------------
+acl common-allow-transfer {
+ 195.50.185.7;
+ 46.189.56.7;
+ 85.199.64.7;
+ 46.16.73.175;
+ 2001:4dd0:ff00:cd3::2;
+ 85.214.134.152;
+ 2a01:238:4225:6e00:8f8c:808a:7fb8:88df;
+ 144.76.221.169;
+ 2a01:4f8:200:94a8::2;
+ 138.201.28.135;
+ 2a01:4f8:171:3006::2;
+ 185.48.118.128;
+ 162.254.24.33;
+ 185.102.95.107;
+ 2a06:2380:0:1::3a;
+ 2a02:8109:ae3f:fa04:5604:a6ff:fe38:99f9;
+ 127.0.0.1;
+ ::1;
+};
+
+#----------------------------------------
+acl local-host-ips {
+ 127.0.0.1/8;
+ ::1/128;
+};
+
+#----------------------------------------
+acl local-net-ips {
+ 127.0.0.0/8;
+ 10.0.0.0/8;
+ 172.16.0.0/12;
+ 192.168.0.0/16;
+ ::1/128;
+ fe80::/10;
+};
+
+#----------------------------------------
+acl private-net-ips {
+ 10.12.11.0/24;
+ 46.16.73.175;
+ 2001:4dd0:ff00:cd3::2;
+ 2a02:8109:ae3f:fa04:5604:a6ff:fe38:99f9;
+ 85.214.134.152;
+ 2a01:238:4225:6e00:8f8c:808a:7fb8:88df;
+ 185.102.95.107;
+ 2a06:2380:0:1::3a;
+};
+
+# vim: ts=4 filetype=named noai
--- /dev/null
+//###############################################################
+//# Bind9-Konfigurationsdatei - Dynamische Zonen
+//# /etc/bind/named-dyn.conf
+//#
+//# Host sarah.uhu-banane.de
+//#
+//###############################################################
+
+
+
+# vim: ts=4 filetype=named noai
--- /dev/null
+//###############################################################
+//# Bind9-Konfigurationsdatei Logging
+//# /etc/bind/named-log.conf
+//#
+//# Host sarah.uhu-banane.de
+//#
+//###############################################################
+
+//###############################################################
+//# Angaben zum Logging
+
+logging {
+
+ //---------------------------------------
+ // Channels
+
+ channel complete_debug {
+ file "/var/log/bind/complete-debug.log";
+ print-category yes;
+ print-severity yes;
+ print-time yes;
+ severity debug 99;
+ };
+
+ channel logtofile {
+ file "/var/log/bind/named.log";
+ print-category yes;
+ print-severity yes;
+ print-time yes;
+ severity info;
+ };
+
+ channel moderate_debug {
+ file "/var/log/bind/debug.log";
+ print-category yes;
+ print-severity yes;
+ print-time yes;
+ severity debug 1;
+ };
+
+ channel query_logging {
+ file "/var/log/bind/query.log";
+ print-time yes;
+ };
+
+ channel security_file {
+ file "/var/log/bind/security.log";
+ print-category yes;
+ print-severity yes;
+ print-time yes;
+ severity dynamic;
+ };
+
+ channel syslog-warning {
+ syslog daemon;
+ severity warning;
+ };
+
+
+ //---------------------------------------
+ // Categories
+
+ category default {
+ default_debug;
+ logtofile;
+ };
+
+ category general {
+ logtofile;
+ syslog-warning;
+ };
+
+ category lame-servers {
+ null;
+ };
+
+ category queries {
+ query_logging;
+ };
+
+ category security {
+ security_file;
+ };
+
+};
+
+# vim: ts=4 filetype=named noai
--- /dev/null
+//###############################################################
+//# Bind9-Konfigurationsdatei - Primaere Zonen
+//# /etc/bind/named-pri.conf
+//#
+//# Host sarah.uhu-banane.de
+//#
+//###############################################################
+
+//###############################################################
+//# Master-Zonen (Primary)
+
+
+
+# vim: ts=4 filetype=named noai
--- /dev/null
+//###############################################################
+//# Bind9-Konfigurationsdatei - Sekundaere Zonen
+//# /etc/bind/named-sec
+//#
+//# Host sarah.uhu-banane.de
+//#
+//###############################################################
+
+//###############################################################
+//# Slave-Zonen (Secondary)
+
+
+
+# vim: ts=4 filetype=named noai
+//###############################################################
+//# Bind9-Konfigurationsdatei
+//# /etc/bind/named.conf
+//#
+//# Host sarah.uhu-banane.de
+//#
+//###############################################################
+
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
+// access control lists
+include "/etc/bind/named-acl.conf";
+
+// global options
include "/etc/bind/named.conf.options";
+
+// logging configuration
+include "/etc/bind/named-log.conf";
+
+// local configuration
include "/etc/bind/named.conf.local";
+
+// Default zones
include "/etc/bind/named.conf.default-zones";
+
+// master zones
+include "/etc/bind/named-pri.conf";
+
+// dynamic zones
+include "/etc/bind/named-dyn.conf";
+
+// slave zones
+include "/etc/bind/named-sec.conf";
+
+
+
+# vim: ts=4 filetype=named noai
+//###############################################################
+//# Bind9-Konfigurationsdatei Default zones
+//# /etc/bind/named.conf.default-zones
+//#
+//# Host sarah.uhu-banane.de
+//#
+//###############################################################
+
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.255";
};
-
+# vim: ts=4 filetype=named noai
+//###############################################################
+//# Bind9-Konfigurationsdatei Lokeles Geruempel
+//# /etc/bind/named.conf.local
+//#
+//# Host sarah.uhu-banane.de
+//#
+//###############################################################
+
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
-//include "/etc/bind/zones.rfc1918";
+include "/etc/bind/zones.rfc1918";
+
+# vim: ts=4 filetype=named noai
+//###############################################################
+//# Bind9-Konfigurationsdatei for general options
+//# /etc/bind/named.conf.options
+//#
+//# Host sarah.uhu-banane.de
+//#
+//###############################################################
+
+
+//###############################################################
+//# Allgemeine Optionen
+
options {
+
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
- // If your ISP provided one or more IP addresses for stable
- // nameservers, you probably want to use them as forwarders.
- // Uncomment the following block, and insert the addresses replacing
+ // If your ISP provided one or more IP addresses for stable
+ // nameservers, you probably want to use them as forwarders.
+ // Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
+ /* https://www.isc.org/solutions/dlv >=bind-9.7.x only */
+ //bindkeys-file "/etc/bind/bind.keys";
+
+ listen-on-v6 { any; };
+ listen-on { any; };
+
+ allow-notify {
+ allow-notify;
+ };
+
+ allow-recursion {
+ allow-recursion;
+ };
+
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
+ //dnssec-enable yes;
dnssec-validation auto;
+ dnssec-lookaside auto;
- auth-nxdomain no; # conform to RFC1035
- listen-on-v6 { any; };
+ /*
+ * As of bind 9.8.0:
+ * "If the root key provided has expired,
+ * named will log the expiration and validation will not work."
+ */
+ //dnssec-validation auto;
+
+ /* if you have problems and are behind a firewall: */
+ //query-source address * port 53;
+
+ // pid-file "/var/run/named/named.pid";
+
+ version "none";
+
+};
+
+// Managed Keys
+include "/etc/bind/bind.keys";
+
+key "dyn-dns-updater" {
+ algorithm hmac-md5;
+ secret "gi69Yjzo1OSPVQ/oTTgw+Q==";
};
+//###############################################################
+//# Kontrollkanäle für RNDC
+
+include "/etc/bind/rndc.key";
+
+controls {
+ inet 127.0.0.1 port 953 allow {
+ 127.0.0.1;
+ ::1/128;
+ } keys {
+ "rndc-key";
+ };
+};
+
+
+# vim: ts=4 filetype=named noai
key "rndc-key" {
algorithm hmac-md5;
- secret "QZWrR209/0Vzozjh+86Tww==";
+ secret "eMhLmrsWxS28+oUnhbjwE6xYhMCvDKtsEBEc6TzD62mPMQ3R57xDb6McBAduXo56/a1xOtrX/tFs4CVnDnYdMw==";
};
+//###############################################################
+//# Bind9-Konfigurationsdatei Default zones RFC 1918
+//# /etc/bind/zones.rfc1918
+//#
+//# Host sarah.uhu-banane.de
+//#
+//###############################################################
+
zone "10.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
-
+
zone "16.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "17.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "18.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "31.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+
+# vim: ts=4 filetype=named noai
--- /dev/null
+/var/log/bind/complete-debug.log /var/log/bind/debug.log /var/log/bind/query.log /var/log/bind/security.log {
+ daily
+ olddir /var/log/bind/.old
+ dateext
+ size 4M
+ rotate 10
+ notifempty
+ missingok
+ compress
+ delaycompress
+ sharedscripts
+ postrotate
+ /usr/sbin/rndc reload
+ endscript
+}
+
+/var/log/bind/named.log {
+ daily
+ olddir /var/log/bind/.old
+ dateext
+ size 10M
+ rotate 20
+ notifempty
+ missingok
+ compress
+ delaycompress
+ sharedscripts
+ postrotate
+ /usr/sbin/rndc reload
+ endscript
+}
+
+
+# vim: ts=4 filetype=conf
+
_apt:x:115:65534::/nonexistent:/bin/false
_chrony:x:116:124:Chrony daemon,,,:/var/lib/chrony:/bin/false
nagios:x:117:125::/var/lib/nagios:/bin/false
-bind:x:118:126::/var/cache/bind:/bin/false
+bind:x:118:126:Bind daemon user,,,:/var/cache/bind:/bin/false
projects / config / sarah / etc.git / commitdiff