KAZ/kaz-vagrant
12
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

snster bootstrap

Browse Source
This commit is contained in:
Francois Lesueur
2022-12-22 17:25:05 +01:00
parent 5545db5891
commit 0733aa3ae8
26 changed files with 898 additions and 119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
files/templates/debian/resolverns/provision.sh Normal file
View File

@ -0,0 +1,40 @@
#!/bin/bash
# Root NS template
set -e
if [ -z $SNSTERGUARD ] ; then exit 1; fi
DIR=`dirname $0`
cd `dirname $0`
# disable systemd-resolved which conflicts with nsd
echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
systemctl stop systemd-resolved
apt-get update
DEBIAN_FRONTEND=noninteractive apt-get install -y unbound dnsutils
# get root hints
#wget "http://www.internic.net/domain/named.root" -O /etc/unbound/root.hints
echo -e ". 3600000 NS P.ROOT-SERVERS.NET.
P.ROOT-SERVERS.NET. 3600000 A 100.100.1.10
P.ROOT-SERVERS.NET. 3600000 AAAA 2001:db8:a001::10
" > /etc/unbound/root.hints
# customize unbound config
#echo -e "server:
# ip-address: 127.0.0.1
echo -e "server:
root-hints: root.hints
" > /etc/unbound/unbound.conf.d/root.conf
# no DNSSEC validation for now
sed -i "s/auto/\#auto/" /etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf
# Be an open dns resolver -- TO CHANGE LATER
echo -e "server:
interface: 0.0.0.0
access-control: 0.0.0.0/0 allow
cache-max-ttl: 20
cache-max-negative-ttl: 20
" > /etc/unbound/unbound.conf.d/listen.conf
service unbound restart

42
files/templates/debian/rootns/provision.sh Normal file
View File

@ -0,0 +1,42 @@
#!/bin/bash
# Root NS template
set -e
if [ -z $SNSTERGUARD ] ; then exit 1; fi
DIR=`dirname $0`
cd `dirname $0`
# disable systemd-resolved which conflicts with nsd
echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
systemctl stop systemd-resolved
apt-get update
DEBIAN_FRONTEND=noninteractive apt-get install -y nsd
# get root zone
wget "http://www.internic.net/domain/root.zone" -O /etc/nsd/root.zone
# customize root zone
# remove official roots
sed -i -e 's/^\.\s.*NS.*[a-m].root-servers.net.*//' /etc/nsd/root.zone
# add alternative milxc root
echo -e ". 518400 IN NS p.root-servers.net
p.root-servers.net 518400 IN A 100.100.1.10
p.root-servers.net 518400 IN AAAA 2001:db8:a001::10
" >> /etc/nsd/root.zone
# add .milxc TLD served by 100.100.20.10
echo -e "milxc. 518400 IN NS ns.milxc.
ns.milxc. 518400 IN A 100.100.20.10
ns.milxc. 518400 IN AAAA 2001:db8:a020::10" >> /etc/nsd/root.zone
# customize nsd config
#echo -e "server:
# ip-address: 127.0.0.1
echo -e "zone:
name: \".\"
zonefile: \"root.zone\"
" > /etc/nsd/nsd.conf
#service nsd restart