diff --git a/files/snster-kaz/isp-a/infra/dns.conf b/files/snster-kaz/isp-a/infra/dns.conf index 86b91b8..31cd461 100644 --- a/files/snster-kaz/isp-a/infra/dns.conf +++ b/files/snster-kaz/isp-a/infra/dns.conf @@ -7,3 +7,9 @@ server: local-data: "mail.isp-a.sns. IN A 100.120.1.2" local-data: "ns.isp-a.sns. IN A 100.120.1.2" local-data: "isp-a.sns. IN MX 10 smtp.isp-a.sns." + + local-zone: "120.100.in-addr.arpa." static + local-data: "2.1.120.100.in-addr.arpa. IN PTR smtp.isp-a.sns" + local-data: "2.0.120.100.in-addr.arpa. IN PTR home.isp-a.sns" + local-data: "1.1.120.100.in-addr.arpa. IN PTR router.isp-a.sns" + local-data: "1.0.120.100.in-addr.arpa. IN PTR router.isp-a.sns" diff --git a/files/templates/debian/resolverns/provision.sh b/files/templates/debian/resolverns/provision.sh index fb8f684..d0b843c 100644 --- a/files/templates/debian/resolverns/provision.sh +++ b/files/templates/debian/resolverns/provision.sh @@ -26,6 +26,15 @@ echo -e "server: root-hints: root.hints " > /etc/unbound/unbound.conf.d/root.conf +for i in {64..127}; do + echo -e " local-zone: \"$i.100.in-addr.arpa.\" nodefault" >> /etc/unbound/unbound.conf.d/root.conf +done + + +# local-zone: \"120.100.in-addr.arpa.\" nodefault +# local-zone: \"64.100.in-addr.arpa. to 127.100.in-addr.arpa.\" nodefault +# for i in {64..127}; do echo $i; done + # no DNSSEC validation for now sed -i "s/auto/\#auto/" /etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf diff --git a/files/templates/debian/rootns/provision.sh b/files/templates/debian/rootns/provision.sh index eab67fd..3bf8888 100644 --- a/files/templates/debian/rootns/provision.sh +++ b/files/templates/debian/rootns/provision.sh @@ -39,4 +39,118 @@ echo -e "zone: zonefile: \"root.zone\" " > /etc/nsd/nsd.conf +# Reverse DNS +#sed -i -e 's/^arpa.*//' /etc/nsd/root.zone +#sed -i -e 's/^.\.ns\.arpa.*.*//' /etc/nsd/root.zone + +## Racine +sed -i -e '/NSEC.*/d' /etc/nsd/root.zone +sed -i -e '/RRSIG.*/d' /etc/nsd/root.zone +sed -i -e '/DNSKEY.*/d' /etc/nsd/root.zone +sed -i -e '/DS.*/d' /etc/nsd/root.zone +sed -i -e '/^arpa.*/d' /etc/nsd/root.zone +sed -i -e '/^.\.ns\.arpa.*.*/d' /etc/nsd/root.zone +echo -e "arpa. 172800 IN NS p.ns.arpa. +p.ns.arpa. 172800 IN A 100.100.1.10 +p.ns.arpa. 172800 IN AAAA 2001:db8:a001::10 +" >> /etc/nsd/root.zone + +## .arpa +wget "https://www.internic.net/domain/arpa.zone" -O /etc/nsd/arpa.zone +sed -i -e '/NSEC.*/d' /etc/nsd/arpa.zone +sed -i -e '/RRSIG.*/d' /etc/nsd/arpa.zone +sed -i -e '/DNSKEY.*/d' /etc/nsd/arpa.zone +sed -i -e '/DS.*/d' /etc/nsd/arpa.zone +sed -i -e '/^arpa\.\s.*NS.*[a-m].ns.arpa.*/d' /etc/nsd/arpa.zone +sed -i -e '/^in-addr.*/d' /etc/nsd/arpa.zone +sed -i -e '/^.\.in-addr.*/d' /etc/nsd/arpa.zone +echo -e "arpa. 172800 IN NS p.ns.arpa. +p.ns.arpa. 172800 IN A 100.100.1.10 +p.ns.arpa. 172800 IN AAAA 2001:db8:a001::10 +in-addr.arpa. 172800 IN NS p.in-addr-servers.arpa. +p.in-addr-servers.arpa. 172800 IN A 100.100.1.10 +p.in-addr-servers.arpa. 172800 IN AAAA 2001:db8:a001::10 +" >> /etc/nsd/arpa.zone + +echo -e "zone: + name: \"arpa.\" + zonefile: \"arpa.zone\" +" >> /etc/nsd/nsd.conf + +## .in-addr.arpa +wget "https://www.internic.net/domain/in-addr.arpa.zone" -O /etc/nsd/in-addr.arpa.zone +sed -i -e '/SOA.*/d' /etc/nsd/in-addr.arpa.zone +sed -i -e '/NSEC.*/d' /etc/nsd/in-addr.arpa.zone +sed -i -e '/RRSIG.*/d' /etc/nsd/in-addr.arpa.zone +sed -i -e '/DNSKEY.*/d' /etc/nsd/in-addr.arpa.zone +sed -i -e '/DS.*/d' /etc/nsd/in-addr.arpa.zone +sed -i -e '/^in-addr\.arpa\.\s.*NS.*[a-m].in-addr-servers.arpa.*/d' /etc/nsd/in-addr.arpa.zone +sed -i -e '/^100.*/d' /etc/nsd/in-addr.arpa.zone +echo -e "in-addr.arpa. 172800 IN NS p.ns.in-addr.arpa. +p.ns.in-addr.arpa. 172800 IN A 100.100.1.10 +p.ns.in-addr.arpa. 172800 IN AAAA 2001:db8:a001::10 +100.in-addr.arpa. 172800 IN NS p.100.in-addr.arpa. +p.100.in-addr.arpa. 172800 IN A 100.100.1.10 +p.100.in-addr.arpa. 172800 IN AAAA 2001:db8:a001::10 +in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2022090676 1800 900 604800 3600 +" >> /etc/nsd/in-addr.arpa.zone + +echo -e "zone: + name: \"in-addr.arpa.\" + zonefile: \"in-addr.arpa.zone\" +" >> /etc/nsd/nsd.conf + + + +# 100.in-addr.arpa +echo -e "100.in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2022090676 1800 900 604800 3600 +100.in-addr.arpa. 172800 IN NS p.ns.100.in-addr.arpa. +p.ns.100.in-addr.arpa. 172800 IN A 100.100.1.10 +p.ns.100.in-addr.arpa. 172800 IN AAAA 2001:db8:a001::10 +120.100.in-addr.arpa. 172800 IN NS p.120.100.in-addr.arpa. +p.120.100.in-addr.arpa. 172800 IN A 100.120.1.2 +p.120.100.in-addr.arpa. 172800 IN AAAA 2001:db8:120:1::2 +" > /etc/nsd/100.in-addr.arpa.zone + +echo -e "zone: + name: \"100.in-addr.arpa.\" + zonefile: \"100.in-addr.arpa.zone\" +" >> /etc/nsd/nsd.conf + +# +# # 120.100.in-addr.arpa +# echo -e "120.100.in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2022090676 1800 900 604800 3600 +# 120.100.in-addr.arpa. 172800 IN NS p.ns.120.100.in-addr.arpa. +# p.ns.120.100.in-addr.arpa. 172800 IN A 100.100.1.10 +# p.ns.120.100.in-addr.arpa. 172800 IN AAAA 2001:db8:a001::10 +# 1.120.100.in-addr.arpa. 172800 IN NS p.1.120.100.in-addr.arpa. +# p.1.120.100.in-addr.arpa. 172800 IN A 100.100.1.10 +# p.1.120.100.in-addr.arpa. 172800 IN AAAA 2001:db8:a001::10 +# " > /etc/nsd/120.100.in-addr.arpa.zone +# +# echo -e "zone: +# name: \"120.100.in-addr.arpa.\" +# zonefile: \"120.100.in-addr.arpa.zone\" +# " >> /etc/nsd/nsd.conf +# +# # 1.120.100.in-addr.arpa +# echo -e "1.120.100.in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2022090676 1800 900 604800 3600 +# 1.120.100.in-addr.arpa. 172800 IN NS p.ns.1.120.100.in-addr.arpa. +# p.ns.1.120.100.in-addr.arpa. 172800 IN A 100.100.1.10 +# p.ns.1.120.100.in-addr.arpa. 172800 IN AAAA 2001:db8:a001::10 +# 2.1.120.100.in-addr.arpa. 172800 IN PTR smtp.isp-a.sns. +# " > /etc/nsd/1.120.100.in-addr.arpa.zone +# +# echo -e "zone: +# name: \"1.120.100.in-addr.arpa.\" +# zonefile: \"1.120.100.in-addr.arpa.zone\" +# " >> /etc/nsd/nsd.conf + + + +# 2.1.120.100.in-addr.arpa. 172800 IN PTR smtp.isp-a.sns +# 100.120.1.2 + + + #service nsd restart