passage a snster 1.1.0

This commit is contained in:
Francois Lesueur 2023-01-27 21:15:36 +01:00
parent 91c982ff1c
commit e1ac42525b
10 changed files with 20 additions and 222 deletions

View File

@ -43,7 +43,7 @@ hosts:
- mailserver:
domain: isp-a.sns
- resolverns:
roothints: root.hints
roots: p,100.100.1.10,2001:db8:a001::10
- resolv:
domain: isp-a.sns
ns: 100.120.1.2

View File

@ -1,3 +0,0 @@
. 3600000 NS P.ROOT-SERVERS.NET.
P.ROOT-SERVERS.NET. 3600000 A 100.100.1.10
P.ROOT-SERVERS.NET. 3600000 AAAA 2001:db8:a001::10

View File

@ -38,7 +38,7 @@ hosts:
gatewayv6: 2001:db8:a100::1
templates:
- resolverns:
roothints: root.hints
roots: p,100.100.1.10,2001:db8:a001::10
- resolv:
domain: opendns.sns
ns: 100.100.100.100

View File

@ -1,3 +0,0 @@
. 3600000 NS P.ROOT-SERVERS.NET.
P.ROOT-SERVERS.NET. 3600000 A 100.100.1.10
P.ROOT-SERVERS.NET. 3600000 AAAA 2001:db8:a001::10

View File

@ -38,6 +38,9 @@ hosts:
gatewayv6: 2001:db8:a001::1
templates:
- rootns:
roots: p,100.100.1.10,2001:db8:a001::10
tlds: sns,100.100.20.10,2001:db8:a020::10
reverse: reverse.zone
- resolv:
domain: ns-root-p.sns
ns: 100.100.100.100

View File

@ -0,0 +1,3 @@
120.100.in-addr.arpa. 172800 IN NS p.120.100.in-addr.arpa.
p.120.100.in-addr.arpa. 172800 IN A 100.120.1.2
p.120.100.in-addr.arpa. 172800 IN AAAA 2001:db8:120:1::2

View File

@ -1,50 +0,0 @@
#!/bin/bash
# Root NS template
set -e
if [ -z $SNSTERGUARD ] ; then exit 1; fi
DIR=`dirname $0`
cd `dirname $0`
# disable systemd-resolved which conflicts with nsd
echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
systemctl stop systemd-resolved
apt-get update
DEBIAN_FRONTEND=noninteractive apt-get install -y unbound dnsutils
# get root hints
#wget "http://www.internic.net/domain/named.root" -O /etc/unbound/root.hints
echo -e ". 3600000 NS P.ROOT-SERVERS.NET.
P.ROOT-SERVERS.NET. 3600000 A 100.100.1.10
P.ROOT-SERVERS.NET. 3600000 AAAA 2001:db8:a001::10
" > /etc/unbound/root.hints
# customize unbound config
#echo -e "server:
# ip-address: 127.0.0.1
echo -e "server:
root-hints: root.hints
" > /etc/unbound/unbound.conf.d/root.conf
for i in {64..127}; do
echo -e " local-zone: \"$i.100.in-addr.arpa.\" nodefault" >> /etc/unbound/unbound.conf.d/root.conf
done
# local-zone: \"120.100.in-addr.arpa.\" nodefault
# local-zone: \"64.100.in-addr.arpa. to 127.100.in-addr.arpa.\" nodefault
# for i in {64..127}; do echo $i; done
# no DNSSEC validation for now
sed -i "s/auto/\#auto/" /etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf
# Be an open dns resolver -- TO CHANGE LATER
echo -e "server:
interface: 0.0.0.0
access-control: 0.0.0.0/0 allow
cache-max-ttl: 20
cache-min-ttl: 10
cache-max-negative-ttl: 20
" > /etc/unbound/unbound.conf.d/listen.conf
service unbound restart

View File

@ -1,156 +0,0 @@
#!/bin/bash
# Root NS template
set -e
if [ -z $SNSTERGUARD ] ; then exit 1; fi
DIR=`dirname $0`
cd `dirname $0`
# disable systemd-resolved which conflicts with nsd
echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
systemctl stop systemd-resolved
apt-get update
DEBIAN_FRONTEND=noninteractive apt-get install -y nsd
# get root zone
wget "http://www.internic.net/domain/root.zone" -O /etc/nsd/root.zone
# customize root zone
# remove official roots
sed -i -e 's/^\.\s.*NS.*[a-m].root-servers.net.*//' /etc/nsd/root.zone
# add alternative milxc root
echo -e ". 518400 IN NS p.root-servers.net
p.root-servers.net 518400 IN A 100.100.1.10
p.root-servers.net 518400 IN AAAA 2001:db8:a001::10
" >> /etc/nsd/root.zone
# add .sns TLD served by 100.100.20.10
echo -e "sns. 518400 IN NS ns.sns.
ns.sns. 518400 IN A 100.100.20.10
ns.sns. 518400 IN AAAA 2001:db8:a020::10" >> /etc/nsd/root.zone
# customize nsd config
#echo -e "server:
# ip-address: 127.0.0.1
echo -e "zone:
name: \".\"
zonefile: \"root.zone\"
" > /etc/nsd/nsd.conf
# Reverse DNS
#sed -i -e 's/^arpa.*//' /etc/nsd/root.zone
#sed -i -e 's/^.\.ns\.arpa.*.*//' /etc/nsd/root.zone
## Racine
sed -i -e '/NSEC.*/d' /etc/nsd/root.zone
sed -i -e '/RRSIG.*/d' /etc/nsd/root.zone
sed -i -e '/DNSKEY.*/d' /etc/nsd/root.zone
sed -i -e '/DS.*/d' /etc/nsd/root.zone
sed -i -e '/^arpa.*/d' /etc/nsd/root.zone
sed -i -e '/^.\.ns\.arpa.*.*/d' /etc/nsd/root.zone
echo -e "arpa. 172800 IN NS p.ns.arpa.
p.ns.arpa. 172800 IN A 100.100.1.10
p.ns.arpa. 172800 IN AAAA 2001:db8:a001::10
" >> /etc/nsd/root.zone
## .arpa
wget "https://www.internic.net/domain/arpa.zone" -O /etc/nsd/arpa.zone
sed -i -e '/NSEC.*/d' /etc/nsd/arpa.zone
sed -i -e '/RRSIG.*/d' /etc/nsd/arpa.zone
sed -i -e '/DNSKEY.*/d' /etc/nsd/arpa.zone
sed -i -e '/DS.*/d' /etc/nsd/arpa.zone
sed -i -e '/^arpa\.\s.*NS.*[a-m].ns.arpa.*/d' /etc/nsd/arpa.zone
sed -i -e '/^in-addr.*/d' /etc/nsd/arpa.zone
sed -i -e '/^.\.in-addr.*/d' /etc/nsd/arpa.zone
echo -e "arpa. 172800 IN NS p.ns.arpa.
p.ns.arpa. 172800 IN A 100.100.1.10
p.ns.arpa. 172800 IN AAAA 2001:db8:a001::10
in-addr.arpa. 172800 IN NS p.in-addr-servers.arpa.
p.in-addr-servers.arpa. 172800 IN A 100.100.1.10
p.in-addr-servers.arpa. 172800 IN AAAA 2001:db8:a001::10
" >> /etc/nsd/arpa.zone
echo -e "zone:
name: \"arpa.\"
zonefile: \"arpa.zone\"
" >> /etc/nsd/nsd.conf
## .in-addr.arpa
wget "https://www.internic.net/domain/in-addr.arpa.zone" -O /etc/nsd/in-addr.arpa.zone
sed -i -e '/SOA.*/d' /etc/nsd/in-addr.arpa.zone
sed -i -e '/NSEC.*/d' /etc/nsd/in-addr.arpa.zone
sed -i -e '/RRSIG.*/d' /etc/nsd/in-addr.arpa.zone
sed -i -e '/DNSKEY.*/d' /etc/nsd/in-addr.arpa.zone
sed -i -e '/DS.*/d' /etc/nsd/in-addr.arpa.zone
sed -i -e '/^in-addr\.arpa\.\s.*NS.*[a-m].in-addr-servers.arpa.*/d' /etc/nsd/in-addr.arpa.zone
sed -i -e '/^100.*/d' /etc/nsd/in-addr.arpa.zone
echo -e "in-addr.arpa. 172800 IN NS p.ns.in-addr.arpa.
p.ns.in-addr.arpa. 172800 IN A 100.100.1.10
p.ns.in-addr.arpa. 172800 IN AAAA 2001:db8:a001::10
100.in-addr.arpa. 172800 IN NS p.100.in-addr.arpa.
p.100.in-addr.arpa. 172800 IN A 100.100.1.10
p.100.in-addr.arpa. 172800 IN AAAA 2001:db8:a001::10
in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2022090676 1800 900 604800 3600
" >> /etc/nsd/in-addr.arpa.zone
echo -e "zone:
name: \"in-addr.arpa.\"
zonefile: \"in-addr.arpa.zone\"
" >> /etc/nsd/nsd.conf
# 100.in-addr.arpa
echo -e "100.in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2022090676 1800 900 604800 3600
100.in-addr.arpa. 172800 IN NS p.ns.100.in-addr.arpa.
p.ns.100.in-addr.arpa. 172800 IN A 100.100.1.10
p.ns.100.in-addr.arpa. 172800 IN AAAA 2001:db8:a001::10
120.100.in-addr.arpa. 172800 IN NS p.120.100.in-addr.arpa.
p.120.100.in-addr.arpa. 172800 IN A 100.120.1.2
p.120.100.in-addr.arpa. 172800 IN AAAA 2001:db8:120:1::2
" > /etc/nsd/100.in-addr.arpa.zone
echo -e "zone:
name: \"100.in-addr.arpa.\"
zonefile: \"100.in-addr.arpa.zone\"
" >> /etc/nsd/nsd.conf
#
# # 120.100.in-addr.arpa
# echo -e "120.100.in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2022090676 1800 900 604800 3600
# 120.100.in-addr.arpa. 172800 IN NS p.ns.120.100.in-addr.arpa.
# p.ns.120.100.in-addr.arpa. 172800 IN A 100.100.1.10
# p.ns.120.100.in-addr.arpa. 172800 IN AAAA 2001:db8:a001::10
# 1.120.100.in-addr.arpa. 172800 IN NS p.1.120.100.in-addr.arpa.
# p.1.120.100.in-addr.arpa. 172800 IN A 100.100.1.10
# p.1.120.100.in-addr.arpa. 172800 IN AAAA 2001:db8:a001::10
# " > /etc/nsd/120.100.in-addr.arpa.zone
#
# echo -e "zone:
# name: \"120.100.in-addr.arpa.\"
# zonefile: \"120.100.in-addr.arpa.zone\"
# " >> /etc/nsd/nsd.conf
#
# # 1.120.100.in-addr.arpa
# echo -e "1.120.100.in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2022090676 1800 900 604800 3600
# 1.120.100.in-addr.arpa. 172800 IN NS p.ns.1.120.100.in-addr.arpa.
# p.ns.1.120.100.in-addr.arpa. 172800 IN A 100.100.1.10
# p.ns.1.120.100.in-addr.arpa. 172800 IN AAAA 2001:db8:a001::10
# 2.1.120.100.in-addr.arpa. 172800 IN PTR smtp.isp-a.sns.
# " > /etc/nsd/1.120.100.in-addr.arpa.zone
#
# echo -e "zone:
# name: \"1.120.100.in-addr.arpa.\"
# zonefile: \"1.120.100.in-addr.arpa.zone\"
# " >> /etc/nsd/nsd.conf
# 2.1.120.100.in-addr.arpa. 172800 IN PTR smtp.isp-a.sns
# 100.120.1.2
#service nsd restart

View File

@ -5,16 +5,16 @@ if [ -z "${KAZGUARD}" ] ; then
exit 1
fi
snster -c /root/snster-kaz -t /root/templates start
snster -c /root/snster-kaz start
sleep 10
snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x /mnt/snster/root/snster-kaz/kaz/prod/kaz.sh
snster -c /root/snster-kaz attach kaz-prod -x /mnt/snster/root/snster-kaz/kaz/prod/kaz.sh
# On crée quelques mails
SETUP_MAIL="docker exec mailServ setup"
snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact1@kaz.sns toto"
snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact2@kaz.sns toto"
snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact3@kaz.sns toto"
snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x "${SETUP_MAIL} email add contact4@kaz.sns toto"
snster -c /root/snster-kaz attach kaz-prod -x "${SETUP_MAIL} email add contact1@kaz.sns toto"
snster -c /root/snster-kaz attach kaz-prod -x "${SETUP_MAIL} email add contact2@kaz.sns toto"
snster -c /root/snster-kaz attach kaz-prod -x "${SETUP_MAIL} email add contact3@kaz.sns toto"
snster -c /root/snster-kaz attach kaz-prod -x "${SETUP_MAIL} email add contact4@kaz.sns toto"
echo -e '#!/bin/sh\nsnster -c /root/snster-kaz start' >> /etc/rc.local
chmod +x /etc/rc.local

View File

@ -180,10 +180,11 @@ EOF
cd
git clone https://framagit.org/flesueur/snster.git
cd snster
git checkout tags/v1.1.0
./install.sh
# SNSTER KAZ
cp -ar ${VAGRANT_SRC_DIR}/templates /root
# cp -ar ${VAGRANT_SRC_DIR}/templates /root
cp -ar ${VAGRANT_SRC_DIR}/snster-kaz /root
# crypto keys
@ -191,7 +192,7 @@ EOF
cp -ar /etc/letsencrypt /root/snster-kaz/isp-a/home/
# Build SNSTER KAZ !
snster -c /root/snster-kaz -t /root/templates create
snster -c /root/snster-kaz create
cp "${VAGRANT_SRC_DIR}/vm-install-kaz.sh" /root/
chmod +x /root/vm-install-kaz.sh
if [ "${NOKAZ}" == "true" ]; then
@ -206,6 +207,9 @@ EOF
echo "overlay /kaz-prod overlay lowerdir=/var/lib/lxc/sr-masters-bullseye/rootfs,upperdir=/var/lib/lxc/kaz-kaz-prod/overlay/delta,workdir=/var/lib/lxc/kaz-kaz-prod/overlay/work,nofail 0 0" >> /etc/fstab
echo "/kaz-prod/kaz /kaz none bind,nofail 0 0" >> /etc/fstab
# On met le KAZGUARD pour la mise au point
echo "export KAZGUARD='true'" >> /root/.bashrc
echo "########## ********** End Vagrant $(date +%D-%T)"
) > >(tee ${DebugLog}stdout.log) 2> >(tee ${DebugLog}stderr.log >&2)