diff options
| -rw-r--r-- | bind/fake-222/oroe.dk | 27 | ||||
| -rw-r--r-- | bind/fake-222/oroedagen.dk | 10 | ||||
| -rw-r--r-- | bind/named.conf.fake-222 | 18 | ||||
| -rw-r--r-- | bind/named.conf.local | 48 | ||||
| -rw-r--r-- | bind/named.conf.pri | 18 | ||||
| -rw-r--r-- | bind/pri/JONES-cloud-www | 2 | ||||
| -rw-r--r-- | bind/pri/omni-presence.dk | 2 | ||||
| -rw-r--r-- | bind/pri/oroe.dk | 27 | ||||
| -rw-r--r-- | bind/pri/oroedagen.dk | 10 |
9 files changed, 46 insertions, 116 deletions
diff --git a/bind/fake-222/oroe.dk b/bind/fake-222/oroe.dk deleted file mode 100644 index cce9682..0000000 --- a/bind/fake-222/oroe.dk +++ /dev/null @@ -1,27 +0,0 @@ -$TTL 1w -@ IN SOA localhost. root.localhost. ( - 1 - 4h 1h 1w 1h ) - -@ NS localhost. - A 46.30.215.25 - TXT "v=spf1 include:_custspf.one.com ~all" - MX 10 oroe.dk.mx.one.com. - -_acme-challenge CNAME oroe.dk.acme.service.one.com. - -ftp CNAME accessproxy.webpod7-cph3.one.com. -imap A 46.30.211.21 -phpmyadmin CNAME dbadmin.one.com. -pop A 46.30.211.21 -$INCLUDE /etc/local-JONES.DK/bind/skel/A-222 genskabet -$INCLUDE /etc/local-JONES.DK/bind/skel/A-222 www.genskabet -$INCLUDE /etc/local-JONES.DK/bind/skel/CNAME-legacycloud source -$INCLUDE /etc/local-JONES.DK/bind/skel/CNAME-legacycloud *.source -$INCLUDE /etc/local-JONES.DK/bind/skel/A-222 mejeriet -$INCLUDE /etc/local-JONES.DK/bind/skel/A-222 source.mejeriet -$INCLUDE /etc/local-JONES.DK/bind/skel/A-222 www.mejeriet -$INCLUDE /etc/local-JONES.DK/bind/skel/A-222 posten -$INCLUDE /etc/local-JONES.DK/bind/skel/A-222 www.posten - -* CNAME oroe.dk.www.service.one.com. diff --git a/bind/fake-222/oroedagen.dk b/bind/fake-222/oroedagen.dk deleted file mode 100644 index 556d656..0000000 --- a/bind/fake-222/oroedagen.dk +++ /dev/null @@ -1,10 +0,0 @@ -$TTL 1w -@ IN SOA localhost. root.localhost. ( - 1 - 4h 1h 1w 1h ) - -$INCLUDE /etc/local-JONES.DK/bind/skel/MX-avoid -@ NS localhost. - A 185.20.205.39 - -* A 185.20.205.39 diff --git a/bind/named.conf.fake-222 b/bind/named.conf.fake-222 index f3af649..47f65a9 100644 --- a/bind/named.conf.fake-222 +++ b/bind/named.conf.fake-222 @@ -53,21 +53,12 @@ zone "jones.dk" { zone "kassandra-production.dk" { type master; allow-transfer { none; }; file "/etc/local-JONES.DK/bind/fake-222/kassandra-production.dk"; }; // Annika Lewis (owner=Spiff) -zone "livetpaaoroe.dk" { - type master; allow-transfer { none; }; - file "/etc/local-JONES.DK/bind/fake-222/JONES-nomail"; }; // OROE zone "majasguf.dk" { type master; allow-transfer { none; }; file "/etc/local-JONES.DK/bind/fake-222/JONES-www+source"; }; // Jones zone "omni-presence.dk" { type master; allow-transfer { none; }; file "/etc/local-JONES.DK/bind/fake-222/omni-presence.dk"; }; // Annika Lewis -zone "oroe.dk" { - type master; allow-transfer { none; }; - file "/etc/local-JONES.DK/bind/fake-222/oroe.dk"; }; // OROE -zone "oroedagen.dk" { - type master; allow-transfer { none; }; - file "/etc/local-JONES.DK/bind/fake-222/oroedagen.dk"; }; // OROE zone "oroefaellesjord.dk" { type master; allow-transfer { none; }; file "/etc/local-JONES.DK/bind/fake-222/TEENY"; }; // Orø Fællesjord @@ -98,15 +89,6 @@ zone "superserver.dk" { zone "xn--abcdefghijklmnopqrstuvxyz-0fc0a81c.dk" { type master; allow-transfer { none; }; file "/etc/local-JONES.DK/bind/fake-222/JONES"; }; // Jones -zone "xn--or-mka.dk" { - type master; allow-transfer { none; }; - file "/etc/local-JONES.DK/bind/fake-222/JONES-nomail"; }; // OROE -zone "xn--ordagen-r1a.dk" { - type master; allow-transfer { none; }; - file "/etc/local-JONES.DK/bind/fake-222/JONES-nomail"; }; // OROE -zone "xn--livetpor-f0a6q.dk" { - type master; allow-transfer { none; }; - file "/etc/local-JONES.DK/bind/fake-222/JONES-nomail"; }; // OROE zone "xn--orfllesjord-c9a6u.dk" { type master; allow-transfer { none; }; file "/etc/local-JONES.DK/bind/fake-222/TEENY"; }; // Orø Fællesjord diff --git a/bind/named.conf.local b/bind/named.conf.local index 4991dd6..06df084 100644 --- a/bind/named.conf.local +++ b/bind/named.conf.local @@ -1,22 +1,62 @@ include "/etc/local-JONES.DK/bind/named.conf.acl"; +acl jones_internals { + localhost; + 192.168.0.0/16; + 2a12:3d83:7021::/48; + fd00::/8; + fe80::/10; +}; +acl not_jones_internals { + 10.0.0.0/8; + 100.64.0.0/10; + 172.16.0.0/12; + fc00::/8; +}; view "internal" { - match-clients { 127.0.0.0/24; 192.168.222.0/24; }; + match-clients { jones_internals; }; + match-destinations { jones_internals; }; + match-recursive-only yes; + + allow-query { jones_internals; }; + allow-recursion { jones_internals; }; + allow-transfer { none; }; +// blackhole { not_jones_internals; }; include "/etc/local-JONES.DK/bind/named.conf.fake-222"; include "/etc/local-REDPILL.DK/bind/named.conf.FSUB.DE"; - include "/etc/bind/named.conf.default-zones"; + // prime the server with knowledge of the root servers + zone "." { + type hint; + file "/usr/share/dns/root.hints"; + }; + + plugin query "filter-aaaa.so" { + filter-aaaa-on-v4 yes; + filter-aaaa-on-v6 yes; + filter-aaaa { any; }; + }; }; view "external" { match-clients { any; }; recursion no; - include "/etc/bind/zones.rfc1918"; + // https://rhn.redhat.com/errata/RHSA-2013-0550.html + rate-limit { + responses-per-second 5; + window 5; + }; + +// include "/etc/bind/zones.rfc1918"; include "/etc/local-JONES.DK/bind/named.conf.pri"; include "/etc/local-REDPILL.DK/bind/named.conf.FSUB.DE.internal"; - include "/etc/bind/named.conf.default-zones"; + // prime the server with knowledge of the root servers + zone "." { + type hint; + file "/usr/share/dns/root.hints"; + }; }; diff --git a/bind/named.conf.pri b/bind/named.conf.pri index ab59da3..58bf219 100644 --- a/bind/named.conf.pri +++ b/bind/named.conf.pri @@ -51,21 +51,12 @@ zone "jones.dk" { zone "kassandra-production.dk" { type master; allow-transfer { jones_peers; }; file "/etc/local-JONES.DK/bind/pri/kassandra-production.dk"; }; // Annika Lewis (owner=Spiff) -zone "livetpaaoroe.dk" { - type master; allow-transfer { jones_peers; }; - file "/etc/local-JONES.DK/bind/pri/JONES-nomail"; }; // OROE zone "majasguf.dk" { type master; allow-transfer { jones_peers; }; file "/etc/local-JONES.DK/bind/pri/JONES-www+source"; }; // Jones zone "omni-presence.dk" { type master; allow-transfer { jones_peers; }; file "/etc/local-JONES.DK/bind/pri/omni-presence.dk"; }; // Annika Lewis -zone "oroe.dk" { - type master; allow-transfer { jones_peers; }; - file "/etc/local-JONES.DK/bind/pri/oroe.dk"; }; // OROE -zone "oroedagen.dk" { - type master; allow-transfer { jones_peers; }; - file "/etc/local-JONES.DK/bind/pri/oroedagen.dk"; }; // OROE zone "oroefaellesjord.dk" { type master; allow-transfer { jones_peers; }; file "/etc/local-JONES.DK/bind/pri/TEENY"; }; // Orø Fællesjord @@ -96,15 +87,6 @@ zone "superserver.dk" { zone "xn--abcdefghijklmnopqrstuvxyz-0fc0a81c.dk" { type master; allow-transfer { jones_peers; }; file "/etc/local-JONES.DK/bind/pri/JONES"; }; // Jones -zone "xn--or-mka.dk" { - type master; allow-transfer { jones_peers; }; - file "/etc/local-JONES.DK/bind/pri/JONES-nomail"; }; // OROE -zone "xn--ordagen-r1a.dk" { - type master; allow-transfer { jones_peers; }; - file "/etc/local-JONES.DK/bind/pri/JONES-nomail"; }; // OROE -zone "xn--livetpor-f0a6q.dk" { - type master; allow-transfer { jones_peers; }; - file "/etc/local-JONES.DK/bind/pri/JONES-nomail"; }; // OROE zone "xn--orfllesjord-c9a6u.dk" { type master; allow-transfer { jones_peers; }; file "/etc/local-JONES.DK/bind/pri/TEENY"; }; // Orø Fællesjord diff --git a/bind/pri/JONES-cloud-www b/bind/pri/JONES-cloud-www index 6ee925c..78b540e 100644 --- a/bind/pri/JONES-cloud-www +++ b/bind/pri/JONES-cloud-www @@ -1,6 +1,6 @@ $TTL 1h @ SOA dns.jones.dk. dr.jones.dk. ( - 2023080301 + 2023091001 4h 1h 1w 1h ) $INCLUDE /etc/local-JONES.DK/bind/skel/NS diff --git a/bind/pri/omni-presence.dk b/bind/pri/omni-presence.dk index f73701d..d0eedf7 100644 --- a/bind/pri/omni-presence.dk +++ b/bind/pri/omni-presence.dk @@ -1,6 +1,6 @@ $TTL 1h @ SOA dns.jones.dk. dr.jones.dk. ( - 2023080301 + 2023091001 4h 1h 1w 1h ) $INCLUDE /etc/local-JONES.DK/bind/skel/NS diff --git a/bind/pri/oroe.dk b/bind/pri/oroe.dk deleted file mode 100644 index 9f94565..0000000 --- a/bind/pri/oroe.dk +++ /dev/null @@ -1,27 +0,0 @@ -$TTL 1h -@ SOA dns.jones.dk. dr.jones.dk. ( - 2024091001 - 4h 1h 1w 1h ) - -$INCLUDE /etc/local-JONES.DK/bind/skel/NS -@ A 46.30.215.25 - TXT "v=spf1 include:_custspf.one.com ~all" - MX 10 oroe.dk.mx.one.com. - -_acme-challenge CNAME oroe.dk.acme.service.one.com. - -ftp CNAME accessproxy.webpod7-cph3.one.com. -imap A 46.30.211.21 -phpmyadmin CNAME dbadmin.one.com. -pop A 46.30.211.21 -$INCLUDE /etc/local-JONES.DK/bind/skel/A genskabet -$INCLUDE /etc/local-JONES.DK/bind/skel/A www.genskabet -$INCLUDE /etc/local-JONES.DK/bind/skel/CNAME-legacycloud source -$INCLUDE /etc/local-JONES.DK/bind/skel/CNAME-legacycloud *.source -$INCLUDE /etc/local-JONES.DK/bind/skel/A mejeriet -$INCLUDE /etc/local-JONES.DK/bind/skel/A source.mejeriet -$INCLUDE /etc/local-JONES.DK/bind/skel/A www.mejeriet -$INCLUDE /etc/local-JONES.DK/bind/skel/A posten -$INCLUDE /etc/local-JONES.DK/bind/skel/A www.posten - -* CNAME oroe.dk.www.service.one.com. diff --git a/bind/pri/oroedagen.dk b/bind/pri/oroedagen.dk deleted file mode 100644 index 3a5afa9..0000000 --- a/bind/pri/oroedagen.dk +++ /dev/null @@ -1,10 +0,0 @@ -$TTL 1h -@ SOA dns.jones.dk. dr.jones.dk. ( - 2023080301 - 4h 1h 1w 1h ) - -$INCLUDE /etc/local-JONES.DK/bind/skel/NS -$INCLUDE /etc/local-JONES.DK/bind/skel/MX-avoid -@ A 185.20.205.39 - -* A 185.20.205.39 |