Update Readme
Signed-off-by: Blackyfff <freifunk@freifunk-herpf.de>
This commit is contained in:
parent
b61b3cb242
commit
e171cc5a3c
60
README.md
60
README.md
|
|
@ -66,6 +66,7 @@ include "/etc/bind/icvpn-acl.conf"; # auto-generated
|
|||
options {
|
||||
[..] # eigene Optionen
|
||||
|
||||
recursion no;
|
||||
check-names master warn; # Wichtig, da sonst Hostnamen mit _ (z.B.: HUAWEI_P30_lite ) bind nicht laden lassen
|
||||
};
|
||||
|
||||
|
|
@ -73,25 +74,26 @@ options {
|
|||
|
||||
view "icvpn-internal-view" {
|
||||
match-clients { icvpnrange; localhost; };
|
||||
allow-query-cache { any; }
|
||||
allow-query-cache { any; };
|
||||
recursion yes;
|
||||
|
||||
[..] # eigene Optionen
|
||||
|
||||
|
||||
include "/etc/bind/icvpn-internal-view.conf"; # auto-generated
|
||||
|
||||
include "/etc/bind/icvpn-zones.conf"; # Nicht vergessen ;)
|
||||
include "/etc/bind/icvpn-zones.conf"; # Nicht vergessen ;) siehe https://github.com/freifunk/icvpn-scripts#dns-mkdns
|
||||
|
||||
[..]
|
||||
};
|
||||
|
||||
view "external-view" {
|
||||
match-clients { any; };
|
||||
[..] # eigene Optionen
|
||||
[..] # eigene Optionen
|
||||
|
||||
include "/etc/bind/external-view.conf"; # auto-generated
|
||||
|
||||
[..]
|
||||
|
||||
[..]
|
||||
};
|
||||
|
||||
|
||||
|
|
@ -118,6 +120,54 @@ dnssec-policy <Name frei wählbar> { # Name muss in der config gesetzt werden
|
|||
|
||||
[..]
|
||||
```
|
||||
|
||||
Beispielkonfiguration für DNS64:
|
||||
|
||||
```
|
||||
[..]
|
||||
|
||||
view "icvpn-internal-dns64-view" {
|
||||
match-destinations {
|
||||
<IPv6>; # eine separate Adresse ist für DNS64 notwendig
|
||||
};
|
||||
match-clients { icvpnrange; localhost; };
|
||||
allow-query-cache { any; };
|
||||
recursion yes;
|
||||
dns64 64:ff9b::/96 {
|
||||
break-dnssec yes;
|
||||
mapped { !10/8; !192.168/16; !172.16/12; any; };
|
||||
exclude { 64:FF9B::/96; };
|
||||
};
|
||||
|
||||
|
||||
include "/etc/bind/icvpn-internal-dns64-view.conf";
|
||||
|
||||
[..]
|
||||
};
|
||||
|
||||
view "icvpn-internal-view" {
|
||||
|
||||
[..]
|
||||
```
|
||||
|
||||
|
||||
empfohlene Konfigurationen:
|
||||
```
|
||||
options {
|
||||
[..] # eigene Optionen
|
||||
minimal-responses yes;
|
||||
server-id "<eigener Hostname>" # sehr hilfreich wenn anycast-Adressen bedient werden
|
||||
};
|
||||
|
||||
view "external-view" {
|
||||
[..]
|
||||
rate-limit {
|
||||
responses-per-second 50;
|
||||
};
|
||||
[..]
|
||||
};
|
||||
```
|
||||
|
||||
## Konfiguration der Zonendatei
|
||||
### Einträge generell
|
||||
Alle Einträge sollten im relativen Schema vorliegen, also ohne die Rootdomain und ohne abschließenden Punkt.
|
||||
|
|
|
|||
Loading…
Reference in New Issue