Compare commits
3 Commits
b61b3cb242
...
1b52a0cf76
| Author | SHA1 | Date |
|---|---|---|
 Blackyfff
|
1b52a0cf76 | |
|
Blackyfff
|
033a650f4b | |
|
Blackyfff
|
e171cc5a3c |
68
README.md
68
README.md
|
|
@ -66,32 +66,34 @@ include "/etc/bind/icvpn-acl.conf"; # auto-generated
|
|||
options {
|
||||
[..] # eigene Optionen
|
||||
|
||||
recursion no;
|
||||
check-names master warn; # Wichtig, da sonst Hostnamen mit _ (z.B.: HUAWEI_P30_lite ) bind nicht laden lassen
|
||||
};
|
||||
|
||||
[..]
|
||||
|
||||
view "icvpn-internal-view" {
|
||||
view "icvpn-internal-view" {
|
||||
match-clients { icvpnrange; localhost; };
|
||||
allow-query-cache { any; }
|
||||
allow-query-cache { any; };
|
||||
recursion yes;
|
||||
|
||||
[..] # eigene Optionen
|
||||
[..] # eigene Optionen
|
||||
|
||||
|
||||
include "/etc/bind/icvpn-internal-view.conf"; # auto-generated
|
||||
|
||||
include "/etc/bind/icvpn-zones.conf"; # Nicht vergessen ;)
|
||||
include "/etc/bind/icvpn-zones.conf"; # Nicht vergessen ;) siehe https://github.com/freifunk/icvpn-scripts#dns-mkdns
|
||||
|
||||
[..]
|
||||
[..]
|
||||
};
|
||||
|
||||
view "external-view" {
|
||||
match-clients { any; };
|
||||
[..] # eigene Optionen
|
||||
[..] # eigene Optionen
|
||||
|
||||
include "/etc/bind/external-view.conf"; # auto-generated
|
||||
|
||||
[..]
|
||||
|
||||
[..]
|
||||
};
|
||||
|
||||
|
||||
|
|
@ -110,7 +112,7 @@ options {
|
|||
dnssec-policy <Name frei wählbar> { # Name muss in der config gesetzt werden
|
||||
keys {
|
||||
ksk key-directory lifetime unlimited algorithm ECDSAP384SHA384; # Alle Server einer Domain müssen den gleichen Algorithmus für ksk wählen
|
||||
zsk key-directory lifetime P30D algorithm ECDSAP384SHA384; # Alle Server einer Domain müssen den gleichen Algorithmus für zsk wählen
|
||||
zsk key-directory lifetime P30D algorithm ECDSAP384SHA384; # Alle Server einer Domain müssen den gleichen Algorithmus für zsk wählen
|
||||
};
|
||||
max-zone-ttl 3600;
|
||||
nsec3param;
|
||||
|
|
@ -118,6 +120,54 @@ dnssec-policy <Name frei wählbar> { # Name muss in der config gesetzt werden
|
|||
|
||||
[..]
|
||||
```
|
||||
|
||||
Beispielkonfiguration für DNS64:
|
||||
|
||||
```
|
||||
[..]
|
||||
|
||||
view "icvpn-internal-dns64-view" {
|
||||
match-destinations {
|
||||
<IPv6>; # eine separate Adresse ist für DNS64 notwendig
|
||||
};
|
||||
match-clients { icvpnrange; localhost; };
|
||||
allow-query-cache { any; };
|
||||
recursion yes;
|
||||
dns64 64:ff9b::/96 {
|
||||
break-dnssec yes;
|
||||
mapped { !10/8; !192.168/16; !172.16/12; any; };
|
||||
exclude { 64:FF9B::/96; };
|
||||
};
|
||||
|
||||
|
||||
include "/etc/bind/icvpn-internal-dns64-view.conf";
|
||||
|
||||
[..]
|
||||
};
|
||||
|
||||
view "icvpn-internal-view" {
|
||||
|
||||
[..]
|
||||
```
|
||||
|
||||
|
||||
empfohlene Konfigurationen:
|
||||
```
|
||||
options {
|
||||
[..] # eigene Optionen
|
||||
minimal-responses yes;
|
||||
server-id "<eigener Hostname>" # sehr hilfreich wenn anycast-Adressen bedient werden
|
||||
};
|
||||
|
||||
view "external-view" {
|
||||
[..]
|
||||
rate-limit {
|
||||
responses-per-second 50;
|
||||
};
|
||||
[..]
|
||||
};
|
||||
```
|
||||
|
||||
## Konfiguration der Zonendatei
|
||||
### Einträge generell
|
||||
Alle Einträge sollten im relativen Schema vorliegen, also ohne die Rootdomain und ohne abschließenden Punkt.
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@
|
|||
# exit script when command fails
|
||||
set -e
|
||||
|
||||
export DNSSCRIPT_VERSION="0.8.4"
|
||||
export DNSSCRIPT_VERSION="0.9.0"
|
||||
|
||||
. /etc/ffdns/community.conf
|
||||
. /etc/ffdns/local.conf
|
||||
|
|
@ -106,7 +106,7 @@ for Hood in $Hoods; do
|
|||
InsertZoneToViews "$InternalViews" "$ZoneFilesFolder" "$HoodDomain" "$HoodZoneFile" "$TempFolder" "$DNSSECPolicy"
|
||||
|
||||
HoodForwardZones="$ForwardZones $HoodDomain""/""$HoodZoneFile"
|
||||
UpdateReverseZones "$Subnets" "$HoodForwardZones"
|
||||
UpdateReverseZones "$Subnets" "$HoodForwardZones"
|
||||
|
||||
if [ -n "$MasterExternDomain" ]; then
|
||||
HoodExternDomain="${Hood%%\#*}"".""$MasterExternDomain"
|
||||
|
|
|
|||
|
|
@ -23,17 +23,17 @@ else
|
|||
Installed4Routes=""
|
||||
Installed6Routes=""
|
||||
for Table in $Tables; do
|
||||
Installed4Routes="$(echo "$Installed4Routes" && ip -4 ro sh ta "$Table")"
|
||||
Installed6Routes="$(echo "$Installed6Routes" && ip -6 ro sh ta "$Table")"
|
||||
Installed4Routes="$(echo "$Installed4Routes" && ip -d -4 ro sh ta "$Table")"
|
||||
Installed6Routes="$(echo "$Installed6Routes" && ip -d -6 ro sh ta "$Table")"
|
||||
done
|
||||
PublicSubs="$(echo "$Installed6Routes" | \
|
||||
sed -e '/^default from/!d;s/.* from \(\S\+\).*/\1/g')"
|
||||
sed -e '/^unicast default from/!d;s/.* from \(\S\+\).*/\1/g')"
|
||||
Privatev4Prefix="\(192\.168\.\|172\.\(1[6-9]\|2[0-9]\|3[01]\)\.\|10\.\)"
|
||||
Privatev6Prefix="\([fF][cCdD][0-9a-fA-F]\{2\}:\)"
|
||||
Publicv4Singles="$(echo "$Installed4Routes" | \
|
||||
sed -e 's/^\(\S\+\)\s.*/\t\1;/g;/^\t'"$Privatev4Prefix"'\|^\t\(unreachable\|default\|0\.\)\|^$/d')"
|
||||
sed -e 's/^\S\+\s\+\(\S\+\)\s.*/\t\1;/g;/^\t'"$Privatev4Prefix"'\|^\t\(unreachable\|default\|0\.\)\|^$/d')"
|
||||
Publicv6Singles="$(echo "$Installed6Routes" | \
|
||||
sed -e 's/^\(\S\+\)\s.*/\1/g;/^'"$Privatev6Prefix"'\|^\(unreachable\|default\|::\|64:ff9b::\)\|^$/d')"
|
||||
sed -e 's/^\S\+\s\+\(\S\+\)\s.*/\1/g;/^'"$Privatev6Prefix"'\|^\(unreachable\|default\|::\|64:ff9b::\)\|^$/d')"
|
||||
|
||||
# the following code is not well optimized yet and may take a bit to process
|
||||
# therefore it is not recommended to activate it on hardware-routers
|
||||
|
|
|
|||
Loading…
Reference in New Issue