file formatting

Signed-off-by: Blackyfff <freifunk@freifunk-herpf.de>

README.md

@@ -66,32 +66,34 @@ include "/etc/bind/icvpn-acl.conf"; # auto-generated
 options {
 	[..] # eigene Optionen
 
+	recursion no;
 	check-names master warn; # Wichtig, da sonst Hostnamen mit _ (z.B.: HUAWEI_P30_lite ) bind nicht laden lassen
 };
 
 [..]
 
-view "icvpn-internal-view" {    
+view "icvpn-internal-view" {
 	match-clients { icvpnrange; localhost; };
-	allow-query-cache { any; }
+	allow-query-cache { any; };
+	recursion yes;
 
-    [..] # eigene Optionen
+	[..] # eigene Optionen
 
 
 	include "/etc/bind/icvpn-internal-view.conf"; # auto-generated
 
-	include "/etc/bind/icvpn-zones.conf"; # Nicht vergessen ;)
+	include "/etc/bind/icvpn-zones.conf"; # Nicht vergessen ;) siehe https://github.com/freifunk/icvpn-scripts#dns-mkdns
 
-    [..]	
+	[..]	
 };
 
 view "external-view" {
 	match-clients { any; };
-    [..] # eigene Optionen
+	[..] # eigene Optionen
 	
 	include "/etc/bind/external-view.conf"; # auto-generated
-    
+
-    [..]	
+	[..]
 };
 
 
@@ -110,7 +112,7 @@ options {
 dnssec-policy <Name frei wählbar> { # Name muss in der config gesetzt werden
 	keys {
 		ksk key-directory lifetime unlimited algorithm ECDSAP384SHA384; # Alle Server einer Domain müssen den gleichen Algorithmus für ksk wählen
-		zsk key-directory lifetime P30D algorithm ECDSAP384SHA384; # Alle Server einer Domain  müssen den gleichen Algorithmus für zsk wählen
+		zsk key-directory lifetime P30D algorithm ECDSAP384SHA384; # Alle Server einer Domain müssen den gleichen Algorithmus für zsk wählen
 	};
 	max-zone-ttl 3600;
 	nsec3param;
@@ -118,6 +120,54 @@ dnssec-policy <Name frei wählbar> { # Name muss in der config gesetzt werden
 
 [..]
 ```
+
+Beispielkonfiguration für DNS64:
+
+```
+[..]
+
+view "icvpn-internal-dns64-view" {
+	match-destinations {
+		<IPv6>; # eine separate Adresse ist für DNS64 notwendig
+	};
+	match-clients { icvpnrange; localhost; };
+	allow-query-cache { any; };
+	recursion yes;
+	dns64 64:ff9b::/96 {
+		break-dnssec yes;
+		mapped { !10/8; !192.168/16; !172.16/12; any; };
+		exclude { 64:FF9B::/96; }; 
+	};
+	
+	
+	include "/etc/bind/icvpn-internal-dns64-view.conf";
+	
+	[..]
+};
+
+view "icvpn-internal-view" {
+
+[..]
+```
+
+
+empfohlene Konfigurationen:
+```
+options {
+	[..] # eigene Optionen
+	minimal-responses yes;
+	server-id "<eigener Hostname>" # sehr hilfreich wenn anycast-Adressen bedient werden
+};
+
+view "external-view" {
+	[..]
+	rate-limit {
+		responses-per-second 50;
+	};
+	[..]
+};
+```
+
 ## Konfiguration der Zonendatei
 ### Einträge generell
 Alle Einträge sollten im relativen Schema vorliegen, also ohne die Rootdomain und ohne abschließenden Punkt.

usr/lib/ffdns/update-dns.sh

@@ -8,7 +8,7 @@
 # exit script when command fails
 set -e
 
-export DNSSCRIPT_VERSION="0.8.4"
+export DNSSCRIPT_VERSION="0.9.0"
 
 . /etc/ffdns/community.conf
 . /etc/ffdns/local.conf
@@ -106,7 +106,7 @@ for Hood in $Hoods; do
 	InsertZoneToViews "$InternalViews" "$ZoneFilesFolder" "$HoodDomain" "$HoodZoneFile" "$TempFolder" "$DNSSECPolicy"
 	
 	HoodForwardZones="$ForwardZones $HoodDomain""/""$HoodZoneFile"
-    UpdateReverseZones "$Subnets" "$HoodForwardZones"
+	UpdateReverseZones "$Subnets" "$HoodForwardZones"
 
 	if [ -n "$MasterExternDomain" ]; then
 		HoodExternDomain="${Hood%%\#*}"".""$MasterExternDomain"

usr/lib/ffdns/update-public-acl.sh

@@ -23,17 +23,17 @@ else
 	Installed4Routes=""
 	Installed6Routes=""
 	for Table in $Tables; do
-		Installed4Routes="$(echo "$Installed4Routes" && ip -4 ro sh ta "$Table")"
+		Installed4Routes="$(echo "$Installed4Routes" && ip -d -4 ro sh ta "$Table")"
-		Installed6Routes="$(echo "$Installed6Routes" && ip -6 ro sh ta "$Table")"
+		Installed6Routes="$(echo "$Installed6Routes" && ip -d -6 ro sh ta "$Table")"
 	done
 	PublicSubs="$(echo "$Installed6Routes" | \
-		sed -e '/^default from/!d;s/.* from \(\S\+\).*/\1/g')"
+		sed -e '/^unicast default from/!d;s/.* from \(\S\+\).*/\1/g')"
 	Privatev4Prefix="\(192\.168\.\|172\.\(1[6-9]\|2[0-9]\|3[01]\)\.\|10\.\)"
 	Privatev6Prefix="\([fF][cCdD][0-9a-fA-F]\{2\}:\)"
 	Publicv4Singles="$(echo "$Installed4Routes" | \
-		sed -e 's/^\(\S\+\)\s.*/\t\1;/g;/^\t'"$Privatev4Prefix"'\|^\t\(unreachable\|default\|0\.\)\|^$/d')"
+		sed -e 's/^\S\+\s\+\(\S\+\)\s.*/\t\1;/g;/^\t'"$Privatev4Prefix"'\|^\t\(unreachable\|default\|0\.\)\|^$/d')"
 	Publicv6Singles="$(echo "$Installed6Routes" | \
-		sed -e 's/^\(\S\+\)\s.*/\1/g;/^'"$Privatev6Prefix"'\|^\(unreachable\|default\|::\|64:ff9b::\)\|^$/d')"
+		sed -e 's/^\S\+\s\+\(\S\+\)\s.*/\1/g;/^'"$Privatev6Prefix"'\|^\(unreachable\|default\|::\|64:ff9b::\)\|^$/d')"
 	
 	# the following code is not well optimized yet and may take a bit to process
 	# therefore it is not recommended to activate it on hardware-routers