--- /dev/null
+; This file holds the information on root name servers needed to
+; initialize cache of Internet domain name servers
+; (e.g. reference this file in the "cache . <file>"
+; configuration file of BIND domain name servers).
+;
+; This file is made available by InterNIC
+; under anonymous FTP as
+; file /domain/named.cache
+; on server FTP.INTERNIC.NET
+; -OR- RS.INTERNIC.NET
+;
+; last update: Jan 3, 2013
+; related version of root zone: 2013010300
+;
+; formerly NS.INTERNIC.NET
+;
+. 3600000 IN NS A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
+A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+. 3600000 NS B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
+;
+; FORMERLY C.PSI.NET
+;
+. 3600000 NS C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
+;
+; FORMERLY TERP.UMD.EDU
+;
+. 3600000 NS D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
+D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D
+;
+; FORMERLY NS.NASA.GOV
+;
+. 3600000 NS E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
+;
+; FORMERLY NS.ISC.ORG
+;
+. 3600000 NS F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
+F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+. 3600000 NS G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+. 3600000 NS H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
+H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235
+;
+; FORMERLY NIC.NORDU.NET
+;
+. 3600000 NS I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
+I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FE::53
+;
+; OPERATED BY VERISIGN, INC.
+;
+. 3600000 NS J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
+J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+. 3600000 NS K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
+K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1
+;
+; OPERATED BY ICANN
+;
+. 3600000 NS L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
+L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42
+;
+; OPERATED BY WIDE
+;
+. 3600000 NS M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
+M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35
+; End of File
--- /dev/null
+server:
+ access-control: 0.0.0.0/0 deny
+ access-control: 127.0.0.0/8 allow_snoop
+ #access-control: ::0/0 refuse
+ #access-control: ::1 allow
+ #access-control: ::ffff:127.0.0.1 allow
+ #add-holddown: 2592000 # 30 days
+ auto-trust-anchor-file: "/var/lib/unbound/root.key"
+ #cache-max-ttl: 86400
+ #cache-min-ttl: 0
+ chroot: ""
+ #del-holddown: 2592000 # 30 days
+ directory: "/etc/unbound"
+ #dlv-anchor-file: "dlv.isc.org.key"
+ #do-daemonize: yes
+ do-ip4: yes
+ do-ip6: no
+ #do-not-query-address: 127.0.0.1/8
+ #do-not-query-address: ::1
+ #do-not-query-localhost: yes
+ do-tcp: yes
+ do-udp: yes
+ #domain-insecure: ""
+ #edns-buffer-size: 4096
+ #extended-statistics: no
+ #harden-dnssec-stripped: yes
+ #harden-glue: yes
+ #harden-large-queries: no
+ #harden-referral-path: no
+ #harden-short-bufsize: no
+ hide-identity: yes
+ hide-version: yes
+ identity: ""
+ #incoming-num-tcp: 10
+ #infra-cache-lame-size: 10k
+ infra-cache-numhosts: 10000
+ #infra-cache-slabs: 4
+ #infra-host-ttl: 900
+ #infra-lame-ttl: 900
+ #interface-automatic: no
+ interface: 127.0.0.1
+ #jostle-timeout: 200
+ #keep-missing: 31622400 # 366 days
+ #key-cache-size: 4m
+ #key-cache-slabs: 4
+ #log-time-ascii: no
+ #logfile: ""
+ module-config: "iterator"
+ #msg-buffer-size: 65552
+ msg-cache-size: 4m
+ #msg-cache-slabs: 4
+ #neg-cache-size: 1m
+ #num-queries-per-thread: 1024
+ #num-threads: 1
+ outgoing-interface: OUTGOING_INTERFACE
+ #outgoing-num-tcp: 10
+ outgoing-port-avoid: "3200-3208"
+ #outgoing-port-permit: 32768
+ #outgoing-range: 4096
+ #pidfile: "/run/unbound.pid"
+ port: 53
+ #prefetch-key: no
+ #prefetch: no
+ #private-address: 10.0.0.0/8
+ #private-address: 172.16.0.0/12
+ #private-address: 192.168.0.0/16
+ #private-address: 192.254.0.0/16
+ #private-address: fd00::/8
+ #private-address: fe80::/10
+ #private-domain: "example.com"
+ root-hints: "named.cache"
+ rrset-cache-size: 4m
+ #rrset-cache-slabs: 4
+ #so-rcvbuf: 0
+ #statistics-cumulative: no
+ #statistics-interval: 0
+ #target-fetch-policy: "3 2 1 0 0"
+ #trust-anchor-file: ""
+ #trust-anchor: "jelte.nlnetlabs.nl. DS 42860 5 1 14D739EB566D2B1A5E216A0BA4D17FA9B038BE4A"
+ #trust-anchor: "nlnetlabs.nl. DNSKEY 257 3 5 AQPzzTWMz8qSWIQlfRnPckx2BiVmkVN6LPupO3mbz7FhLSnm26n6iG9N Lby97Ji453aWZY3M5/xJBSOS2vWtco2t8C0+xeO1bc/d6ZTy32DHchpW 6rDH1vp86Ll+ha0tmwyy9QP7y2bVw5zSbFCrefk8qCUBgfHm9bHzMG1U BYtEIQ=="
+ #trusted-keys-file: ""
+ #unwanted-reply-threshold: 10000000
+ #use-caps-for-id: no
+ use-syslog: yes
+ username: "unbound"
+ val-bogus-ttl: 60
+ #val-clean-additional: yes
+ #val-log-level: 1
+ #val-nsec3-keysize-iterations: "1024 150 2048 500 4096 2500"
+ #val-override-date: ""
+ #val-permissive-mode: no
+ #val-sig-skew-max: 86400
+ #val-sig-skew-min: 3600
+ verbosity: 1
+ version: ""
+python:
+ #python-script: "/etc/unbound/ubmodule-tst.py"
+remote-control:
+ control-cert-file: "/etc/unbound/unbound_control.pem"
+ control-enable: yes
+ control-interface: 127.0.0.1
+ #control-interface: ::1
+ control-key-file: "/etc/unbound/unbound_control.key"
+ control-port: 9953
+ server-cert-file: "/etc/unbound/unbound_server.pem"
+ server-key-file: "/etc/unbound/unbound_server.key"
readonly vm_fqdn="$vm_hostname.$vm_domainname"
readonly vm=$vm_hostname
readonly vm_host="rouf.grenode.net"
+readonly vm_host_nameserver="91.216.110.110"
readonly vm_use_lvm="yes"
# - sans LVM :
$(cat /etc/hosts)
127.0.0.1 $vm_fqdn $vm
EOF
+ sudo install -m 644 -o root -g root /dev/stdin /etc/resolv.conf <<-EOF
+ search ${vm_host#*.}
+ nameserver ${vm_host_nameserver}
+ EOF
sudo install -m 644 -o root -g root /dev/stdin /etc/network/interfaces <<-EOF
auto lo
iface lo inet loopback
rule dpkg_reconfigure tzdata
rule apt_get_install ntp
}
+rule_unbound_configure () {
+ sudo apt-get install unbound m4
+ sudo install -m 644 -o root -g root /dev/stdin /etc/resolv.conf <<-EOF
+ search ${vm_host#*.}
+ nameserver 127.0.0.1
+ #nameserver ${vm_host_nameserver}
+ EOF
+ sudo install -m 440 -o unbound -g unbound \
+ "$tool"/etc/unbound/named.cache \
+ /etc/unbound/named.cache
+ m4 \
+ --define=OUTGOING_INTERFACE=$vm_ipv4 \
+ <"$tool"/etc/unbound/unbound.conf |
+ sudo install -m 440 -o unbound -g unbound /dev/stdin \
+ /etc/unbound/unbound.conf
+ sudo service unbound restart
+ }
rule_user_add () { # SYNTAX: $user
rule user_configure
local user=$1