|
|
@@ -4,9 +4,153 @@ title: Bildungskurs Freifunk
|
|
|
categories: Treffen
|
|
|
...
|
|
|
|
|
|
-* resol.conf
|
|
|
-* unbound.conf verweist nur auf /etc/unbound/unbound.conf.d/
|
|
|
-* dort erstellen, z.B. aus der Nordstadt kopieren und anpassen:
|
|
|
-# control.conf
|
|
|
-## forward.conf
|
|
|
-- listen.conf
|
|
|
+# Installation
|
|
|
+- Wird an anderer Stelle des Wiki beschrieben
|
|
|
+
|
|
|
+# Allgemein
|
|
|
+- Als Nameserver im weiteren NS genannt, kommen nsd und unbound zum Einsatz.
|
|
|
+Auf nordstadt und hoerde ist freeBSD im Einsatz, auf den APUs Debian.
|
|
|
+Durch die unterschiedliche Verzeichnisstruktur befinden sich die Konfigurationsdaten in verschiedenen Verzeichnissen:
|
|
|
+freeBSD: /usr/local/etc/nsd und /var/unbound
|
|
|
+Debian: nicht installiert und /etc/unbound und /var/lib/unbound
|
|
|
+
|
|
|
+ Überblick nsd ./. unbound:
|
|
|
+................nsd...................unbound
|
|
|
+nordstadt...193.43.220.129...193.43.220.161
|
|
|
+hoerde......130.180.53.22.....193.43.220.136, 193.43.220.168
|
|
|
+
|
|
|
+Zur Steuerung gibt es **nsd-control** und **unbound-control**. Bei freeBSD **local-unbound-control**.
|
|
|
+
|
|
|
+
|
|
|
+## Der primäre NS (nsd) auf nordstadt hält die aktuellen Zonendateien vor
|
|
|
+
|
|
|
+- ***ffdo.net*** für die Auflösung Name -> IP
|
|
|
+- ***220.43.193.in-addr.arpa*** für reverse mapping ip -> Name für 193.43.220.
|
|
|
+- ***221.43.193.in-addr.arpa*** für reverse mapping ip -> Name für 193.43.221.
|
|
|
+
|
|
|
+Die sekundären NS (nsd und unbound) erhalten diese Zonendateien vom primären NS.
|
|
|
+
|
|
|
+Die Zonendaten können mit
|
|
|
+ **nsd-checkconf** -p 220.43.193.in-addr.arpa 220.43.193.in-addr.arpa
|
|
|
+ **nsd-checkconf** -p 221.43.193.in-addr.arpa 221.43.193.in-addr.arpa
|
|
|
+ **nsd-checkconf** -p ffdo.net ffdo.net
|
|
|
+geprüft werden.
|
|
|
+
|
|
|
+Die hier verwendeten Adressen sind größtenteils dem Wiki [IP-Adressen](IP-Adressen) entnommen.
|
|
|
+
|
|
|
+# Nordstadt
|
|
|
+
|
|
|
+## Datei /var/unbound/unbound.conf
|
|
|
+
|
|
|
+ # This file was generated by local-unbound-setup.
|
|
|
+ # Modifications will be overwritten.
|
|
|
+ server:
|
|
|
+ username: unbound
|
|
|
+ directory: /var/unbound
|
|
|
+ chroot: /var/unbound
|
|
|
+ pidfile: /var/run/local_unbound.pid
|
|
|
+ use-syslog: yes
|
|
|
+ auto-trust-anchor-file: /var/unbound/root.key
|
|
|
+ interface: 127.0.0.1
|
|
|
+ interface: ::1
|
|
|
+ interface: 193.43.220.161
|
|
|
+ access-control: 127.0.0.1/32 allow
|
|
|
+ access-control: ::1 allow
|
|
|
+ access-control: 193.43.220.0/23 allow
|
|
|
+ access-control: 91.204.4.0/22 allow
|
|
|
+ access-control: 192.168.0.0/16 allow
|
|
|
+ access-control: 0.0.0.0/0 refuse_non_local
|
|
|
+ #val-permissive-mode: "yes"
|
|
|
+
|
|
|
+## Datei /var/unbound/conf.d/control.conf
|
|
|
+ # This file was generated by local-unbound-setup.
|
|
|
+ # Modifications will be overwritten.
|
|
|
+ remote-control:
|
|
|
+ control-enable: yes
|
|
|
+ control-interface: /var/run/local_unbound.ctl
|
|
|
+ control-use-cert: no
|
|
|
+
|
|
|
+## Datei /var/unbound/conf.d/lan-zones.conf
|
|
|
+ # This file was generated by local-unbound-setup.
|
|
|
+ # Modifications will be overwritten.
|
|
|
+ server:
|
|
|
+ # Unblock reverse lookups for LAN addresses
|
|
|
+ unblock-lan-zones: yes
|
|
|
+ insecure-lan-zones: yes
|
|
|
+
|
|
|
+## Datei /var/unbound/conf.d/zone.conf
|
|
|
+ auth-zone:
|
|
|
+ name: ffdo.net
|
|
|
+ master: 193.43.220.129
|
|
|
+ zonefile: /var/unbound/zone/ffdo.net
|
|
|
+ auth-zone:
|
|
|
+ name: 220.43.193.in-addr.arpa
|
|
|
+ master: 193.43.220.129
|
|
|
+ zonefile: /var/unbound/zone/220.43.193.in-addr.arpa
|
|
|
+ auth-zone:
|
|
|
+ name: 221.43.193.in-addr.arpa
|
|
|
+ master: 193.43.220.129
|
|
|
+ zonefile: /var/unbound/zone/221.43.193.in-addr.arpa
|
|
|
+
|
|
|
+# Hoerde
|
|
|
+
|
|
|
+
|
|
|
+## Datei /var/unbound/unbound.conf
|
|
|
+
|
|
|
+ # This file was generated by local-unbound-setup.
|
|
|
+ # Modifications will be overwritten.
|
|
|
+ server:
|
|
|
+ username: unbound
|
|
|
+ directory: /var/unbound
|
|
|
+ chroot: /var/unbound
|
|
|
+ pidfile: /var/run/local_unbound.pid
|
|
|
+ use-syslog: yes
|
|
|
+ auto-trust-anchor-file: /var/unbound/root.key
|
|
|
+ interface: 127.0.0.1
|
|
|
+ interface: ::1
|
|
|
+ interface: 193.43.220.136
|
|
|
+ interface: 193.43.220.168
|
|
|
+ access-control: 127.0.0.1/32 allow
|
|
|
+ access-control: ::1 allow
|
|
|
+ access-control: 193.43.220.0/23 allow
|
|
|
+ access-control: 91.204.4.0/22 allow
|
|
|
+ access-control: 192.168.0.0/16 allow
|
|
|
+ access-control: 0.0.0.0/0 refuse_non_local
|
|
|
+ #val-permissive-mode: "yes"
|
|
|
+
|
|
|
+## Datei /var/unbound/conf.d/control.conf
|
|
|
+ # This file was generated by local-unbound-setup.
|
|
|
+ # Modifications will be overwritten.
|
|
|
+ remote-control:
|
|
|
+ control-enable: yes
|
|
|
+ control-interface: /var/run/local_unbound.ctl
|
|
|
+ control-use-cert: no
|
|
|
+
|
|
|
+## Datei /var/unbound/conf.d/forward.conf
|
|
|
+ forward-zone:
|
|
|
+ name: "."
|
|
|
+ forward-addr: 193.43.220.129
|
|
|
+ forward-first: yes
|
|
|
+
|
|
|
+## Datei /var/unbound/conf.d/lan-zones.conf
|
|
|
+ # This file was generated by local-unbound-setup.
|
|
|
+ # Modifications will be overwritten.
|
|
|
+ server:
|
|
|
+ # Unblock reverse lookups for LAN addresses
|
|
|
+ unblock-lan-zones: yes
|
|
|
+ insecure-lan-zones: yes
|
|
|
+
|
|
|
+## Datei /var/unbound/conf.d/zone.conf
|
|
|
+ auth-zone:
|
|
|
+ name: ffdo.net
|
|
|
+ master: 193.43.220.129
|
|
|
+ zonefile: /var/unbound/zone/ffdo.net
|
|
|
+ auth-zone:
|
|
|
+ name: 220.43.193.in-addr.arpa
|
|
|
+ master: 193.43.220.129
|
|
|
+ zonefile: /var/unbound/zone/220.43.193.in-addr.arpa
|
|
|
+ auth-zone:
|
|
|
+ name: 221.43.193.in-addr.arpa
|
|
|
+ master: 193.43.220.129
|
|
|
+ zonefile: /var/unbound/zone/221.43.193.in-addr.arpa
|
|
|
+
|
