1
0
mirror of https://git.envs.net/envs/DNS synced 2024-11-13 12:33:14 +01:00
This commit is contained in:
creme 2019-08-19 00:18:14 +02:00
commit 3c0ebebc26
No known key found for this signature in database
GPG Key ID: C147C3B7FBDF08D0
19 changed files with 611 additions and 0 deletions

5
.gitignore vendored Normal file

@ -0,0 +1,5 @@
keys
slaves
*.key
*.keys
*.private

21
README.md Normal file

@ -0,0 +1,21 @@
# envs.net | DNS - bind9 config files
This is the envs.net DNS-Server.
## NS list
| Name | Address | Location | Type |
| --- | --- | --- | --- |
| envs.net | 89.163.145.170 | Düsseldorf | master |
| | | | |
| ns1.tildeverse.net | 51.79.32.63 | Montréal | slave |
| ns1.tildeverse.net | 2607:5300:60:823f::63 | Montréal | slave |
| ns2.tildeverse.net | 167.114.154.31 | Montréal | slave |
## master-zones:
- envs.net
- envs.sh
- envs.tilde
## slave server for:
- tildeverse.org
- tilde.team

12
db.0 Normal file

@ -0,0 +1,12 @@
;
; BIND reverse data file for broadcast zone
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.

13
db.127 Normal file

@ -0,0 +1,13 @@
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.
1.0.0 IN PTR localhost.

12
db.255 Normal file

@ -0,0 +1,12 @@
;
; BIND reverse data file for broadcast zone
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.

14
db.empty Normal file

@ -0,0 +1,14 @@
; BIND reverse data file for empty rfc1918 zone
;
; DO NOT EDIT THIS FILE - it is used for multiple zones.
; Instead, copy it, edit named.conf, and use that copy.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
86400 ) ; Negative Cache TTL
;
@ IN NS localhost.

14
db.local Normal file

@ -0,0 +1,14 @@
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.
@ IN A 127.0.0.1
@ IN AAAA ::1

36
make_perms.sh Executable file

@ -0,0 +1,36 @@
#!/usr/bin/env bash
PREFIX='/etc'
BINDIR="$PREFIX/bind"
chown root:bind "$BINDIR"/named.conf
chown root:bind "$BINDIR"/named.conf.default-zones
chown root:bind "$BINDIR"/named.conf.local
chown root:bind "$BINDIR"/named.conf.forward
chown root:bind "$BINDIR"/named.conf.slaves
chown root:bind "$BINDIR"/named.conf.options
chown bind:bind rndc.key
chown bind:bind envs_msT.key tilde_msT.key letsencrypt_U.key
chmod 400 envs_msT.key tilde_msT.key letsencrypt_U.key
chmod 600 Kenvs_mst.* Ktilde_mst.* Kletsencrypt_u.*
chown root:bind "$BINDIR"/slave_tilde
test ! -d "$BINDIR"/keys && mkdir -p "$BINDIR"/keys
test ! -d "$BINDIR"/zones && mkdir -p "$BINDIR"/zones
test ! -d "$BINDIR"/slaves && mkdir -p "$BINDIR"/slaves
chown -R bind:bind "$BINDIR"/zones "$BINDIR"/slaves
chmod 755 "$BINDIR"/zones
chmod 755 "$BINDIR"/slaves
chown -R root:bind "$BINDIR"/keys
chmod 755 "$BINDIR"/keys
chmod 644 "$BINDIR"/keys/*.key
chmod 640 "$BINDIR"/keys/*.private
test ! -d /var/log/named && mkdir -p /var/log/named
chown -R bind:root /var/log/named
#
exit 0

13
named.conf Normal file

@ -0,0 +1,13 @@
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.slaves";
include "/etc/bind/named.conf.forward";
include "/etc/bind/named.conf.default-zones";

28
named.conf.default-zones Normal file

@ -0,0 +1,28 @@
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/usr/share/dns/root.hints";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};

9
named.conf.forward Normal file

@ -0,0 +1,9 @@
//
// Forward Zones
zone "tilde." IN {
type forward;
forward only;
forwarders { 139.59.215.24; 149.56.184.112; };
};

65
named.conf.local Normal file

@ -0,0 +1,65 @@
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
// ACL
acl internals {
127.0.0.1;
192.168.1.0/24;
};
// KEY
include "/etc/bind/envs_msT.key";
include "/etc/bind/tilde_msT.key";
include "/etc/bind/letsencrypt_U.key";
// SERVER
server 51.79.32.63 { keys { tilde_msT; }; }; // ns1.tildeverse.net
//server 167.114.154.31 use "ownercheck"-record // ns2.tildeverse.net
server 139.59.215.24 { keys { envs_msT; }; }; // ns1.tildenic.org
server 149.56.184.112 { keys { envs_msT; }; }; // ns2.tildenic.org
// ZONES
zone "envs.net" {
type master;
file "/etc/bind/zones/db.envs.net";
//auto-dnssec maintain;
//inline-signing yes;
notify explicit;
also-notify { 51.79.32.63; 167.114.154.31; };
allow-transfer { 127.0.0.1; 167.114.154.31; key tilde_msT; };
update-policy { grant letsencrypt_U name _acme-challenge.envs.net. txt; };
};
zone "envs.sh" {
type master;
file "/etc/bind/zones/db.envs.sh";
//auto-dnssec maintain;
//inline-signing yes;
notify explicit;
also-notify { 51.79.32.63; 167.114.154.31; };
allow-transfer { 127.0.0.1; 167.114.154.31; key tilde_msT; };
update-policy { grant letsencrypt_U name _acme-challenge.envs.sh. txt; };
};
zone "envs.tilde" {
type master;
file "/etc/bind/zones/db.envs.tilde";
//auto-dnssec maintain;
//inline-signing yes;
notify explicit;
also-notify { 51.79.32.63; 167.114.154.31; 139.59.215.24; 149.56.184.112; };
allow-transfer { 127.0.0.1; key envs_msT; key tilde_msT; };
update-policy { grant letsencrypt_U name _acme-challenge.envs.tilde. txt; };
};

64
named.conf.options Normal file

@ -0,0 +1,64 @@
options {
directory "/var/cache/bind";
managed-keys-directory "/var/cache/bind";
dump-file "/var/cache/bind/cache_dump.db";
statistics-file "/var/cache/bind/bind_stats.txt";
memstatistics-file "/var/cache/bind/bind_mem_stats.txt";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-enable yes;
dnssec-validation auto;
key-directory "/etc/bind/keys/";
// Do not make public version of BIND
version none;
auth-nxdomain no; # conform to RFC1035
recursive-clients 4096;
// edns-udp-size 4096;
// max-udp-size 512;
listen-on-v6 { none; };
listen-on { any; };
allow-transfer { none; };
allow-update { none; };
allow-query { any; };
allow-query-cache { internals; };
allow-recursion { internals; };
};
logging{
channel simple_log {
file "/var/log/named/bind.log" versions 3 size 5m;
severity warning;
print-time yes;
print-severity yes;
print-category yes;
};
category default{
simple_log;
};
};

6
named.conf.slaves Normal file

@ -0,0 +1,6 @@
//
// Slave Zones
// Tilde Zones - ( ben@tilde.team )
include "/etc/bind/slave_tilde";

157
slave_tilde Normal file

@ -0,0 +1,157 @@
// Tilde Zones - ( ben@tilde.team )
zone "tildeverse.org" {
type slave;
file "/etc/bind/slaves/db.tildeverse.org";
masters { 51.79.32.63; };
};
zone "tildeverse.net" {
type slave;
file "/etc/bind/slaves/db.tildeverse.net";
masters { 51.79.32.63; };
};
zone "fuckup.club" {
type slave;
file "/etc/bind/slaves/db.fuckup.club";
masters { 51.79.32.63; };
};
zone "nand.pub" {
type slave;
file "/etc/bind/slaves/db.nand.pub";
masters { 51.79.32.63; };
};
zone "nand.sh" {
type slave;
file "/etc/bind/slaves/db.nand.sh";
masters { 51.79.32.63; };
};
zone "nand.team" {
type slave;
file "/etc/bind/slaves/db.nand.team";
masters { 51.79.32.63; };
};
zone "nand.zone" {
type slave;
file "/etc/bind/slaves/db.nand.zone";
masters { 51.79.32.63; };
};
zone "tild3.org" {
type slave;
file "/etc/bind/slaves/db.tild3.org";
masters { 51.79.32.63; };
};
zone "tild3.club" {
type slave;
file "/etc/bind/slaves/db.tild3.club";
masters { 51.79.32.63; };
};
zone "tilde.chat" {
type slave;
file "/etc/bind/slaves/db.tilde.chat";
masters { 51.79.32.63; };
};
zone "tildegit.org" {
type slave;
file "/etc/bind/slaves/db.tildegit.org";
masters { 51.79.32.63; };
};
zone "tilde.life" {
type slave;
file "/etc/bind/slaves/db.tilde.life";
masters { 51.79.32.63; };
};
zone "tildenet.org" {
type slave;
file "/etc/bind/slaves/db.tildenet.org";
masters { 51.79.32.63; };
};
zone "tilde.news" {
type slave;
file "/etc/bind/slaves/db.tilde.news";
masters { 51.79.32.63; };
};
zone "tildenic.org" {
type slave;
file "/etc/bind/slaves/db.tildenic.org";
masters { 51.79.32.63; };
};
zone "tilde.ninja" {
type slave;
file "/etc/bind/slaves/db.tilde.ninja";
masters { 51.79.32.63; };
};
zone "tilde.pizza" {
type slave;
file "/etc/bind/slaves/db.tilde.pizza";
masters { 51.79.32.63; };
};
zone "tilderadio.org" {
type slave;
file "/etc/bind/slaves/db.tilderadio.org";
masters { 51.79.32.63; };
};
zone "tilde.site" {
type slave;
file "/etc/bind/slaves/db.tilde.site";
masters { 51.79.32.63; };
};
zone "tilde.team" {
type slave;
file "/etc/bind/slaves/db.tilde.team";
masters { 51.79.32.63; };
};
zone "tildeteam.org" {
type slave;
file "/etc/bind/slaves/db.tildeteam.org";
masters { 51.79.32.63; };
};
zone "tilde.wiki" {
type slave;
file "/etc/bind/slaves/db.tilde.wiki";
masters { 51.79.32.63; };
};
zone "tilde.wtf" {
type slave;
file "/etc/bind/slaves/db.tilde.wtf";
masters { 51.79.32.63; };
};
zone "tilde.zone" {
type slave;
file "/etc/bind/slaves/db.tilde.zone";
masters { 51.79.32.63; };
};
zone "ttm.sh" {
type slave;
file "/etc/bind/slaves/db.ttm.sh";
masters { 51.79.32.63; };
};

20
zones.rfc1918 Normal file

@ -0,0 +1,20 @@
zone "10.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "16.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "17.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "18.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "19.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "20.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "21.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "22.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "23.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "24.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "25.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "26.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "27.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "28.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "29.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "30.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "31.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };

76
zones/db.envs.net Normal file

@ -0,0 +1,76 @@
$TTL 28800 ; 8 hours
envs.net. IN SOA envs.net. root.envs.net. (
2019081811 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
28800 ) ; minimum (8 hours)
NS envs.net.
NS ns1.tildeverse.net.
NS ns2.tildeverse.net.
A 89.163.145.170
MX 10 mail.envs.net.
TXT "v=spf1 a mx ip4:5.199.136.29 ip4:5.199.130.141 ~all"
CAA 128 issue "letsencrypt.org"
SSHFP 1 1 2a3dbba3587d58c0e5ca18538fb740d4d46a147f
SSHFP 1 2 edd078ef499fce5ca186daa68e75dc888c69fa358b002898282dc413f6749458
SSHFP 3 1 a6af5e859aab4c5aefef799e0b5f4150bfca653a
SSHFP 3 2 5340ba48a19751f96f7b5ea6da5e0a58174b2c0456e8ef13886599b17014da2e
SSHFP 4 1 26c107e80a42c37290cf17e56571c5d0714da4ba
SSHFP 4 2 57e9974ec449fa37c9331c4f943ff6f1da56a2eba7b375aeab0a69bfaca4542f
$ORIGIN envs.net.
* A 89.163.145.170
ownercheck TXT "4b87cebc"
_dmarc TXT "v=DMARC1; p=quarantine; pct=100"
$TTL 120 ; 2 minutes
_acme-challenge TXT "rS8IyqJqj0FAU7miHtgsyA7EpkLcA7gbXPOVDqrlIs4"
$TTL 28800 ; 8 hours
modoboa._domainkey TXT (
"v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArRQ52xvv9yjsC9"
"+Aj0PYGM30gZLemLl0AiFYRximpnjIJvQthtz3fb4V8chrKNMPQrgz30Bi0OMpoRu3YB57BhVk"
"pLDTHkVzyXD5EXuA9BbutjEvAiD3vvAi19RIL+NAc3sDYn+c2pHP648lnN2XLvhwKOAch8lYjC"
"4t+olYWv4mqm39rEWXLq5KxDHC3NaleKB3PLxe8GbX0QK5Ma/ZIsAT5vhxQwXcq4p7HgHC3CIB"
"+EToNYqAWjQ2OiRHKD91PyBTgpA89QQTAj8xJpGVpYxafv0haTfqXiBUubSXjDOSrQvz/vsm29"
"HLf+6abE28CmcKPXw79180zrVkeC/w5kiIgd/SCdMmVoDvtnmU0TrFHD9+kwNzCYT34p9Y35Sb"
"l/FwS96d96N3rqEY/lSZONR0+fFsVqwMzdcVxm+Kfkju7rLwPY/HlT50Oj9LV8eol0ZcIDLj0R"
"uTPpgW3DagoS20KN5xUkv+nF/KdASWsUhAIBBFWUk/YL737Cl8vi6CiMvCFfeuh9npnFyziKAr"
"vVH+I0OiX981QwDptkLcrhVqvmSdXxsjYJ2ApPEXs1D3hvCvhpiUKpLq9RMWTmvr2E7kmG5iJN"
"pgd+vVKhRR386URwy6NRhs9W5AadYEUALasxr5rOPabHjhv0nBQlTiG+I8PQ5i9AMyyif2UXf+"
"llsCAwEAAQ==")
autoconfig CNAME mail
autodiscover CNAME mail
imap CNAME mail
imaps CNAME mail
lists A 5.199.136.29
mail A 5.199.136.28
pop CNAME mail
pops CNAME mail
smtp CNAME mail
smtps CNAME mail
webmail CNAME mail
sync A 78.31.64.115
ssh A 5.199.139.30
ssh SSHFP 1 1 2a3dbba3587d58c0e5ca18538fb740d4d46a147f
ssh SSHFP 1 2 edd078ef499fce5ca186daa68e75dc888c69fa358b002898282dc413f6749458
ssh SSHFP 3 1 a6af5e859aab4c5aefef799e0b5f4150bfca653a
ssh SSHFP 3 2 5340ba48a19751f96f7b5ea6da5e0a58174b2c0456e8ef13886599b17014da2e
ssh SSHFP 4 1 26c107e80a42c37290cf17e56571c5d0714da4ba
ssh SSHFP 4 2 57e9974ec449fa37c9331c4f943ff6f1da56a2eba7b375aeab0a69bfaca4542f
git A 5.199.130.141
git SSHFP 1 1 425f8b1f3d006890b4121b315c6d0a5643699097
git SSHFP 1 2 0436bd7ad8ddf3a928f95f5ed82ea83a60b1faf5a877d2ca186d34c4b5ea5dbc
git SSHFP 3 1 37b0ba28a88669fd9bbeabf26781045ac0ffa4c5
git SSHFP 3 2 1b8ba4b54d8f29591ac4f1b8dab64412fe153eb5fe9641b7b6f56b101fd5cbd1
git SSHFP 4 1 37f3b26188e406beefbdc70558545fb211326c2b
git SSHFP 4 2 974452767ec3332ab2431bae9569c64bede1d6c6af6c3eebb036ad2f9a2ba771
_github-challenge-envs-net TXT "099ae75811"
$ORIGIN git.envs.net.
_github-challenge-envs-net TXT "a781f9d6d2"
$ORIGIN _tcp.envs.net.
_autodiscover SRV 0 10 443 mail.envs.net.
_imap SRV 0 10 143 mail.envs.net.
_imaps SRV 0 10 993 mail.envs.net.
_pop SRV 0 10 110 mail.envs.net.
_pops SRV 0 10 995 mail.envs.net.
_smtp SRV 0 10 25 mail.envs.net.
_smtps SRV 0 10 587 mail.envs.net.

23
zones/db.envs.sh Normal file

@ -0,0 +1,23 @@
$TTL 28800 ; 8 hours
envs.sh. IN SOA envs.net. root.envs.net. (
2019081810 ; Serial
10800 ; Refresh
3600 ; Retry
604800 ; Expire
28800 ) ; Negative Cache TTL
NS envs.net.
NS ns1.tildeverse.net.
NS ns2.tildeverse.net.
A 89.163.145.170
CAA 128 issue "letsencrypt.org"
SSHFP 1 1 2a3dbba3587d58c0e5ca18538fb740d4d46a147f
SSHFP 1 2 edd078ef499fce5ca186daa68e75dc888c69fa358b002898282dc413f6749458
SSHFP 3 1 a6af5e859aab4c5aefef799e0b5f4150bfca653a
SSHFP 3 2 5340ba48a19751f96f7b5ea6da5e0a58174b2c0456e8ef13886599b17014da2e
SSHFP 4 1 26c107e80a42c37290cf17e56571c5d0714da4ba
SSHFP 4 2 57e9974ec449fa37c9331c4f943ff6f1da56a2eba7b375aeab0a69bfaca4542f
$ORIGIN envs.sh.
* A 89.163.145.170
ownercheck TXT "4b87cebc"
$TTL 120 ; 2 minutes
_acme-challenge TXT "nagXuRRPXr5qap349w8KtFHbSDOuhseozptmI3_yMG8"

23
zones/db.envs.tilde Normal file

@ -0,0 +1,23 @@
$TTL 28800 ; 8 hours
envs.tilde. IN SOA envs.net. root.envs.net. (
2019081805 ; Serial
10800 ; Refresh
3600 ; Retry
604800 ; Expire
28800 ) ; Negative Cache TTL
NS envs.net.
NS ns1.tildeverse.net.
NS ns2.tildeverse.net.
NS ns1.tildenic.org.
NS ns2.tildenic.org.
A 89.163.145.170
CAA 128 issue "letsencrypt.org"
SSHFP 1 1 2a3dbba3587d58c0e5ca18538fb740d4d46a147f
SSHFP 1 2 edd078ef499fce5ca186daa68e75dc888c69fa358b002898282dc413f6749458
SSHFP 3 1 a6af5e859aab4c5aefef799e0b5f4150bfca653a
SSHFP 3 2 5340ba48a19751f96f7b5ea6da5e0a58174b2c0456e8ef13886599b17014da2e
SSHFP 4 1 26c107e80a42c37290cf17e56571c5d0714da4ba
SSHFP 4 2 57e9974ec449fa37c9331c4f943ff6f1da56a2eba7b375aeab0a69bfaca4542f
$ORIGIN envs.tilde.
* A 89.163.145.170
ownercheck TXT "4b87cebc"