146 lines
2.8 KiB
Plaintext
146 lines
2.8 KiB
Plaintext
{{beinhaltet Abweichungen von der Realität}}
|
|
|
|
[[Server/freebert]] is gone!
|
|
|
|
== Hardware ==
|
|
|
|
Virtualisiert durch [[Server/freebert/FreeBSD]]
|
|
|
|
== Software ==
|
|
* FreeBSD Jail
|
|
* unbound (package im userland von freebsd 10)
|
|
|
|
== Verwendungszweck ==
|
|
* DNS Cache Server
|
|
(Backup DNS Cache läuft auf Flatbert LXC - Knot)
|
|
|
|
== JAIL: /etc/rc.conf ==
|
|
|
|
<source lang=bash>
|
|
### <--- Service // ---> ###
|
|
local_unbound_enable="YES"
|
|
### <--- // Service ---> ###
|
|
</source>
|
|
|
|
== JAIL: /etc/unbound/unbound.conf ==
|
|
|
|
<source lang=bash>
|
|
### ### ### C3D2 ### ### ###
|
|
#
|
|
server:
|
|
### < --- server // --- > ###
|
|
verbosity: 0
|
|
|
|
interface: 172.22.99.51
|
|
interface: 2001:4dd0:fb82:c3d2::51
|
|
|
|
outgoing-interface: 172.22.99.51
|
|
outgoing-interface: 2001:4dd0:fb82:c3d2::51
|
|
|
|
access-control: 0.0.0.0/0 allow
|
|
access-control: ::/0 allow
|
|
|
|
outgoing-port-permit: 1025-65535
|
|
outgoing-port-avoid: 0-1024
|
|
|
|
harden-large-queries: "yes"
|
|
harden-short-bufsize: "yes"
|
|
|
|
### statistics-interval: 60
|
|
|
|
logfile: "/var/unbound/unbound.log"
|
|
|
|
root-hints: "/var/unbound/named.cache"
|
|
auto-trust-anchor-file: "/var/unbound/root.key"
|
|
|
|
port: 53
|
|
|
|
do-ip4: yes
|
|
do-ip6: yes
|
|
do-udp: yes
|
|
do-tcp: yes
|
|
|
|
hide-identity: yes
|
|
hide-version: yes
|
|
harden-glue: yes
|
|
harden-dnssec-stripped: yes
|
|
|
|
use-caps-for-id: yes
|
|
|
|
cache-min-ttl: 300
|
|
cache-max-ttl: 86400
|
|
|
|
prefetch: yes
|
|
num-threads: 2
|
|
|
|
#max-udp-size: 512
|
|
edns-buffer-size: 512
|
|
|
|
# with libevent2
|
|
#outgoing-range: 8192
|
|
#num-queries-per-thread: 4096
|
|
outgoing-range: 32768
|
|
num-queries-per-thread: 16384
|
|
|
|
msg-cache-slabs: 8
|
|
rrset-cache-slabs: 8
|
|
infra-cache-slabs: 8
|
|
key-cache-slabs: 8
|
|
|
|
rrset-cache-size: 512m
|
|
msg-cache-size: 256m
|
|
|
|
so-rcvbuf: 1m
|
|
|
|
unwanted-reply-threshold: 10000
|
|
val-clean-additional: yes
|
|
### < --- // server --- > ###
|
|
|
|
python:
|
|
|
|
remote-control:
|
|
control-enable: yes
|
|
control-interface: 127.0.0.1
|
|
|
|
### < --- c3d2 // --- > ###
|
|
forward-zone:
|
|
name: "dn42"
|
|
forward-addr: 172.22.99.1
|
|
forward-addr: 2001:6f8:1194:c3d2::1
|
|
|
|
stub-zone:
|
|
name: "c3d2.de"
|
|
stub-host: "ns.c3d2.de"
|
|
stub-addr: 89.238.79.221
|
|
#stub-addr: 172.22.99.4
|
|
|
|
forward-zone:
|
|
name: "99.22.172.in-addr.arpa"
|
|
forward-addr: 172.22.99.1
|
|
forward-addr: 2001:4dd0:fb82:c3d2::1
|
|
forward-zone:
|
|
name: "100.22.172.in-addr.arpa"
|
|
forward-addr: 172.22.99.1
|
|
forward-addr: 2001:4dd0:fb82:c3d2::1
|
|
forward-zone:
|
|
name: "22.172.in-addr.arpa"
|
|
forward-addr: 172.22.99.1
|
|
forward-addr: 2001:4dd0:fb82:c3d2::1
|
|
### < --- // c3d2 --- > ###
|
|
|
|
# forward-zone:
|
|
# name: "."
|
|
# forward-addr: 213.73.91.35 # dnscache.berlin.ccc.de
|
|
# forward-addr: 74.82.42.42 # Hurricane Electric
|
|
# forward-addr: 4.2.2.4 # Level3 Verizon
|
|
#
|
|
### ### ### C3D2 ### ### ###
|
|
# EOF
|
|
</source>
|
|
|
|
== Log ==
|
|
* 26.04.2014 - da ohne libevent2, nur 1024 (465 random connections)
|
|
* 16.04.2014 - einfaches Basis Setup
|
|
|
|
[[Kategorie:Infrastruktur]]
|