/alcasar.sh |
---|
1586,8 → 1586,6 |
[ -d /etc/unbound/conf.d/blackhole ] || mkdir /etc/unbound/conf.d/blackhole |
[ -d /var/log/unbound ] || { mkdir /var/log/unbound; chown unbound:unbound /var/log/unbound; } |
[ -e /etc/unbound/unbound.conf.default ] || cp /etc/unbound/unbound.conf /etc/unbound/unbound.conf.default |
# Local static DNS configuration |
[ -e /etc/unbound/conf.d/common/local-dns/global.conf ] || touch /etc/unbound/conf.d/common/local-dns/global.conf |
# Forward zone configuration file for all unbound dns servers |
cat << EOF > /etc/unbound/conf.d/common/forward-zone.conf |
1616,12 → 1614,9 |
# Configuration file of ALCASAR main domains for $INTIF |
cat << EOF > /etc/unbound/conf.d/common/local-dns/${INTIF}.conf |
server: |
local-zone: "$HOSTNAME.$DOMAIN" static |
local-zone: "$DOMAIN" static |
local-data: "$HOSTNAME.$DOMAIN A $PRIVATE_IP" |
local-zone: "$HOSTNAME" static |
local-data: "$HOSTNAME A $PRIVATE_IP" |
local-zone: "$DOMAIN." static |
local-data: "$DOMAIN. A" |
local-data-ptr: "$PRIVATE_IP $HOSTNAME.$DOMAIN" |
EOF |
# Configuration file for lo of forward unbound |
1629,13 → 1624,11 |
server: |
interface: 127.0.0.1@53 |
access-control-view: 127.0.0.1/8 lo |
view: |
name: "lo" |
local-zone: "$HOSTNAME.$DOMAIN" static |
local-zone: "$DOMAIN" static |
local-data: "$HOSTNAME.$DOMAIN A 127.0.0.1" |
local-zone: "$HOSTNAME" static |
local-data: "$HOSTNAME A 127.0.0.1" |
local-data-ptr "127.0.0.1 $HOSTNAME.$DOMAIN" |
view-first: yes |
EOF |
1644,17 → 1637,12 |
server: |
interface: ${PRIVATE_IP}@53 |
access-control-view: $PRIVATE_NETWORK_MASK $INTIF |
view: |
name: "$INTIF" |
local-zone: "$HOSTNAME.$DOMAIN" static |
local-data: "$HOSTNAME.$DOMAIN A $PRIVATE_IP" |
local-zone: "$HOSTNAME" static |
local-data: "$HOSTNAME A $PRIVATE_IP" |
view-first: yes |
EOF |
# Configuration file for forward unbound |
# Configuration file for main unbound |
cat << EOF > /etc/unbound/unbound.conf |
server: |
verbosity: 1 |
1730,7 → 1718,6 |
server: |
interface: ${PRIVATE_IP}@56 |
access-control-view: $PRIVATE_NETWORK_MASK $INTIF |
view: |
name: "$INTIF" |
local-zone: "." redirect |
/scripts/alcasar-conf.sh |
---|
370,7 → 370,6 |
# removing unbound configuration files |
rm -f /etc/unbound/conf.d/{forward,blacklist,whitelist,blackhole}/iface.* |
rm -f /etc/unbound/conf.d/common/forward-zone.conf |
find /etc/unbound/conf.d/common/local-dns/ ! -name "global.conf" -type f -delete |
# Configuration file for the dns servers forward-zone |
cat << EOF > /etc/unbound/conf.d/common/forward-zone.conf |
forward-zone: |
381,10 → 380,9 |
# Configuration file of ALCASAR main domains for $INTIF |
cat << EOF > /etc/unbound/conf.d/common/local-dns/${INTIF}.conf |
server: |
local-zone: "$HOSTNAME.$DOMAIN" static |
local-zone: "$DOMAIN" static |
local-data: "$HOSTNAME.$DOMAIN A $PRIVATE_IP" |
local-zone: "$HOSTNAME" static |
local-data: "$HOSTNAME A $PRIVATE_IP" |
local-data-ptr: "$PRIVATE_IP $HOSTNAME.$DOMAIN" |
EOF |
if [ "$HOSTNAME" != 'alcasar' ] |
then |
400,13 → 398,9 |
access-control-view: 127.0.0.1/8 lo |
view: |
name: "lo" |
local-zone: "$DOMAIN" static |
local-data: "$HOSTNAME.$DOMAIN A 127.0.0.1" |
view-first: yes |
local-zone: "$HOSTNAME.$DOMAIN" static |
local-data: "$HOSTNAME.$DOMAIN A 127.0.0.1" |
local-zone: "$HOSTNAME" static |
local-data: "$HOSTNAME A 127.0.0.1" |
local-zone: "$DOMAIN." static |
local-data: "$DOMAIN. A" |
EOF |
# Configuration file for $INTIF of forward |
cat << EOF > /etc/unbound/conf.d/forward/iface.${INTIF}.conf |
413,7 → 407,6 |
server: |
interface: ${PRIVATE_IP}@53 |
access-control-view: $PRIVATE_NETWORK_MASK $INTIF |
view: |
name: "$INTIF" |
view-first: yes |
/scripts/alcasar-dns-local.sh |
---|
13,14 → 13,15 |
ALCASAR_CONF_FILE="/usr/local/etc/alcasar.conf" |
LOCAL_DOMAIN_CONF_FILE="/etc/unbound/conf.d/common/local-forward/dns-redirector.conf" |
LOCAL_HOSTNAME_FILE="/etc/hosts" |
LOCAL_DNS_FILE="/etc/unbound/conf.d/common/local-dns/global.conf" |
# define DNS parameters (LAN side) |
INT_DNS_DOMAIN=`grep ^DOMAIN $ALCASAR_CONF_FILE|cut -d"=" -f2` |
INT_DNS_HOST=`grep ^HOSTNAME $ALCASAR_CONF_FILE|cut -d"=" -f2` |
INT_DNS_IP=`grep ^PRIVATE_IP $ALCASAR_CONF_FILE|cut -d"=" -f2|cut -d"/" -f1` |
INTIF=`grep ^INTIF $ALCASAR_CONF_FILE|cut -d"=" -f2` |
INT_DNS_ACTIVE=`grep INT_DNS_ACTIVE $ALCASAR_CONF_FILE|cut -d"=" -f2` |
LOCAL_DNS_FILE="/etc/unbound/conf.d/common/local-dns/$INTIF.conf" |
INT_DNS_DOMAIN=`grep INT_DNS_DOMAIN $ALCASAR_CONF_FILE|cut -d"=" -f2` # Nom du domaine DNS interne |
INT_DNS_IP=`grep INT_DNS_IP $ALCASAR_CONF_FILE|cut -d"=" -f2` # Adresse du serveur DNS interne |
INT_DNS_ACTIVE=`grep INT_DNS_ACTIVE $ALCASAR_CONF_FILE|cut -d"=" -f2` # Activation de la redirection DNS interne |
usage="Usage: alcasar-dns-local.sh {--on | -on} | {--off | -off} | {--add | -add} ip domain | {--del | -del} ip domain | {--reload | -reload}" |
nb_args=$# |
args=$1 |
38,18 → 39,20 |
} |
function hosts_to_unbound(){ |
# Empty the local DNS file |
echo "server:" > $LOCAL_DNS_FILE |
cat << EOF > $LOCAL_DNS_FILE |
server: |
local-zone: "$INT_DNS_DOMAIN" static |
local-data: "$INT_DNS_HOST.$INT_DNS_DOMAIN A $INT_DNS_IP" |
local-data-ptr: "$INT_DNS_IP $INT_DNS_HOST.$INT_DNS_DOMAIN" |
EOF |
while read -r line |
do |
ip_address=$(echo $line | awk '{ print $1 }') |
domain=$(echo $line | awk '{ print $2 }') |
if ! echo $line | grep -E -q "^([0-9\.\t ]+alcasar( |$)|127\.0\.0)" |
then |
echo -e "\tlocal-zone: \"$domain\" redirect" >> $LOCAL_DNS_FILE |
echo -e "\tlocal-data: \"$domain A $ip_address\"" >> $LOCAL_DNS_FILE |
echo -e "\tlocal-data: \"$domaini.$INT_DNS_DOMAIN A $ip_address\"" >> $LOCAL_DNS_FILE |
echo -e "\tlocal-data-ptr: \"$ip_address $domain.$INT_DNS_DOMAIN\"" >> $LOCAL_DNS_FILE |
fi |
done < $LOCAL_HOSTNAME_FILE |
} |