From af1a27b5201232c2976b1416615cabfa10438dc4 Mon Sep 17 00:00:00 2001
From: Valentin Samir <valentin.samir@crans.org>
Date: Thu, 13 Feb 2014 09:30:28 +0100
Subject: [PATCH] =?UTF-8?q?[dns]=20Blocage=20de=20teredo.ipv6.microsoft.co?=
 =?UTF-8?q?m=20pour=20emp=C3=AAcher=20windows=20de=20lancer=20un=20tunnel?=
 =?UTF-8?q?=20ipv6=20teredo?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Bundler/bind.xml                    |  1 +
 Python/etc/bind/db.loppsi.crans.org |  8 +++++---
 Python/etc/bind/db.rpz.crans.org    | 24 ++++++++++++++++++++++++
 Python/etc/bind/named.conf.local    |  5 +++++
 4 files changed, 35 insertions(+), 3 deletions(-)
 create mode 100644 Python/etc/bind/db.rpz.crans.org

diff --git a/Bundler/bind.xml b/Bundler/bind.xml
index 0f67201..e0775b9 100644
--- a/Bundler/bind.xml
+++ b/Bundler/bind.xml
@@ -4,6 +4,7 @@
   <Python name="/etc/bind/named.conf.local"/>
   <Python name="/etc/bind/named.conf.options"/>
   <Python name="/etc/bind/db.loppsi.crans.org"/>
+  <Python name="/etc/bind/db.rpz.crans.org"/>
   <Group name="dns-primary">
       <Python name="/etc/bind/named.conf.notify"/>
   </Group>
diff --git a/Python/etc/bind/db.loppsi.crans.org b/Python/etc/bind/db.loppsi.crans.org
index c3f4a83..c3babea 100644
--- a/Python/etc/bind/db.loppsi.crans.org
+++ b/Python/etc/bind/db.loppsi.crans.org
@@ -19,7 +19,9 @@ print """                                2386410401 ; serial
                                 3600       ; minimum (1 hour)
                                 )
                         NS      sable.crans.org.
-
-archive.ubuntu.com    CNAME charybde.crans.org.
-*.archive.ubuntu.com    CNAME charybde.crans.org. 
 """
+
+print "archive.ubuntu.com    CNAME charybde.crans.org."
+print "*.archive.ubuntu.com    CNAME charybde.crans.org."
+
+print "teredo.ipv6.microsoft.com CNAME ."
diff --git a/Python/etc/bind/db.rpz.crans.org b/Python/etc/bind/db.rpz.crans.org
new file mode 100644
index 0000000..e0b3010
--- /dev/null
+++ b/Python/etc/bind/db.rpz.crans.org
@@ -0,0 +1,24 @@
+# -*- mode: python; encoding: utf-8 -*-
+
+info["owner"] = "root"
+info["group"] = "bind"
+info["perms"] = 0644
+
+
+import config
+comment_start = ";"
+
+header("Zone pour la response policy pour les utilisateur courant")
+
+@$TTL 3600       ; 1 hour
+@@        IN SOA  sable.crans.org. root.crans.org. (
+print """                                2386410401 ; serial
+                                21600      ; refresh (6 hours)
+                                3600       ; retry (1 hour)
+                                1209600    ; expire (2 weeks)
+                                3600       ; minimum (1 hour)
+                                )
+                        NS      sable.crans.org.
+"""
+
+print "teredo.ipv6.microsoft.com CNAME ."
diff --git a/Python/etc/bind/named.conf.local b/Python/etc/bind/named.conf.local
index 91e9052..a020593 100644
--- a/Python/etc/bind/named.conf.local
+++ b/Python/etc/bind/named.conf.local
@@ -97,6 +97,11 @@ with view("default-view", "any") as v:
         v.p('include "/etc/bind/generated/zones_crans";')
     
     if has("dns-recursif") and not has("dns-secondary-no-forward"):
+        v.p('response-policy { zone "rpz.crans.org"; };')
+        with zone("rpz.crans.org", "master") as z:
+            z.p('file "/etc/bind/db.rpz.crans.org";')
+            z.p('allow-query {none;};')
+
         with zone("239.in-addr.arpa", "slave") as z:
             z.p('file "/etc/bind/generated/db.239.in-addr.arpa";')
             z.p('masters { %s; };' % config.dns.master_tv)