[dns] Blocage de teredo.ipv6.microsoft.com pour empêcher windows de lancer un tunnel ipv6 teredo

Bundler/bind.xml

@@ -4,6 +4,7 @@
   <Python name="/etc/bind/named.conf.local"/>
   <Python name="/etc/bind/named.conf.options"/>
   <Python name="/etc/bind/db.loppsi.crans.org"/>
+  <Python name="/etc/bind/db.rpz.crans.org"/>
   <Group name="dns-primary">
       <Python name="/etc/bind/named.conf.notify"/>
   </Group>

Python/etc/bind/db.loppsi.crans.org

@@ -19,7 +19,9 @@ print """                                2386410401 ; serial
                                 3600       ; minimum (1 hour)
                                 )
                         NS      sable.crans.org.
-
-archive.ubuntu.com    CNAME charybde.crans.org.
-*.archive.ubuntu.com    CNAME charybde.crans.org. 
 """
+
+print "archive.ubuntu.com    CNAME charybde.crans.org."
+print "*.archive.ubuntu.com    CNAME charybde.crans.org."
+
+print "teredo.ipv6.microsoft.com CNAME ."

Python/etc/bind/db.rpz.crans.org

@@ -0,0 +1,24 @@
+# -*- mode: python; encoding: utf-8 -*-
+
+info["owner"] = "root"
+info["group"] = "bind"
+info["perms"] = 0644
+
+
+import config
+comment_start = ";"
+
+header("Zone pour la response policy pour les utilisateur courant")
+
+@$TTL 3600       ; 1 hour
+@@        IN SOA  sable.crans.org. root.crans.org. (
+print """                                2386410401 ; serial
+                                21600      ; refresh (6 hours)
+                                3600       ; retry (1 hour)
+                                1209600    ; expire (2 weeks)
+                                3600       ; minimum (1 hour)
+                                )
+                        NS      sable.crans.org.
+"""
+
+print "teredo.ipv6.microsoft.com CNAME ."

Python/etc/bind/named.conf.local

@@ -97,6 +97,11 @@ with view("default-view", "any") as v:
         v.p('include "/etc/bind/generated/zones_crans";')
     
     if has("dns-recursif") and not has("dns-secondary-no-forward"):
+        v.p('response-policy { zone "rpz.crans.org"; };')
+        with zone("rpz.crans.org", "master") as z:
+            z.p('file "/etc/bind/db.rpz.crans.org";')
+            z.p('allow-query {none;};')
+
         with zone("239.in-addr.arpa", "slave") as z:
             z.p('file "/etc/bind/generated/db.239.in-addr.arpa";')
             z.p('masters { %s; };' % config.dns.master_tv)