[dns] Blocage de teredo.ipv6.microsoft.com pour empêcher windows de lancer un tunnel ipv6 teredo

2014-02-13 09:30:28 +01:00 · 2014-02-13 09:30:28 +01:00 · af1a27b520
commit af1a27b520
parent bc98d3accc
4 changed files with 35 additions and 3 deletions
--- a/Bundler/bind.xml
+++ b/Bundler/bind.xml
@ -4,6 +4,7 @@
  <Python name="/etc/bind/named.conf.local"/>
  <Python name="/etc/bind/named.conf.options"/>
  <Python name="/etc/bind/db.loppsi.crans.org"/>
+  <Python name="/etc/bind/db.rpz.crans.org"/>
  <Group name="dns-primary">
      <Python name="/etc/bind/named.conf.notify"/>
  </Group>
--- a/Python/etc/bind/db.loppsi.crans.org
+++ b/Python/etc/bind/db.loppsi.crans.org
@ -19,7 +19,9 @@ print """                                2386410401 ; serial
                                3600       ; minimum (1 hour)
                                )
                        NS      sable.crans.org.
-
-archive.ubuntu.com    CNAME charybde.crans.org.
-*.archive.ubuntu.com    CNAME charybde.crans.org. 
 """
+
+print "archive.ubuntu.com    CNAME charybde.crans.org."
+print "*.archive.ubuntu.com    CNAME charybde.crans.org."
+
+print "teredo.ipv6.microsoft.com CNAME ."
--- a/Python/etc/bind/db.rpz.crans.org
+++ b/Python/etc/bind/db.rpz.crans.org
@ -0,0 +1,24 @@
+# -*- mode: python; encoding: utf-8 -*-
+
+info["owner"] = "root"
+info["group"] = "bind"
+info["perms"] = 0644
+
+
+import config
+comment_start = ";"
+
+header("Zone pour la response policy pour les utilisateur courant")
+
+@$TTL 3600       ; 1 hour
+@@        IN SOA  sable.crans.org. root.crans.org. (
+print """                                2386410401 ; serial
+                                21600      ; refresh (6 hours)
+                                3600       ; retry (1 hour)
+                                1209600    ; expire (2 weeks)
+                                3600       ; minimum (1 hour)
+                                )
+                        NS      sable.crans.org.
+"""
+
+print "teredo.ipv6.microsoft.com CNAME ."
--- a/Python/etc/bind/named.conf.local
+++ b/Python/etc/bind/named.conf.local
@ -97,6 +97,11 @@ with view("default-view", "any") as v:
        v.p('include "/etc/bind/generated/zones_crans";')
    
    if has("dns-recursif") and not has("dns-secondary-no-forward"):
+        v.p('response-policy { zone "rpz.crans.org"; };')
+        with zone("rpz.crans.org", "master") as z:
+            z.p('file "/etc/bind/db.rpz.crans.org";')
+            z.p('allow-query {none;};')
+
        with zone("239.in-addr.arpa", "slave") as z:
            z.p('file "/etc/bind/generated/db.239.in-addr.arpa";')
            z.p('masters { %s; };' % config.dns.master_tv)