diff --git a/siotp/sisr1/tp03/srv-admin/interfaces b/siotp/sisr1/tp03/srv-admin/interfaces new file mode 100644 index 0000000..19d75e1 --- /dev/null +++ b/siotp/sisr1/tp03/srv-admin/interfaces @@ -0,0 +1,23 @@ +# This file describes the network interfaces available on your system +# and how to activate them. For more information, see interfaces(5). + +source /etc/network/interfaces.d/* + +# The loopback network interface +auto lo +iface lo inet loopback + +# interface fixe +auto enp0s3 +iface enp0s3 inet static + address 192.168.0.140/24 + gateway 192.168.0.1 + +# interface interne fix +auto enp0s8 +iface enp0s8 inet dhcp +# address 172.16.0.254/24 + +# interface interne dhcp +#allow-hotplug enp0s8 +#iface enp0s8 inet dhcp diff --git a/siotp/sisr1/tp03/srv-admin/nat.sh b/siotp/sisr1/tp03/srv-admin/nat.sh new file mode 100644 index 0000000..0e2bf58 --- /dev/null +++ b/siotp/sisr1/tp03/srv-admin/nat.sh @@ -0,0 +1,6 @@ +#!/bin/bash +sysctl net.ipv4.ip_forward=1 +nft add table basic_nat_table +nft add chain basic_nat_table prerouting {type nat hook prerouting priority 0\; } +nft add chain basic_nat_table postrouting {type nat hook postrouting priority 0\; } +nft add rule basic_nat_table postrouting masquerade diff --git a/siotp/sisr1/tp03/srv-dns2/bind/bind.keys b/siotp/sisr1/tp03/srv-dns2/bind/bind.keys new file mode 100644 index 0000000..1ac4a56 --- /dev/null +++ b/siotp/sisr1/tp03/srv-dns2/bind/bind.keys @@ -0,0 +1,49 @@ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +# The bind.keys file is used to override the built-in DNSSEC trust anchors +# which are included as part of BIND 9. The only trust anchors it contains +# are for the DNS root zone ("."). Trust anchors for any other zones MUST +# be configured elsewhere; if they are configured here, they will not be +# recognized or used by named. +# +# To use the built-in root key, set "dnssec-validation auto;" in the +# named.conf options, or else leave "dnssec-validation" unset. If +# "dnssec-validation" is set to "yes", then the keys in this file are +# ignored; keys will need to be explicitly configured in named.conf for +# validation to work. "auto" is the default setting, unless named is +# built with "configure --disable-auto-validation", in which case the +# default is "yes". +# +# This file is NOT expected to be user-configured. +# +# Servers being set up for the first time can use the contents of this file +# as initializing keys; thereafter, the keys in the managed key database +# will be trusted and maintained automatically. +# +# These keys are current as of Mar 2019. If any key fails to initialize +# correctly, it may have expired. In that event you should replace this +# file with a current version. The latest version of bind.keys can always +# be obtained from ISC at https://www.isc.org/bind-keys. +# +# See https://data.iana.org/root-anchors/root-anchors.xml for current trust +# anchor information for the root zone. + +trust-anchors { + # This key (20326) was published in the root zone in 2017. + . initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3 + +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv + ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF + 0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e + oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd + RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN + R1AkUTV74bU="; +}; diff --git a/siotp/sisr1/tp03/srv-dns2/bind/db.0 b/siotp/sisr1/tp03/srv-dns2/bind/db.0 new file mode 100644 index 0000000..0cbfc38 --- /dev/null +++ b/siotp/sisr1/tp03/srv-dns2/bind/db.0 @@ -0,0 +1,12 @@ +; +; BIND reverse data file for "this host on this network" zone +; +$TTL 604800 +@ IN SOA localhost. root.localhost. ( + 1 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL +; +@ IN NS localhost. diff --git a/siotp/sisr1/tp03/srv-dns2/bind/db.127 b/siotp/sisr1/tp03/srv-dns2/bind/db.127 new file mode 100644 index 0000000..cd05bef --- /dev/null +++ b/siotp/sisr1/tp03/srv-dns2/bind/db.127 @@ -0,0 +1,13 @@ +; +; BIND reverse data file for local loopback interface +; +$TTL 604800 +@ IN SOA localhost. root.localhost. ( + 1 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL +; +@ IN NS localhost. +1.0.0 IN PTR localhost. diff --git a/siotp/sisr1/tp03/srv-dns2/bind/db.255 b/siotp/sisr1/tp03/srv-dns2/bind/db.255 new file mode 100644 index 0000000..e3aabdb --- /dev/null +++ b/siotp/sisr1/tp03/srv-dns2/bind/db.255 @@ -0,0 +1,12 @@ +; +; BIND reverse data file for broadcast zone +; +$TTL 604800 +@ IN SOA localhost. root.localhost. ( + 1 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL +; +@ IN NS localhost. diff --git a/siotp/sisr1/tp03/srv-dns2/bind/db.empty b/siotp/sisr1/tp03/srv-dns2/bind/db.empty new file mode 100644 index 0000000..8a12858 --- /dev/null +++ b/siotp/sisr1/tp03/srv-dns2/bind/db.empty @@ -0,0 +1,14 @@ +; BIND reverse data file for empty rfc1918 zone +; +; DO NOT EDIT THIS FILE - it is used for multiple zones. +; Instead, copy it, edit named.conf, and use that copy. +; +$TTL 86400 +@ IN SOA localhost. root.localhost. ( + 1 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 86400 ) ; Negative Cache TTL +; +@ IN NS localhost. diff --git a/siotp/sisr1/tp03/srv-dns2/bind/db.local b/siotp/sisr1/tp03/srv-dns2/bind/db.local new file mode 100644 index 0000000..2f272d4 --- /dev/null +++ b/siotp/sisr1/tp03/srv-dns2/bind/db.local @@ -0,0 +1,14 @@ +; +; BIND data file for local loopback interface +; +$TTL 604800 +@ IN SOA localhost. root.localhost. ( + 2 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL +; +@ IN NS localhost. +@ IN A 127.0.0.1 +@ IN AAAA ::1 diff --git a/siotp/sisr1/tp03/srv-dns2/bind/db.monlabo.lan b/siotp/sisr1/tp03/srv-dns2/bind/db.monlabo.lan new file mode 100644 index 0000000..c7191cd --- /dev/null +++ b/siotp/sisr1/tp03/srv-dns2/bind/db.monlabo.lan @@ -0,0 +1,26 @@ +$ORIGIN . +$TTL 604800 ; 1 week +monlabo.lan IN SOA dns1.monlabo.lan. root.monlabo.lan. ( + 2 ; serial + 604800 ; refresh (1 week) + 86400 ; retry (1 day) + 2419200 ; expire (4 weeks) + 604800 ; minimum (1 week) + ) + NS srv-dns2.monlabo.lan. + NS srv-service.monlabo.lan. + A 172.16.0.1 +$ORIGIN monlabo.lan. +dhcp CNAME srv-service +dns CNAME srv-service +dns1 CNAME srv-service +dns2 CNAME srv-dns2 +router CNAME srv-admin-jp +srv-admin-jp A 172.16.0.254 +srv-dns2 A 172.16.0.2 +srv-service A 172.16.0.1 +srvadmin CNAME srv-admin-jp +srvdhcp CNAME srv-service +srvdns CNAME srv-service +srvdns1 CNAME srv-service +srvdns2 CNAME srv-dns2 diff --git a/siotp/sisr1/tp03/srv-dns2/bind/db.monlabo.lan.rev b/siotp/sisr1/tp03/srv-dns2/bind/db.monlabo.lan.rev new file mode 100644 index 0000000..b41e532 --- /dev/null +++ b/siotp/sisr1/tp03/srv-dns2/bind/db.monlabo.lan.rev @@ -0,0 +1,18 @@ +$ORIGIN . +$TTL 604800 ; 1 week +0.16.172.in-addr.arpa IN SOA dns1.monlabo.lan. root.monlabo.lan. ( + 2 ; serial + 604800 ; refresh (1 week) + 86400 ; retry (1 day) + 2419200 ; expire (4 weeks) + 604800 ; minimum (1 week) + ) + NS srv-dns2.monlabo.lan. + NS srv-service.monlabo.lan. + A 172.16.0.1 +$ORIGIN 0.16.172.in-addr.arpa. +1 PTR srv-service.monlabo.lan +2 PTR srv-dns2.monlabo.lan +254 PTR srv-admin-jp.monlabo.lan +srv-dns2 A 172.16.0.2 +srv-service A 172.16.0.1 diff --git a/siotp/sisr1/tp03/srv-dns2/bind/named.conf b/siotp/sisr1/tp03/srv-dns2/bind/named.conf new file mode 100644 index 0000000..bc71baa --- /dev/null +++ b/siotp/sisr1/tp03/srv-dns2/bind/named.conf @@ -0,0 +1,11 @@ +// This is the primary configuration file for the BIND DNS server named. +// +// Please read /usr/share/doc/bind9/README.Debian for information on the +// structure of BIND configuration files in Debian, *BEFORE* you customize +// this configuration file. +// +// If you are just adding zones, please do that in /etc/bind/named.conf.local + +include "/etc/bind/named.conf.options"; +include "/etc/bind/named.conf.local"; +include "/etc/bind/named.conf.default-zones"; diff --git a/siotp/sisr1/tp03/srv-dns2/bind/named.conf.default-zones b/siotp/sisr1/tp03/srv-dns2/bind/named.conf.default-zones new file mode 100644 index 0000000..1a85ad3 --- /dev/null +++ b/siotp/sisr1/tp03/srv-dns2/bind/named.conf.default-zones @@ -0,0 +1,30 @@ +// prime the server with knowledge of the root servers +zone "." { + type hint; + file "/usr/share/dns/root.hints"; +}; + +// be authoritative for the localhost forward and reverse zones, and for +// broadcast zones as per RFC 1912 + +zone "localhost" { + type master; + file "/etc/bind/db.local"; +}; + +zone "127.in-addr.arpa" { + type master; + file "/etc/bind/db.127"; +}; + +zone "0.in-addr.arpa" { + type master; + file "/etc/bind/db.0"; +}; + +zone "255.in-addr.arpa" { + type master; + file "/etc/bind/db.255"; +}; + + diff --git a/siotp/sisr1/tp03/srv-dns2/bind/named.conf.local b/siotp/sisr1/tp03/srv-dns2/bind/named.conf.local new file mode 100644 index 0000000..98c4b21 --- /dev/null +++ b/siotp/sisr1/tp03/srv-dns2/bind/named.conf.local @@ -0,0 +1,24 @@ +// +// Do any local configuration here +// + +// Consider adding the 1918 zones here, if they are not used in your +// organization +//include "/etc/bind/zones.rfc1918"; + +// zone directe +zone "monlabo.lan" { + type slave; + file "/etc/bind/db.monlabo.lan"; + masters { 172.16.0.1; }; + masterfile-format text; +}; + +// zone inverse +zone "0.16.172.in-addr.arpa" { + type slave; + notify no; + file "/etc/bind/db.monlabo.lan.rev"; + masters { 172.16.0.1; }; + masterfile-format text; +}; diff --git a/siotp/sisr1/tp03/srv-dns2/bind/named.conf.options b/siotp/sisr1/tp03/srv-dns2/bind/named.conf.options new file mode 100644 index 0000000..e96cee1 --- /dev/null +++ b/siotp/sisr1/tp03/srv-dns2/bind/named.conf.options @@ -0,0 +1,25 @@ +options { + directory "/var/cache/bind"; + + // If there is a firewall between you and nameservers you want + // to talk to, you may need to fix the firewall to allow multiple + // ports to talk. See http://www.kb.cert.org/vuls/id/800113 + + // If your ISP provided one or more IP addresses for stable + // nameservers, you probably want to use them as forwarders. + // Uncomment the following block, and insert the addresses replacing + // the all-0's placeholder. + + forwarders { + 10.121.38.7; + 10.121.38.8; + }; + + //======================================================================== + // If BIND logs error messages about the root key being expired, + // you will need to update your keys. See https://www.isc.org/bind-keys + //======================================================================== + dnssec-validation auto; + + listen-on-v6 { any; }; +}; diff --git a/siotp/sisr1/tp03/srv-dns2/bind/rndc.key b/siotp/sisr1/tp03/srv-dns2/bind/rndc.key new file mode 100644 index 0000000..1a82d76 --- /dev/null +++ b/siotp/sisr1/tp03/srv-dns2/bind/rndc.key @@ -0,0 +1,4 @@ +key "rndc-key" { + algorithm hmac-sha256; + secret "C/azJIH5/7/DBUhUhHEiAHwFRLq05tihHxBOwY/bnD8="; +}; diff --git a/siotp/sisr1/tp03/srv-dns2/bind/zones.rfc1918 b/siotp/sisr1/tp03/srv-dns2/bind/zones.rfc1918 new file mode 100644 index 0000000..03b5546 --- /dev/null +++ b/siotp/sisr1/tp03/srv-dns2/bind/zones.rfc1918 @@ -0,0 +1,20 @@ +zone "10.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; + +zone "16.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "17.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "18.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "19.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "20.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "21.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "22.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "23.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "24.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "25.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "26.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "27.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "28.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "29.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "30.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "31.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; + +zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; diff --git a/siotp/sisr1/tp03/srv-service/bind/bind.keys b/siotp/sisr1/tp03/srv-service/bind/bind.keys new file mode 100644 index 0000000..1ac4a56 --- /dev/null +++ b/siotp/sisr1/tp03/srv-service/bind/bind.keys @@ -0,0 +1,49 @@ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +# The bind.keys file is used to override the built-in DNSSEC trust anchors +# which are included as part of BIND 9. The only trust anchors it contains +# are for the DNS root zone ("."). Trust anchors for any other zones MUST +# be configured elsewhere; if they are configured here, they will not be +# recognized or used by named. +# +# To use the built-in root key, set "dnssec-validation auto;" in the +# named.conf options, or else leave "dnssec-validation" unset. If +# "dnssec-validation" is set to "yes", then the keys in this file are +# ignored; keys will need to be explicitly configured in named.conf for +# validation to work. "auto" is the default setting, unless named is +# built with "configure --disable-auto-validation", in which case the +# default is "yes". +# +# This file is NOT expected to be user-configured. +# +# Servers being set up for the first time can use the contents of this file +# as initializing keys; thereafter, the keys in the managed key database +# will be trusted and maintained automatically. +# +# These keys are current as of Mar 2019. If any key fails to initialize +# correctly, it may have expired. In that event you should replace this +# file with a current version. The latest version of bind.keys can always +# be obtained from ISC at https://www.isc.org/bind-keys. +# +# See https://data.iana.org/root-anchors/root-anchors.xml for current trust +# anchor information for the root zone. + +trust-anchors { + # This key (20326) was published in the root zone in 2017. + . initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3 + +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv + ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF + 0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e + oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd + RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN + R1AkUTV74bU="; +}; diff --git a/siotp/sisr1/tp03/srv-service/bind/db.0 b/siotp/sisr1/tp03/srv-service/bind/db.0 new file mode 100644 index 0000000..0cbfc38 --- /dev/null +++ b/siotp/sisr1/tp03/srv-service/bind/db.0 @@ -0,0 +1,12 @@ +; +; BIND reverse data file for "this host on this network" zone +; +$TTL 604800 +@ IN SOA localhost. root.localhost. ( + 1 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL +; +@ IN NS localhost. diff --git a/siotp/sisr1/tp03/srv-service/bind/db.127 b/siotp/sisr1/tp03/srv-service/bind/db.127 new file mode 100644 index 0000000..cd05bef --- /dev/null +++ b/siotp/sisr1/tp03/srv-service/bind/db.127 @@ -0,0 +1,13 @@ +; +; BIND reverse data file for local loopback interface +; +$TTL 604800 +@ IN SOA localhost. root.localhost. ( + 1 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL +; +@ IN NS localhost. +1.0.0 IN PTR localhost. diff --git a/siotp/sisr1/tp03/srv-service/bind/db.255 b/siotp/sisr1/tp03/srv-service/bind/db.255 new file mode 100644 index 0000000..e3aabdb --- /dev/null +++ b/siotp/sisr1/tp03/srv-service/bind/db.255 @@ -0,0 +1,12 @@ +; +; BIND reverse data file for broadcast zone +; +$TTL 604800 +@ IN SOA localhost. root.localhost. ( + 1 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL +; +@ IN NS localhost. diff --git a/siotp/sisr1/tp03/srv-service/bind/db.empty b/siotp/sisr1/tp03/srv-service/bind/db.empty new file mode 100644 index 0000000..8a12858 --- /dev/null +++ b/siotp/sisr1/tp03/srv-service/bind/db.empty @@ -0,0 +1,14 @@ +; BIND reverse data file for empty rfc1918 zone +; +; DO NOT EDIT THIS FILE - it is used for multiple zones. +; Instead, copy it, edit named.conf, and use that copy. +; +$TTL 86400 +@ IN SOA localhost. root.localhost. ( + 1 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 86400 ) ; Negative Cache TTL +; +@ IN NS localhost. diff --git a/siotp/sisr1/tp03/srv-service/bind/db.local b/siotp/sisr1/tp03/srv-service/bind/db.local new file mode 100644 index 0000000..2f272d4 --- /dev/null +++ b/siotp/sisr1/tp03/srv-service/bind/db.local @@ -0,0 +1,14 @@ +; +; BIND data file for local loopback interface +; +$TTL 604800 +@ IN SOA localhost. root.localhost. ( + 2 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL +; +@ IN NS localhost. +@ IN A 127.0.0.1 +@ IN AAAA ::1 diff --git a/siotp/sisr1/tp03/srv-service/bind/db.monlabo.lan b/siotp/sisr1/tp03/srv-service/bind/db.monlabo.lan new file mode 100644 index 0000000..2fc66e6 --- /dev/null +++ b/siotp/sisr1/tp03/srv-service/bind/db.monlabo.lan @@ -0,0 +1,29 @@ +; +; BIND data file for local loopback interface +; +$TTL 604800 +@ IN SOA dns1.monlabo.lan. root.monlabo.lan. ( + 2 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL +; +@ IN NS srv-service.monlabo.lan. + IN NS srv-dns2.monlabo.lan. + IN A 172.16.0.1 +srv-dns2 IN A 172.16.0.2 +srv-service IN A 172.16.0.1 +srv-admin-jp IN A 172.16.0.254 + + +dhcp IN CNAME srv-service +srvdns IN CNAME srv-service +srvdns1 IN CNAME srv-service +srvdhcp IN CNAME srv-service +dns IN CNAME srv-service +dns1 IN CNAME srv-service +dns2 IN CNAME srv-dns2 +srvdns2 IN CNAME srv-dns2 +srvadmin IN CNAME srv-admin-jp +router IN CNAME srv-admin-jp diff --git a/siotp/sisr1/tp03/srv-service/bind/db.monlabo.lan.rev b/siotp/sisr1/tp03/srv-service/bind/db.monlabo.lan.rev new file mode 100644 index 0000000..eef1fc1 --- /dev/null +++ b/siotp/sisr1/tp03/srv-service/bind/db.monlabo.lan.rev @@ -0,0 +1,21 @@ +; +; BIND data file for local loopback interface +; +$TTL 604800 +@ IN SOA dns1.monlabo.lan. root.monlabo.lan. ( + 2 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL +; +@ IN NS srv-service.monlabo.lan. + IN NS srv-dns2.monlabo.lan. + IN A 172.16.0.1 +srv-dns2 IN A 172.16.0.2 +srv-service IN A 172.16.0.1 +;deb-dns2-jp IN A 192.168.0.142 + +1 IN PTR srv-service.monlabo.lan +254 IN PTR srv-admin-jp.monlabo.lan +2 IN PTR srv-dns2.monlabo.lan diff --git a/siotp/sisr1/tp03/srv-service/bind/named.conf b/siotp/sisr1/tp03/srv-service/bind/named.conf new file mode 100644 index 0000000..bc71baa --- /dev/null +++ b/siotp/sisr1/tp03/srv-service/bind/named.conf @@ -0,0 +1,11 @@ +// This is the primary configuration file for the BIND DNS server named. +// +// Please read /usr/share/doc/bind9/README.Debian for information on the +// structure of BIND configuration files in Debian, *BEFORE* you customize +// this configuration file. +// +// If you are just adding zones, please do that in /etc/bind/named.conf.local + +include "/etc/bind/named.conf.options"; +include "/etc/bind/named.conf.local"; +include "/etc/bind/named.conf.default-zones"; diff --git a/siotp/sisr1/tp03/srv-service/bind/named.conf.default-zones b/siotp/sisr1/tp03/srv-service/bind/named.conf.default-zones new file mode 100644 index 0000000..1a85ad3 --- /dev/null +++ b/siotp/sisr1/tp03/srv-service/bind/named.conf.default-zones @@ -0,0 +1,30 @@ +// prime the server with knowledge of the root servers +zone "." { + type hint; + file "/usr/share/dns/root.hints"; +}; + +// be authoritative for the localhost forward and reverse zones, and for +// broadcast zones as per RFC 1912 + +zone "localhost" { + type master; + file "/etc/bind/db.local"; +}; + +zone "127.in-addr.arpa" { + type master; + file "/etc/bind/db.127"; +}; + +zone "0.in-addr.arpa" { + type master; + file "/etc/bind/db.0"; +}; + +zone "255.in-addr.arpa" { + type master; + file "/etc/bind/db.255"; +}; + + diff --git a/siotp/sisr1/tp03/srv-service/bind/named.conf.local b/siotp/sisr1/tp03/srv-service/bind/named.conf.local new file mode 100644 index 0000000..7af08f1 --- /dev/null +++ b/siotp/sisr1/tp03/srv-service/bind/named.conf.local @@ -0,0 +1,20 @@ +// +// Do any local configuration here +// + +// Consider adding the 1918 zones here, if they are not used in your +// organization +//include "/etc/bind/zones.rfc1918"; + +// Zone directe + zone "monlabo.lan" { + type master; + file "/etc/bind/db.monlabo.lan"; +}; + +// Zone inverse + zone "0.16.172.in-addr.arpa" { + type master; + notify no; + file "/etc/bind/db.monlabo.lan.rev"; +}; diff --git a/siotp/sisr1/tp03/srv-service/bind/named.conf.options b/siotp/sisr1/tp03/srv-service/bind/named.conf.options new file mode 100644 index 0000000..8a762c2 --- /dev/null +++ b/siotp/sisr1/tp03/srv-service/bind/named.conf.options @@ -0,0 +1,25 @@ +options { + directory "/var/cache/bind"; + + // If there is a firewall between you and nameservers you want + // to talk to, you may need to fix the firewall to allow multiple + // ports to talk. See http://www.kb.cert.org/vuls/id/800113 + + // If your ISP provided one or more IP addresses for stable + // nameservers, you probably want to use them as forwarders. + // Uncomment the following block, and insert the addresses replacing + // the all-0's placeholder. + + forwarders { + 10.121.38.7; + 10.121.38.8; + }; + + //======================================================================== + // If BIND logs error messages about the root key being expired, + // you will need to update your keys. See https://www.isc.org/bind-keys + //======================================================================== + dnssec-validation auto; + + listen-on-v6 { any; }; +}; diff --git a/siotp/sisr1/tp03/srv-service/bind/rndc.key b/siotp/sisr1/tp03/srv-service/bind/rndc.key new file mode 100644 index 0000000..a075aca --- /dev/null +++ b/siotp/sisr1/tp03/srv-service/bind/rndc.key @@ -0,0 +1,4 @@ +key "rndc-key" { + algorithm hmac-sha256; + secret "pCk7cjxsoyGvlKs1CS5mmuSD1PtUGwdT0hrspqBYUT0="; +}; diff --git a/siotp/sisr1/tp03/srv-service/bind/zones.rfc1918 b/siotp/sisr1/tp03/srv-service/bind/zones.rfc1918 new file mode 100644 index 0000000..03b5546 --- /dev/null +++ b/siotp/sisr1/tp03/srv-service/bind/zones.rfc1918 @@ -0,0 +1,20 @@ +zone "10.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; + +zone "16.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "17.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "18.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "19.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "20.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "21.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "22.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "23.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "24.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "25.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "26.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "27.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "28.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "29.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "30.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "31.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; + +zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; diff --git a/siotp/sisr1/tp03/srv-service/dhcp/debug b/siotp/sisr1/tp03/srv-service/dhcp/debug new file mode 100644 index 0000000..593e7df --- /dev/null +++ b/siotp/sisr1/tp03/srv-service/dhcp/debug @@ -0,0 +1,38 @@ +# +# The purpose of this script is just to show the variables that are +# available to all the scripts in this directory. All these scripts are +# called from dhclient-script, which exports all the variables shown +# before. If you want to debug a problem with your DHCP setup you can +# enable this script and take a look at /tmp/dhclient-script.debug. + +# To enable this script set the following variable to "yes" +RUN="no" + +if [ "$RUN" = "yes" ]; then + echo "$(date): entering ${1%/*}, dumping variables." \ + >> /tmp/dhclient-script.debug + + # loop over the 4 possible prefixes: (empty), cur_, new_, old_ + for prefix in '' 'cur_' 'new_' 'old_'; do + # loop over the DHCP variables passed to dhclient-script + for basevar in reason interface medium alias_ip_address \ + ip_address host_name network_number subnet_mask \ + broadcast_address routers static_routes \ + rfc3442_classless_static_routes \ + domain_name domain_search domain_name_servers \ + netbios_name_servers netbios_scope \ + ntp_servers \ + ip6_address ip6_prefix ip6_prefixlen \ + dhcp6_domain_search dhcp6_name_servers ; do + var="${prefix}${basevar}" + eval "content=\$$var" + + # show only variables with values set + if [ -n "${content}" ]; then + echo "$var='${content}'" >> /tmp/dhclient-script.debug + fi + done + done + + echo '--------------------------' >> /tmp/dhclient-script.debug +fi diff --git a/siotp/sisr1/tp03/srv-service/dhcp/dhclient-enter-hooks.d/debug b/siotp/sisr1/tp03/srv-service/dhcp/dhclient-enter-hooks.d/debug new file mode 100644 index 0000000..593e7df --- /dev/null +++ b/siotp/sisr1/tp03/srv-service/dhcp/dhclient-enter-hooks.d/debug @@ -0,0 +1,38 @@ +# +# The purpose of this script is just to show the variables that are +# available to all the scripts in this directory. All these scripts are +# called from dhclient-script, which exports all the variables shown +# before. If you want to debug a problem with your DHCP setup you can +# enable this script and take a look at /tmp/dhclient-script.debug. + +# To enable this script set the following variable to "yes" +RUN="no" + +if [ "$RUN" = "yes" ]; then + echo "$(date): entering ${1%/*}, dumping variables." \ + >> /tmp/dhclient-script.debug + + # loop over the 4 possible prefixes: (empty), cur_, new_, old_ + for prefix in '' 'cur_' 'new_' 'old_'; do + # loop over the DHCP variables passed to dhclient-script + for basevar in reason interface medium alias_ip_address \ + ip_address host_name network_number subnet_mask \ + broadcast_address routers static_routes \ + rfc3442_classless_static_routes \ + domain_name domain_search domain_name_servers \ + netbios_name_servers netbios_scope \ + ntp_servers \ + ip6_address ip6_prefix ip6_prefixlen \ + dhcp6_domain_search dhcp6_name_servers ; do + var="${prefix}${basevar}" + eval "content=\$$var" + + # show only variables with values set + if [ -n "${content}" ]; then + echo "$var='${content}'" >> /tmp/dhclient-script.debug + fi + done + done + + echo '--------------------------' >> /tmp/dhclient-script.debug +fi diff --git a/siotp/sisr1/tp03/srv-service/dhcp/dhclient-exit-hooks.d/debug b/siotp/sisr1/tp03/srv-service/dhcp/dhclient-exit-hooks.d/debug new file mode 100644 index 0000000..593e7df --- /dev/null +++ b/siotp/sisr1/tp03/srv-service/dhcp/dhclient-exit-hooks.d/debug @@ -0,0 +1,38 @@ +# +# The purpose of this script is just to show the variables that are +# available to all the scripts in this directory. All these scripts are +# called from dhclient-script, which exports all the variables shown +# before. If you want to debug a problem with your DHCP setup you can +# enable this script and take a look at /tmp/dhclient-script.debug. + +# To enable this script set the following variable to "yes" +RUN="no" + +if [ "$RUN" = "yes" ]; then + echo "$(date): entering ${1%/*}, dumping variables." \ + >> /tmp/dhclient-script.debug + + # loop over the 4 possible prefixes: (empty), cur_, new_, old_ + for prefix in '' 'cur_' 'new_' 'old_'; do + # loop over the DHCP variables passed to dhclient-script + for basevar in reason interface medium alias_ip_address \ + ip_address host_name network_number subnet_mask \ + broadcast_address routers static_routes \ + rfc3442_classless_static_routes \ + domain_name domain_search domain_name_servers \ + netbios_name_servers netbios_scope \ + ntp_servers \ + ip6_address ip6_prefix ip6_prefixlen \ + dhcp6_domain_search dhcp6_name_servers ; do + var="${prefix}${basevar}" + eval "content=\$$var" + + # show only variables with values set + if [ -n "${content}" ]; then + echo "$var='${content}'" >> /tmp/dhclient-script.debug + fi + done + done + + echo '--------------------------' >> /tmp/dhclient-script.debug +fi diff --git a/siotp/sisr1/tp03/srv-service/dhcp/dhclient-exit-hooks.d/rfc3442-classless-routes b/siotp/sisr1/tp03/srv-service/dhcp/dhclient-exit-hooks.d/rfc3442-classless-routes new file mode 100644 index 0000000..1ef7b8a --- /dev/null +++ b/siotp/sisr1/tp03/srv-service/dhcp/dhclient-exit-hooks.d/rfc3442-classless-routes @@ -0,0 +1,78 @@ +# set classless routes based on the format specified in RFC3442 +# e.g.: +# new_rfc3442_classless_static_routes='24 192 168 10 192 168 1 1 8 10 10 17 66 41' +# specifies the routes: +# 192.168.10.0/24 via 192.168.1.1 +# 10.0.0.0/8 via 10.10.17.66.41 + +RUN="yes" + + +if [ "$RUN" = "yes" ]; then + if [ -n "$new_rfc3442_classless_static_routes" ]; then + if [ "$reason" = "BOUND" ] || [ "$reason" = "REBOOT" ]; then + + set -- $new_rfc3442_classless_static_routes + + while [ $# -gt 0 ]; do + net_length=$1 + via_arg='' + + case $net_length in + 32|31|30|29|28|27|26|25) + if [ $# -lt 9 ]; then + return 1 + fi + net_address="${2}.${3}.${4}.${5}" + gateway="${6}.${7}.${8}.${9}" + shift 9 + ;; + 24|23|22|21|20|19|18|17) + if [ $# -lt 8 ]; then + return 1 + fi + net_address="${2}.${3}.${4}.0" + gateway="${5}.${6}.${7}.${8}" + shift 8 + ;; + 16|15|14|13|12|11|10|9) + if [ $# -lt 7 ]; then + return 1 + fi + net_address="${2}.${3}.0.0" + gateway="${4}.${5}.${6}.${7}" + shift 7 + ;; + 8|7|6|5|4|3|2|1) + if [ $# -lt 6 ]; then + return 1 + fi + net_address="${2}.0.0.0" + gateway="${3}.${4}.${5}.${6}" + shift 6 + ;; + 0) # default route + if [ $# -lt 5 ]; then + return 1 + fi + net_address="0.0.0.0" + gateway="${2}.${3}.${4}.${5}" + shift 5 + ;; + *) # error + return 1 + ;; + esac + + # take care of link-local routes + if [ "${gateway}" != '0.0.0.0' ]; then + via_arg="via ${gateway}" + fi + + # set route (ip detects host routes automatically) + ip -4 route add "${net_address}/${net_length}" \ + ${via_arg} dev "${interface}" >/dev/null 2>&1 + done + fi + fi +fi diff --git a/siotp/sisr1/tp03/srv-service/dhcp/dhclient-exit-hooks.d/timesyncd b/siotp/sisr1/tp03/srv-service/dhcp/dhclient-exit-hooks.d/timesyncd new file mode 100644 index 0000000..bb98cab --- /dev/null +++ b/siotp/sisr1/tp03/srv-service/dhcp/dhclient-exit-hooks.d/timesyncd @@ -0,0 +1,52 @@ +TIMESYNCD_CONF=/run/systemd/timesyncd.conf.d/01-dhclient.conf + +timesyncd_servers_setup_remove() { + if [ ! -d /run/systemd/system ]; then + return + fi + if [ ! -x /lib/systemd/systemd-timesyncd ]; then + return + fi + + if [ -e $TIMESYNCD_CONF ]; then + rm -f $TIMESYNCD_CONF + systemctl try-restart systemd-timesyncd.service || true + fi +} + +timesyncd_servers_setup_add() { + if [ ! -d /run/systemd/system ]; then + return + fi + if [ ! -x /lib/systemd/systemd-timesyncd ]; then + return + fi + + if [ -e $TIMESYNCD_CONF ] && [ "$new_ntp_servers" = "$old_ntp_servers" ]; then + return + fi + + if [ -z "$new_ntp_servers" ]; then + timesyncd_servers_setup_remove + return + fi + + mkdir -p $(dirname $TIMESYNCD_CONF) + cat < ${TIMESYNCD_CONF}.new +# NTP server entries received from DHCP server +[Time] +NTP=$new_ntp_servers +EOF + mv ${TIMESYNCD_CONF}.new ${TIMESYNCD_CONF} + systemctl try-restart systemd-timesyncd.service || true +} + + +case $reason in + BOUND|RENEW|REBIND|REBOOT) + timesyncd_servers_setup_add + ;; + EXPIRE|FAIL|RELEASE|STOP) + timesyncd_servers_setup_remove + ;; +esac diff --git a/siotp/sisr1/tp03/srv-service/dhcp/dhclient.conf b/siotp/sisr1/tp03/srv-service/dhcp/dhclient.conf new file mode 100644 index 0000000..b85301b --- /dev/null +++ b/siotp/sisr1/tp03/srv-service/dhcp/dhclient.conf @@ -0,0 +1,54 @@ +# Configuration file for /sbin/dhclient. +# +# This is a sample configuration file for dhclient. See dhclient.conf's +# man page for more information about the syntax of this file +# and a more comprehensive list of the parameters understood by +# dhclient. +# +# Normally, if the DHCP server provides reasonable information and does +# not leave anything out (like the domain name, for example), then +# few changes must be made to this file, if any. +# + +option rfc3442-classless-static-routes code 121 = array of unsigned integer 8; + +send host-name = gethostname(); +request subnet-mask, broadcast-address, time-offset, routers, + domain-name, domain-name-servers, domain-search, host-name, + dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers, + netbios-name-servers, netbios-scope, interface-mtu, + rfc3442-classless-static-routes, ntp-servers; + +#send dhcp-client-identifier 1:0:a0:24:ab:fb:9c; +#send dhcp-lease-time 3600; +#supersede domain-name "fugue.com home.vix.com"; +#prepend domain-name-servers 127.0.0.1; +#require subnet-mask, domain-name-servers; +#timeout 60; +#retry 60; +#reboot 10; +#select-timeout 5; +#initial-interval 2; +#script "/sbin/dhclient-script"; +#media "-link0 -link1 -link2", "link0 link1"; +#reject 192.33.137.209; + +#alias { +# interface "eth0"; +# fixed-address 192.5.5.213; +# option subnet-mask 255.255.255.255; +#} + +#lease { +# interface "eth0"; +# fixed-address 192.33.137.200; +# medium "link0 link1"; +# option host-name "andare.swiftmedia.com"; +# option subnet-mask 255.255.255.0; +# option broadcast-address 192.33.137.255; +# option routers 192.33.137.250; +# option domain-name-servers 127.0.0.1; +# renew 2 2000/1/12 00:00:01; +# rebind 2 2000/1/12 00:00:01; +# expire 2 2000/1/12 00:00:01; +#} diff --git a/siotp/sisr1/tp03/srv-service/dhcp/dhcpd.conf b/siotp/sisr1/tp03/srv-service/dhcp/dhcpd.conf new file mode 100644 index 0000000..dc50af0 --- /dev/null +++ b/siotp/sisr1/tp03/srv-service/dhcp/dhcpd.conf @@ -0,0 +1,110 @@ +# dhcpd.conf +# +# Sample configuration file for ISC dhcpd +# + +# option definitions common to all supported networks... +#option domain-name "example.org"; +#option domain-name-servers ns1.example.org, ns2.example.org; + +default-lease-time 604800; +max-lease-time 604800; + +# The ddns-updates-style parameter controls whether or not the server will +# attempt to do a DNS update when a lease is confirmed. We default to the +# behavior of the version 2 packages ('none', since DHCP v2 didn't +# have support for DDNS.) +ddns-update-style none; + + +subnet 172.16.0.0 netmask 255.255.255.0 { +range 172.16.0.100 172.16.0.200; +option routers 172.16.0.254; +option domain-name-servers 172.16.0.1, 172.16.0.2; +option domain-name "monlabo.lan"; +} + +host srv-admin-jp { +hardware ethernet 08:00:27:44:f2:e7; +fixed-address 172.16.0.254; +} +host srv-dns2 { +hardware ethernet 08:00:27:2b:f5:4c; +fixed-address 172.16.0.2; +option domain-name-servers 127.0.0.1; +} +# This is a very basic subnet declaration. + +#subnet 10.254.239.0 netmask 255.255.255.224 { +# range 10.254.239.10 10.254.239.20; +# option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org; +#} + +# This declaration allows BOOTP clients to get dynamic addresses, +# which we don't really recommend. + +#subnet 10.254.239.32 netmask 255.255.255.224 { +# range dynamic-bootp 10.254.239.40 10.254.239.60; +# option broadcast-address 10.254.239.31; +# option routers rtr-239-32-1.example.org; +#} + +# A slightly different configuration for an internal subnet. +#subnet 10.5.5.0 netmask 255.255.255.224 { +# range 10.5.5.26 10.5.5.30; +# option domain-name-servers ns1.internal.example.org; +# option domain-name "internal.example.org"; +# option routers 10.5.5.1; +# option broadcast-address 10.5.5.31; +# default-lease-time 600; +# max-lease-time 7200; +#} + +# Hosts which require special configuration options can be listed in +# host statements. If no address is specified, the address will be +# allocated dynamically (if possible), but the host-specific information +# will still come from the host declaration. + +#host passacaglia { +# hardware ethernet 0:0:c0:5d:bd:95; +# filename "vmunix.passacaglia"; +# server-name "toccata.example.com"; +#} + +# Fixed IP addresses can also be specified for hosts. These addresses +# should not also be listed as being available for dynamic assignment. +# Hosts for which fixed IP addresses have been specified can boot using +# BOOTP or DHCP. Hosts for which no fixed address is specified can only +# be booted with DHCP, unless there is an address range on the subnet +# to which a BOOTP client is connected which has the dynamic-bootp flag +# set. +#host fantasia { +# hardware ethernet 08:00:07:26:c0:a5; +# fixed-address fantasia.example.com; +#} + +# You can declare a class of clients and then do address allocation +# based on that. The example below shows a case where all clients +# in a certain class get addresses on the 10.17.224/24 subnet, and all +# other clients get addresses on the 10.0.29/24 subnet. + +#class "foo" { +# match if substring (option vendor-class-identifier, 0, 4) = "SUNW"; +#} + +#shared-network 224-29 { +# subnet 10.17.224.0 netmask 255.255.255.0 { +# option routers rtr-224.example.org; +# } +# subnet 10.0.29.0 netmask 255.255.255.0 { +# option routers rtr-29.example.org; +# } +# pool { +# allow members of "foo"; +# range 10.17.224.10 10.17.224.250; +# } +# pool { +# deny members of "foo"; +# range 10.0.29.10 10.0.29.230; +# } +#} diff --git a/siotp/sisr1/tp03/srv-service/dhcp/dhcpd6.conf b/siotp/sisr1/tp03/srv-service/dhcp/dhcpd6.conf new file mode 100644 index 0000000..87786b4 --- /dev/null +++ b/siotp/sisr1/tp03/srv-service/dhcp/dhcpd6.conf @@ -0,0 +1,102 @@ +# Server configuration file example for DHCPv6 +# From the file used for TAHI tests - addresses chosen +# to match TAHI rather than example block. + +# IPv6 address valid lifetime +# (at the end the address is no longer usable by the client) +# (set to 30 days, the usual IPv6 default) +default-lease-time 2592000; + +# IPv6 address preferred lifetime +# (at the end the address is deprecated, i.e., the client should use +# other addresses for new connections) +# (set to 7 days, the usual IPv6 default) +preferred-lifetime 604800; + +# T1, the delay before Renew +# (default is 1/2 preferred lifetime) +# (set to 1 hour) +option dhcp-renewal-time 3600; + +# T2, the delay before Rebind (if Renews failed) +# (default is 3/4 preferred lifetime) +# (set to 2 hours) +option dhcp-rebinding-time 7200; + +# Enable RFC 5007 support (same than for DHCPv4) +allow leasequery; + +# Global definitions for name server address(es) and domain search list +option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:3f3e; +option dhcp6.domain-search "test.example.com","example.com"; + +# Set preference to 255 (maximum) in order to avoid waiting for +# additional servers when there is only one +##option dhcp6.preference 255; + +# Server side command to enable rapid-commit (2 packet exchange) +##option dhcp6.rapid-commit; + +# The delay before information-request refresh +# (minimum is 10 minutes, maximum one day, default is to not refresh) +# (set to 6 hours) +option dhcp6.info-refresh-time 21600; + +# Static definition (must be global) +#host myclient { +# # The entry is looked up by this +# host-identifier option +# dhcp6.client-id 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2; +# +# # A fixed address +# fixed-address6 3ffe:501:ffff:100::1234; +# +# # A fixed prefix +# fixed-prefix6 3ffe:501:ffff:101::/64; +# +# # Override of the global definitions, +# # works only when a resource (address or prefix) is assigned +# option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:4f4e; +# +# # For debug (to see when the entry statements are executed) +# # (log "sol" when a matching Solicitation is received) +# ##if packet(0,1) = 1 { log(debug,"sol"); } +#} +# +#host otherclient { +# # This host entry is hopefully matched if the client supplies a DUID-LL +# # or DUID-LLT containing this MAC address. +# hardware ethernet 01:00:80:a2:55:67; +# +# fixed-address6 3ffe:501:ffff:100::4321; +#} + +# The subnet where the server is attached +# (i.e., the server has an address in this subnet) +#subnet6 3ffe:501:ffff:100::/64 { +# # Two addresses available to clients +# # (the third client should get NoAddrsAvail) +# range6 3ffe:501:ffff:100::10 3ffe:501:ffff:100::11; +# +# # Use the whole /64 prefix for temporary addresses +# # (i.e., direct application of RFC 4941) +# range6 3ffe:501:ffff:100:: temporary; +# +# # Some /64 prefixes available for Prefix Delegation (RFC 3633) +# prefix6 3ffe:501:ffff:100:: 3ffe:501:ffff:111:: /64; +#} + +# A second subnet behind a relay agent +#subnet6 3ffe:501:ffff:101::/64 { +# range6 3ffe:501:ffff:101::10 3ffe:501:ffff:101::11; +# +# # Override of the global definitions, +# # works only when a resource (address or prefix) is assigned +# option dhcp6.name-servers 3ffe:501:ffff:101:200:ff:fe00:3f3e; +# +#} + +# A third subnet behind a relay agent chain +#subnet6 3ffe:501:ffff:102::/64 { +# range6 3ffe:501:ffff:102::10 3ffe:501:ffff:102::11; +#}