Ajout desfichiers configs de dns2

sisr1/tp02-dns/dns2/db.sio-yl.lan

@@ -0,0 +1,17 @@
+$ORIGIN .
+$TTL 604800	; 1 week
+sio-yl.lan		IN SOA	dns1-yl.sio-yl.lan. root.dns1.sio-yl.lan. (
+				2          ; serial
+				604800     ; refresh (1 week)
+				86400      ; retry (1 day)
+				2419200    ; expire (4 weeks)
+				604800     ; minimum (1 week)
+				)
+			NS	dns1-yl.sio-yl.lan.
+			NS	localhost.
+$ORIGIN sio-yl.lan.
+deb-dhcp-yl		A	192.168.0.120
+dhcp			CNAME	deb-dhcp-yl
+dns			CNAME	dns1-yl
+dns1-yl			A	192.168.0.121
+dns2-yl			A	192.168.0.122

sisr1/tp02-dns/dns2/db.sio-yl.lan.rev

@@ -0,0 +1,14 @@
+$ORIGIN .
+$TTL 604800	; 1 week
+0.168.192.in-addr.arpa	IN SOA	dns1-yl.sio-yl.lan. root.dns1-yl.sio-yl.lan. (
+				2          ; serial
+				604800     ; refresh (1 week)
+				86400      ; retry (1 day)
+				2419200    ; expire (4 weeks)
+				604800     ; minimum (1 week)
+				)
+			NS	dns1-yl.sio.lan.
+$ORIGIN 0.168.192.in-addr.arpa.
+120			PTR	deb-dhcp-yl.sio-yl.lan.
+121			PTR	dns1-yl.sio-yl.lan.
+122			PTR	dns2-yl.sio-yl.lan.

sisr1/tp02-dns/dns2/named.conf

@@ -0,0 +1,11 @@
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian for information on the
+// structure of BIND configuration files in Debian, *BEFORE* you customize
+// this configuration file.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+include "/etc/bind/named.conf.options";
+include "/etc/bind/named.conf.local";
+include "/etc/bind/named.conf.default-zones";

sisr1/tp02-dns/dns2/named.conf.local

@@ -0,0 +1,24 @@
+//
+// Do any local configuration here
+	// zone directe
+        zone "sio-yl.lan" {
+             type slave;
+             file "/etc/bind/db.sio-yl.lan";
+	     masters { 192.168.0.121; };
+	     masterfile-format text;
+        };
+
+	// zone inverse 
+	zone "0.168.192.in-addr.arpa" {
+	     type slave;
+             notify no;
+             file "/etc/bind/db.sio-yl.lan.rev";
+	     masters { 192.168.0.121; };
+	     masterfile-format text;
+	};
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+

sisr1/tp02-dns/dns2/named.conf.options

@@ -0,0 +1,24 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	forwarders {
+		10.121.38.7; // Forwarder 1 
+	 };
+
+	//========================================================================
+	// If BIND logs error messages about the root key being expired,
+	// you will need to update your keys.  See https://www.isc.org/bind-keys
+	//========================================================================
+	dnssec-validation no;
+
+	listen-on-v6 { any; };
+};

sisr1/tp02-dns/dns2/usr.sbin.named

@@ -0,0 +1,101 @@
+# vim:syntax=apparmor
+# Last Modified: Fri Jun  1 16:43:22 2007
+#include <tunables/global>
+
+profile named /usr/sbin/named flags=(attach_disconnected) {
+  #include <abstractions/base>
+  #include <abstractions/nameservice>
+
+  capability net_bind_service,
+  capability setgid,
+  capability setuid,
+  capability sys_chroot,
+  capability sys_resource,
+
+  # /etc/bind should be read-only for bind
+  # /var/lib/bind is for dynamically updated zone (and journal) files.
+  # /var/cache/bind is for slave/stub data, since we're not the origin of it.
+  # See /usr/share/doc/bind9/README.Debian.gz
+  /etc/bind/** rw,
+  /var/lib/bind/** rw,
+  /var/lib/bind/ rw,
+  /var/cache/bind/** lrw,
+  /var/cache/bind/ rw,
+
+  # Database file used by allow-new-zones
+  /var/cache/bind/_default.nzd-lock rwk,
+
+  # gssapi
+  /etc/krb5.keytab kr,
+  /etc/bind/krb5.keytab kr,
+
+  # ssl
+  /etc/ssl/*.cnf r,
+  /etc/ssl/*.conf r,
+
+  # root hints from dns-data-root
+  /usr/share/dns/root.* r,
+
+  # GeoIP data files for GeoIP ACLs
+  /usr/share/GeoIP/** r,
+
+  # dnscvsutil package
+  /var/lib/dnscvsutil/compiled/** rw,
+
+  # Allow changing worker thread names
+  owner @{PROC}/@{pid}/task/@{tid}/comm rw,
+
+  # named need to check if hugepages is available
+  /sys/kernel/mm/transparent_hugepage/enabled r,
+
+  @{PROC}/net/if_inet6 r,
+  @{PROC}/*/net/if_inet6 r,
+  @{PROC}/sys/net/ipv4/ip_local_port_range r,
+  /usr/sbin/named mr,
+  /{,var/}run/named/named.pid w,
+  /{,var/}run/named/session.key w,
+  # support for resolvconf
+  /{,var/}run/named/named.options r,
+
+  # some people like to put logs in /var/log/named/ instead of having
+  # syslog do the heavy lifting.
+  /var/log/named/** rw,
+  /var/log/named/ rw,
+
+  # gssapi
+  /var/lib/sss/pubconf/krb5.include.d/** r,
+  /var/lib/sss/pubconf/krb5.include.d/ r,
+  /var/lib/sss/mc/initgroups r,
+  /etc/gss/mech.d/ r,
+
+  # ldap
+  /etc/ldap/ldap.conf r,
+  /{,var/}run/slapd-*.socket rw,
+
+  # dynamic updates
+  /var/tmp/DNS_* rw,
+
+  # dyndb backends
+  /usr/lib/bind/*.so rm,
+
+  # Samba DLZ
+  /{usr/,}lib/@{multiarch}/samba/bind9/*.so rm,
+  /{usr/,}lib/@{multiarch}/samba/gensec/*.so rm,
+  /{usr/,}lib/@{multiarch}/samba/ldb/*.so rm,
+  /{usr/,}lib/@{multiarch}/ldb/modules/ldb/*.so rm,
+  /var/lib/samba/bind-dns/dns.keytab rk,
+  /var/lib/samba/bind-dns/named.conf r,
+  /var/lib/samba/bind-dns/dns/** rwk,
+  /var/lib/samba/private/dns.keytab rk,
+  /var/lib/samba/private/named.conf r,
+  /var/lib/samba/private/dns/** rwk,
+  /etc/samba/smb.conf r,
+  /dev/urandom rwmk,
+  owner /var/tmp/krb5_* rwk,
+
+  # systemd sd_notify
+  /run/systemd/notify w,
+
+  # Site-specific additions and overrides. See local/README for details.
+  #include <local/usr.sbin.named>
+}