Add GA-Schloss. Renew WF.

GA-Schloss/bind/bind.keys

@@ -0,0 +1,69 @@
+# The bind.keys file is used to override the built-in DNSSEC trust anchors
+# which are included as part of BIND 9.  As of the current release, the only
+# trust anchors it contains are those for the DNS root zone ("."), and for
+# the ISC DNSSEC Lookaside Validation zone ("dlv.isc.org").  Trust anchors
+# for any other zones MUST be configured elsewhere; if they are configured
+# here, they will not be recognized or used by named.
+#
+# The built-in trust anchors are provided for convenience of configuration.
+# They are not activated within named.conf unless specifically switched on.
+# To use the built-in root key, set "dnssec-validation auto;" in
+# named.conf options.  To use the built-in DLV key, set
+# "dnssec-lookaside auto;".  Without these options being set,
+# the keys in this file are ignored.
+#
+# This file is NOT expected to be user-configured.
+#
+# These keys are current as of Feburary 2017.  If any key fails to
+# initialize correctly, it may have expired.  In that event you should
+# replace this file with a current version.  The latest version of
+# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
+
+managed-keys {
+        # ISC DLV: See https://www.isc.org/solutions/dlv for details.
+        #
+        # NOTE: The ISC DLV zone is being phased out as of February 2017;
+        # the key will remain in place but the zone will be otherwise empty.
+        # Configuring "dnssec-lookaside auto;" to activate this key is
+        # harmless, but is no longer useful and is not recommended.
+        dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
+                brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
+                1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
+                ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
+                Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
+                QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
+                TDN0YUuWrBNh";
+
+        # ROOT KEYS: See https://data.iana.org/root-anchors/root-anchors.xml
+        # for current trust anchor information.
+        #
+        # These keys are activated by setting "dnssec-validation auto;"
+        # in named.conf.
+        #
+        # This key (19036) is to be phased out starting in 2017. It will
+        # remain in the root zone for some time after its successor key
+        # has been added. It will remain this file until it is removed from
+        # the root zone.
+        . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
+                FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
+                bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
+                X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
+                W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
+                Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
+                QxA+Uk1ihz0=";
+
+        # This key (20326) is to be published in the root zone in 2017.
+        # Servers which were already using the old key (19036) should
+        # roll seamlessly to this new one via RFC 5011 rollover. Servers
+        # being set up for the first time can use the contents of this
+        # file as initializing keys; thereafter, the keys in the
+        # managed key database will be trusted and maintained
+        # automatically.
+        . initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
+                +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
+                ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
+                0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
+                oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
+                RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
+                R1AkUTV74bU=";
+};

GA-Schloss/bind/db.0

@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.

GA-Schloss/bind/db.127

@@ -0,0 +1,13 @@
+;
+; BIND reverse data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+1.0.0	IN	PTR	localhost.

GA-Schloss/bind/db.255

@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.

GA-Schloss/bind/db.empty

@@ -0,0 +1,14 @@
+; BIND reverse data file for empty rfc1918 zone
+;
+; DO NOT EDIT THIS FILE - it is used for multiple zones.
+; Instead, copy it, edit named.conf, and use that copy.
+;
+$TTL	86400
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			  86400 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.

GA-Schloss/bind/db.local

@@ -0,0 +1,14 @@
+;
+; BIND data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      2		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+@	IN	A	127.0.0.1
+@	IN	AAAA	::1

GA-Schloss/bind/db.root

@@ -0,0 +1,90 @@
+;       This file holds the information on root name servers needed to
+;       initialize cache of Internet domain name servers
+;       (e.g. reference this file in the "cache  .  <file>"
+;       configuration file of BIND domain name servers).
+;
+;       This file is made available by InterNIC 
+;       under anonymous FTP as
+;           file                /domain/named.cache
+;           on server           FTP.INTERNIC.NET
+;       -OR-                    RS.INTERNIC.NET
+;
+;       last update:    February 17, 2016
+;       related version of root zone:   2016021701
+;
+; formerly NS.INTERNIC.NET
+;
+.                        3600000      NS    A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
+A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:ba3e::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+.                        3600000      NS    B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
+B.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:84::b
+;
+; FORMERLY C.PSI.NET
+;
+.                        3600000      NS    C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
+C.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2::c
+;
+; FORMERLY TERP.UMD.EDU
+;
+.                        3600000      NS    D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
+D.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2d::d
+;
+; FORMERLY NS.NASA.GOV
+;
+.                        3600000      NS    E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
+;
+; FORMERLY NS.ISC.ORG
+;
+.                        3600000      NS    F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
+F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+.                        3600000      NS    G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+.                        3600000      NS    H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET.      3600000      A     198.97.190.53
+H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::53
+;
+; FORMERLY NIC.NORDU.NET
+;
+.                        3600000      NS    I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
+I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fe::53
+;
+; OPERATED BY VERISIGN, INC.
+;
+.                        3600000      NS    J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
+J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:c27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+.                        3600000      NS    K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
+K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fd::1
+;
+; OPERATED BY ICANN
+;
+.                        3600000      NS    L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
+L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:3::42
+;
+; OPERATED BY WIDE
+;
+.                        3600000      NS    M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
+M.ROOT-SERVERS.NET.      3600000      AAAA  2001:dc3::35
+; End of file

GA-Schloss/bind/master/ga.netz.zone

@@ -0,0 +1,119 @@
+;
+; BIND data file for local ga.netz zone
+;
+$TTL  43200
+@  IN SOA   ns.local.netz. ckubu.oopen.de. (
+      2018032901     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+						IN	NS		ns1.ga.netz.
+						IN	NS		ns2.ga.netz.
+						IN	NS		ns3.ga.netz.
+						IN	NS		ga-st-dc.ga.intra.
+						IN	NS		gaasdc01.ga.intra.
+
+
+; Gateway/Firewall Server
+ga-st-gw          IN A     192.168.11.254
+st-gw             IN CNAME ga-st-gw
+gw-schloss			IN	CNAME ga-st-gw
+ga-st-gw-ipmi     IN A     10.11.11.15
+st-gw-ipmi        IN CNAME ga-st-gw-ipmi
+ga-schloss-ipmi   IN CNAME ga-st-gw-ipmi
+
+ga-nh-gw          IN A     192.168.81.254
+nh-gw             IN CNAME ga-nh-gw
+gw-nh             IN CNAME ga-nh-gw
+ga-nh-gw-ipmi     IN A     192.168.81.15
+nh-gw-ipmi        IN CNAME ga-nh-gw-ipmi
+gw-nh-ipmi        IN CNAME ga-nh-gw-ipmi
+
+
+ga-al-gw          IN A     192.168.10.254
+al-gw             IN CNAME ga-al-gw
+gw-altenschlirf   IN CNAME ga-al-gw
+gw-al-gw-ipmi     IN A     172.17.0.15
+al-gw-ipmi        IN CNAME gw-al-gw-ipmi
+
+ga-st-gw-ersatz   IN A     192.168.11.19
+st-gw-ersatz      IN CNAME ga-st-gw-ersatz
+gw-ersatz         IN CNAME ga-st-gw-ersatz
+ga-st-gw-ersatz-ipmi IN A     10.11.11.16
+st-gw-ersatz-ipmi IN CNAME ga-st-gw-ersatz-ipmi
+gw-ersatz-ipmi    IN CNAME ga-st-gw-ersatz-ipmi
+
+; Controller for Unifi AP's
+ga-st-ctl-unifi   IN A     10.121.15.254
+st-ctl-unifi      IN CNAME ga-st-ctl-unifi
+
+; Unifi Accesspoints
+ap-unifi001       IN A     10.121.1.1
+ap-unifi002       IN A     10.121.1.2
+ap-unifi003       IN A     10.121.1.3
+ap-unifi004       IN A     10.121.1.4
+ap-unifi004       IN A     10.121.1.5
+
+
+
+; KVM Hostsysteme
+ga-st-kvm1        IN A     10.10.11.1
+st-kvm1           IN CNAME ga-st-kvm1
+ga-st-kvm1-ipmi   IN A     10.10.10.115
+st-kvm1-ipmi      IN CNAME ga-st-kvm1-ipmi
+
+ga-al-kvm2        IN A     10.10.10.3
+al-kvm2           IN CNAME ga-al-kvm2
+ga-al-kvm2-ipmi   IN A     10.10.10.115
+al-kvm2-ipmi      IN CNAME ga-al-kvm2-ipmi
+
+
+; Nameserver
+ns1					IN	A 		192.168.11.1
+ns                IN CNAME ns1
+ga-st-ns1         IN CNAME ns1
+st-ns1            IN CNAME ns1
+ns2					IN	A 		192.168.10.254
+ga-al-ns2         IN CNAME ns2
+al-ns2            IN CNAME ns2
+ns3					IN	A 		192.168.81.1
+ga-nh-ns3         IN CNAME ns3
+nh-ns3            IN CNAME ns3
+
+ns.wolle          IN A     10.113.12.3
+
+; Linux Dienste Server 
+ga-st-lsx1        IN A     192.168.11.2
+st-lsx1           IN CNAME ga-st-lsx1
+lsx1              IN CNAME ga-st-lsx1
+
+; Tech wiki
+ga-st-twiki       IN A     192.168.11.5
+st-twiki          IN CNAME ga-st-twiki
+dokuwiki          IN CNAME ga-st-twiki
+techwiki          IN CNAME ga-st-twiki
+wiki              IN CNAME ga-st-twiki
+
+; Backup Server Stockhausen
+ga-st-rsync1      IN A     10.10.11.7
+st-rsync1         IN CNAME ga-st-rsync1
+rsync1            IN CNAME ga-st-rsync1
+
+; Backup Server Altenschlirf
+ga-al-rsync2      IN A     10.10.10.7
+al-rsync2         IN CNAME ga-al-rsync2
+rsync2            IN CNAME ga-al-rsync2
+
+; Xymon Server Altenschlirf
+ga-al-xymon       IN A     192.168.10.16
+al-xymon          IN CNAME ga-al-xymon
+xymon             IN CNAME ga-al-xymon
+
+; Webserver 1 (Altenschlirf)
+ga-al-ws1         IN A     192.168.10.17
+al-ws1            IN CNAME ga-al-ws1
+

GA-Schloss/bind/named.conf

@@ -0,0 +1,11 @@
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
+// structure of BIND configuration files in Debian, *BEFORE* you customize 
+// this configuration file.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+include "/etc/bind/named.conf.options";
+include "/etc/bind/named.conf.local";
+include "/etc/bind/named.conf.default-zones";

GA-Schloss/bind/named.conf.default-zones

@@ -0,0 +1,30 @@
+// prime the server with knowledge of the root servers
+zone "." {
+	type hint;
+	file "/etc/bind/db.root";
+};
+
+// be authoritative for the localhost forward and reverse zones, and for
+// broadcast zones as per RFC 1912
+
+zone "localhost" {
+	type master;
+	file "/etc/bind/db.local";
+};
+
+zone "127.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.127";
+};
+
+zone "0.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.0";
+};
+
+zone "255.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.255";
+};
+
+

GA-Schloss/bind/named.conf.local

@@ -0,0 +1,125 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
+/* ------------ MASTER ZONES ------------- */
+
+zone "ga.netz" {
+   type master;
+   file "/etc/bind/master/ga.netz.zone";
+   allow-transfer {
+      internaldns;
+   };
+};
+
+
+/* ------------ SLAVE ZONES ------------- */
+
+zone "_msdcs.ga.intra" {
+   type slave;
+   file "/etc/bind/slave/_msdcs.ga.intra";
+   allow-query { any; };
+   allow-transfer {
+      internaldns;
+   };
+   masters {
+      192.168.10.3;
+   };
+
+   // Use this sender IPv4 for zone transfers
+   transfer-source 192.168.11.1 ;
+};
+
+zone "autodiscover.gemeinschaft-altenschlirf.de" {
+   type slave;
+   file "/etc/bind/slave/autodiscover.gemeinschaft-altenschlirf.de.zone";
+   allow-query { any; };
+   allow-transfer {
+      internaldns;
+   };
+   masters {
+      192.168.10.3;
+   };
+
+   // Use this sender IPv4 for zone transfers
+   transfer-source 192.168.11.1 ;
+};
+
+zone "ga.intra" {
+   type slave;
+   file "/etc/bind/slave/ga.intra.zone";
+   allow-query { any; };
+   allow-transfer {
+      internaldns;
+   };
+   masters {
+      192.168.10.3;
+   };
+
+   // Use this sender IPv4 for zone transfers
+   transfer-source 192.168.11.1 ;
+};
+
+zone "citrix.gemeinschaft-altenschlirf.de" {
+   type slave;
+   file "/etc/bind/slave/citrix.gemeinschaft-altenschlirf.de.zone";
+   allow-query { any; };
+   allow-transfer {
+      internaldns;
+   };
+   masters {
+      192.168.10.3;
+   };
+
+   // Use this sender IPv4 for zone transfers
+   transfer-source 192.168.11.1 ;
+};
+
+zone "mail.gemeinschaft-altenschlirf.de" {
+   type slave;
+   file "/etc/bind/slave/mail.gemeinschaft-altenschlirf.de.zone";
+   allow-query { any; };
+   allow-transfer {
+      internaldns;
+   };
+   masters {
+      192.168.10.3;
+   };
+
+   // Use this sender IPv4 for zone transfers
+   transfer-source 192.168.11.1 ;
+};
+
+zone "11.168.192.in-addr.arpa" {
+   type slave;
+   file "/etc/bind/slave/db.11.168.192.in-addr.arpa";
+   allow-query { any; };
+   allow-transfer {
+      internaldns;
+   };
+   masters {
+      192.168.10.3;
+   };
+   
+   // Use this sender IPv4 for zone transfers
+   transfer-source 192.168.11.1 ;
+};
+
+zone "10.168.192.in-addr.arpa" {
+   type slave;
+   file "/etc/bind/slave/db.10.168.192.in-addr.arpa";
+   allow-query { any; };
+   allow-transfer {
+      internaldns;
+   };
+   masters {
+      192.168.10.3;
+   };
+
+   // Use this sender IPv4 for zone transfers
+   transfer-source 192.168.11.1 ;
+};

GA-Schloss/bind/named.conf.local.ORIG

@@ -0,0 +1,8 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+

GA-Schloss/bind/named.conf.options

@@ -0,0 +1,133 @@
+acl internaldns {
+   192.168.11.3;
+   192.168.10.3;
+   192.168.10.6;
+   # Nameserver Gateway Altenschlirf
+   192.168.10.254;
+   172.16.0.1;
+   # Nameserver Gateway Novalishaus
+   192.168.81.1;
+   10.2.11.2;
+   # Nameserver wolle
+   10.113.12.3;
+};
+
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	// forwarders {
+	// 	0.0.0.0;
+	// };
+
+	//========================================================================
+	// If BIND logs error messages about the root key being expired,
+	// you will need to update your keys.  See https://www.isc.org/bind-keys
+	//========================================================================
+	dnssec-validation auto;
+
+   // Security options
+   listen-on port 53 {
+      127.0.0.1;
+      10.10.11.254;
+      192.168.11.1;
+      192.168.11.254;
+   };
+
+   // Use this sender IPv4 for zone transfers
+   //transfer-source 192.168.11.1 ; 
+
+   allow-query {
+      127.0.0.1;
+      192.168.0.0/16;
+      10.0.0.0/8;
+      172.16.0.0/12;
+      2001:6f8:107e::/48;
+      fe80::/8;
+      ::1/128;
+   };
+
+   // caching name services
+   recursion yes;
+
+   allow-recursion {
+      127.0.0.1;
+      192.168.0.0/16;
+      172.16.0.0/12;
+      10.0.0.0/8;
+      fe80::/8;
+      ::1/128;
+   };
+
+   allow-transfer {
+      internaldns;
+   };
+   transfer-source 192.168.11.1;
+   notify-source 192.168.11.1;
+
+
+	auth-nxdomain no;    # conform to RFC1035
+	listen-on-v6 { none; };
+
+   ## - If zone-statistics is "yes", statistic file will be written.
+   ## -
+   ## - Notice:
+   ## -    The named.stats file may grow very large over the time use some logrotate to keep it
+   ## -    small, this may result in graphs being reset ( something I don't care about here )
+   ## -
+   zone-statistics yes;
+   statistics-file "/var/log/named/named.stats";
+};
+
+logging {
+   channel simple_log {
+      file "/var/log/named/bind.log" versions 3 size 5m;
+      //severity warning;
+      severity info;
+      print-time yes;
+      print-severity yes;
+      print-category  yes;
+   };
+   channel queries_log {
+      file "/var/log/named/query.log" versions 10 size 5m;
+      severity debug;
+      //severity notice;
+      print-time yes;
+      print-severity yes;
+      print-category no;
+   };
+   channel log_zone_transfers {
+      file "/var/log/named/axfr.log" versions 5 size 2m;
+      severity info;
+      print-time yes;
+      print-severity yes;
+      print-category yes;
+   };
+   category resolver {
+      queries_log;
+   };
+   category queries {
+      queries_log;
+   };
+   category xfer-in {
+      log_zone_transfers;
+   };
+   category xfer-out {
+      log_zone_transfers;
+   };
+   category notify {
+      log_zone_transfers;
+   };
+   category default{
+      simple_log;
+   };
+};
+

GA-Schloss/bind/rndc.key

@@ -0,0 +1,4 @@
+key "rndc-key" {
+	algorithm hmac-md5;
+	secret "R/ilz2UjdXokWgxVai2qYw==";
+};