From 55a745005e7af1e3633b286d5ac1a28ba4fac6ce Mon Sep 17 00:00:00 2001
From: Ian Kelling <iank@fsf.org>
Date: Mon, 22 Apr 2024 00:28:22 -0400
Subject: [PATCH] unify dns related config, change some dns settings

---
 wrt-setup       |   2 +-
 wrt-setup-local | 107 ++++--------------------------------------------
 2 files changed, 10 insertions(+), 99 deletions(-)

diff --git a/wrt-setup b/wrt-setup
index 83b1c76..7b549ae 100755
--- a/wrt-setup
+++ b/wrt-setup
@@ -77,7 +77,7 @@ scp /a/work/libremanage/libremanage /a/bin/fai/wrt-init /a/bin/fai/wrt-setup-loc
 #/a/opt/openwrt/source/bin/packages/mips_24kc/mypackages/relay_1.0-1_mips_24kc.ipk \
 
 scp /q/root/shadow/router /p/c/machine_specific/wrt/etc/dropbear/dropbear_rsa_host_key \
-     /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} /b/ds/ptr-data /b/bash-bear-trap/bash-bear $h:
+     /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} /p/ptr-data /p/dnsmasq-data /b/bash-bear-trap/bash-bear $h:
 scp ../openwrtkeyring/usign/* $h:/etc/opkg/keys
 
 ssh $h wrt-init ${HOME_DOMAIN:-b8.nz} "$@"
diff --git a/wrt-setup-local b/wrt-setup-local
index a5fd911..aabfca3 100755
--- a/wrt-setup-local
+++ b/wrt-setup-local
@@ -684,20 +684,6 @@ config rule
  option target           ACCEPT
  option dest_port        9091
 
-
-config redirect
- option name nagioskd
- option src              wan
- option src_dport        3005
- option dest_port        3005
- option dest_ip          $l.2
- option dest             lan
-config rule
- option src              wan
- option target           ACCEPT
- option dest_port        3005
-
-
 config redirect
  option name sshkd
  option src              wan
@@ -761,24 +747,12 @@ config rule
  option target           ACCEPT
  option dest_port        2207
 
-config redirect
- option name sshtp
- option src              wan
- option src_dport        2208
- option dest_port        22
- option dest_ip          $l.8
- option dest             lan
-config rule
- option src              wan
- option target           ACCEPT
- option dest_port        2208
-
 config redirect
  option name sshbb8
  option src              wan
  option src_dport        2209
  option dest_port        22
- option dest_ip          $l.9
+ option dest_ip          $l.32
  option dest             lan
 config rule
  option src              wan
@@ -796,7 +770,7 @@ config redirect
 config rule
  option src              wan
  option target           ACCEPT
- option dest_port        2228
+ option dest_port        2234
 
 
 config redirect
@@ -1113,32 +1087,13 @@ EOF
   # https dns will need to be blocked by ip in
   # order to be comprehensive
 
+
   cedit /etc/unbound/unbound_ext.conf <<EOF || unbound_restart=true
 
-$(cat /root/ptr-data)
+$(. /root/ptr-data)
 
 local-data-ptr: "10.2.0.1 cmc.b8.nz"
-local-data-ptr: "10.2.0.4 wrt2.b8.nz"
-local-data-ptr: "10.2.0.6 x2w.b8.nz"
-local-data-ptr: "10.2.0.7 syw.b8.nz"
-local-data-ptr: "10.2.0.9 bb8.b8.nz"
-local-data-ptr: "10.2.0.14 wrt3.b8.nz"
-local-data-ptr: "10.2.0.17 x3w.b8.nz"
-local-data-ptr: "10.2.0.18 tp.b8.nz"
-local-data-ptr: "10.2.0.19 brother.b8.nz"
-local-data-ptr: "10.2.0.23 tpw.b8.nz"
-local-data-ptr: "10.2.0.24 one9p.b8.nz"
-local-data-ptr: "10.2.0.25 hp.b8.nz"
-local-data-ptr: "10.2.0.29 bow.b8.nz"
-local-data-ptr: "10.2.0.31 amazontab.b8.nz"
-local-data-ptr: "10.2.0.32 samsungtab.b8.nz"
-local-data-ptr: "10.2.0.38 x8.b8.nz"
-local-data-ptr: "10.2.0.48 bigs.b8.nz"
-local-data-ptr: "10.2.0.49 pi4.b8.nz"
-local-data-ptr: "10.2.0.50 pi4w.b8.nz"
-local-data-ptr: "10.2.0.52 s22.b8.nz"
-local-data-ptr: "10.2.0.53 cmcap.b8.nz"
-local-data-ptr: "10.2.0.88 demohost.b8.nz"
+
 local-data-ptr: "10.174.2.2 transmission.b8.nz"
 local-data-ptr: "10.173.8.1 defaultnn.b8.nz"
 local-data-ptr: "10.173.8.2 nn.b8.nz"
@@ -1209,11 +1164,15 @@ fi # end if $ap
 # to start.
 mkdir -p /mnt/usb/tftpboot
 cedit /etc/dnsmasq.conf  <<EOF || dnsmasq_restart=true
+
 # no dns
 port=0
 server=/b8.nz/#
 ptr-record=1.0.2.10.in-addr.arpa.,cmc.b8.nz
 
+# generated with host-info-update
+$(. /root/dnsmasq-data)
+
 # https://ret2got.wordpress.com/2018/01/19/how-your-ethereum-can-be-stolen-using-dns-rebinding/
 stop-dns-rebind
 rebind-domain-ok=b8.nz
@@ -1269,54 +1228,6 @@ server=10.2.0.1
 
 
 # default dhcp range is 100-150
-# bottom port,  iPXE (PCI 03:00.0) in seabios boot menu
-dhcp-host=c8:60:00:31:6b:75,set:kd,$l.2,kd
-#dhcp-host=94:05:bb:1e:2c:2e,set:bo,$l.38,bo
-# top port, iPXE (PCI 04:00.0) in seabios boot menu
-#dhcp-host=c8:60:00:2b:15:07,set:kd,$l.2,kd
-# 4 is reserved for a staticly configured host wrt2
-
-
-dhcp-host=c4:8e:8f:60:63:cb,set:x2w,$l.6,x2w
-dhcp-host=10:51:07:f5:f1:b8,set:syw,$l.7,syw
-dhcp-host=80:fa:5b:1c:6e:cf,set:amy,$l.8,amy
-dhcp-host=a0:ce:c8:9f:7a:f3,set:sy,$l.12,sy
-# alternate dongle
-#dhcp-host=94:05:bb:1e:2c:2e,set:sy,$l.12,sy
-dhcp-host=00:1f:16:16:39:24,set:x2,$l.13,x2
-
-## for using different dhcp server
-#dhcp-host=52:54:00:9c:ef:ad,ignore
-# 14 = wrt3
-dhcp-host=ac:d1:b8:5c:eb:d7,set:x3w,$l.17,x3w
-dhcp-host=00:1f:16:14:01:d8,set:x3,$l.18,x3
-# BRN001BA98CA823 in dhcp logs
-dhcp-host=00:1b:a9:8c:a8:23,set:brother,$l.19,brother
-
-dhcp-host=00:26:b6:f7:d4:d8,set:amyw,$l.23,amyw
-dhcp-host=9a:c6:52:6f:ce:7c,set:onep9,$l.24,onep9
-dhcp-host=38:63:bb:07:5a:f9,set:hp,$l.25,hp
-dhcp-host=70:a6:cc:3a:bb:b4,set:bow,$l.29,bow
-dhcp-host=6c:56:97:88:7b:74,set:amazontab,$l.31,amazontab
-dhcp-host=0a:8a:9b:cf:b5:ec,set:samsungtab,$l.32,samsungtab
-dhcp-host=14:dd:a9:d5:31:7a,set:frodo,$l.34,frodo
-#dhcp-host=00:26:b6:f6:0f:e9,set:frodow,$l.34,frodow
-# server d16:
-dhcp-host=38:2c:4a:c9:33:13,set:bigs,$l.48,bigs
-dhcp-host=e4:5f:01:07:50:40,set:pi4,$l.49,pi4
-dhcp-host=e4:5f:01:07:50:3f,set:pi4w,$l.50,pi4w
-# samsung phone
-dhcp-host=a8:79:8d:71:54:68,set:s22,$l.52,s22
-
-# This is so fai can have an explicit name to use for testing,
-# or else any random machine which did a pxe boot would get
-# reformatted. The mac is from doing a virt-install, cancelling it,
-# and copying the generated mac, so it should be randomish.
-dhcp-host=52:54:00:9c:ef:ad,set:demohost,$l.88,demohost
-
-
-# faiserver vm
-#dhcp-host=52:54:00:56:09:f9,set:faiserver,$l.15,faiserver
 
 # template
 # dhcp-host=,$l.,
-- 
2.30.2