###Listing 1: <I>/etc/network/interfaces<I>

auto eth0 
iface eth0 inet static 
	address 198.51.100.66 
	netmask 255.255.255.0 
	network 198.51.100.0 
	broadcast 198.51.100.255 
	gateway 198.51.100.1 
	dns-nameservers 127.0.0.1 
iface eth0 inet6 static 
	address 2001:db8:591d:25c5::66 
	netmask 64 
	gateway 2001:db8:591d:25c5::1 


###Listing 2: <I>/etc/sysctl.conf<I>

# Router Advertisements ignorieren 
net.ipv6.conf.default.accept_ra = 0 
net.ipv6.conf.all.accept_ra = 0 
net.ipv6.conf.eth0.accept_ra = 0 
# IPv6 Autokonfiguration abschalten 
net.ipv6.conf.default.autoconf = 0 
net.ipv6.conf.all.autoconf = 0 
net.ipv6.conf.eth0.autoconf = 0 


###Listing 3: Standard-Webseite des Apache-Webservers

<VirtualHost *:80> 
        DocumentRoot /var/www 
        <Directory /var/www/> 
                AllowOverride None 
                Order allow,deny 
                allow from all 
        </Directory> 
        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ 
        <Directory "/usr/lib/cgi-bin"> 
                AllowOverride None 
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch 
                Order allow,deny 
                Allow from all 
        </Directory> 
        ErrorLog ${APACHE_LOG_DIR}/error.log 
        CustomLog ${APACHE_LOG_DIR}/access.log combined 
</VirtualHost> 


###Listing 4: CGI-Skript <I>validator.pl<I>

#!/usr/bin/perl 

use strict; 
use CGI; 
use CGI::Carp 'fatalsToBrowser'; 
use Net::DNS::SEC::Validator; 
use Net::DNS::Packet; 

my $query     = new CGI; 
my $fqdn      = $query->param('fqdn'); 
my $validator = new Net::DNS::SEC::Validator(policy => ":"); 
$validator->policy("validate_tools:"); 

print $query->header(); 
print "<html><head><title>DNSSEC-Validator</title></head>"; 
if (!$fqdn) { 
   print "<body><h3>Kein FQDN &uuml;bergeben!</h3></body></html>"; 
   exit; 
} 
my $r = $validator->res_query($fqdn, "IN", "A"); 
if (!$r) { 
   print "<body><h3>Kein DNS-Eintrag f&uuml;r $fqdn gefunden!</h3>",
         "&Uuml;berpr&uuml;fen Sie, ob die Adresse korrekt ist.</body></html>"; 
   exit; 
} 
my ($pkt, $err) = new Net::DNS::Packet(\$r); 
if (index($pkt->string,"RRSIG") == -1) { 
   print "<body style=\"background-color:yellow; \">",
        "<h3>$fqdn ist nicht DNSSEC-signiert!</h3>\n"; 
   exit; 
} 
if ($validator->istrusted) { 
   print "<body style=\"background-color:lightgreen; \">",
         "<h3>$fqdn ist vertrauensw&uuml;rdig!</h3>",
         "Die DNSSEC-Signatur konnte verifiziert werden.\n"; 
} else { 
   print "<body style=\"background-color:red; \">",
         "<h3>$fqdn ist NICHT vertrauensw&uuml;rdig!</h3>",
         "Die DNSSEC-Signatur konnte NICHT verifiziert werden.\n"; 
} 
print "</body></html>\n"; 


###Listing 5: Weitere Bibliotheken installieren

apt-get install make 
apt-get install gcc 
apt-get install libssl-dev 
apt-get install libnet-dns-perl 
cd /home/testuser/
wget http://www.dnssec-tools.org/download/dnssec-tools-1.14.tar.gz 
tar xzf dnssec-tools-1.14.tar.gz 
cd dnssec-tools-1.14 
./configure 
make 
make install 
cd .. 
wget http://www.dnssec-tools.org/download/dnsval-1.14.tar.gz 
tar xzf dnsval-1.14.tar.gz 
cd dnsval-1.14 
./configure 
make 
make install 
cp etc/dnsval.conf /usr/local/etc/dnssec-tools/.
cp etc/root.hints /usr/local/etc/dnssec-tools/. 
cd ..