refactor and update bind v9.21
This commit is contained in:
parent
55600d8b1a
commit
dc054c5bfd
4
.gitmodules
vendored
Normal file
4
.gitmodules
vendored
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
[submodule "bind9-docker"]
|
||||||
|
path = bind9-docker
|
||||||
|
url = https://github.com/isc-projects/bind9-docker
|
||||||
|
branch = v9.21
|
||||||
13
README.md
13
README.md
@ -3,13 +3,22 @@
|
|||||||
## Configure
|
## Configure
|
||||||
|
|
||||||
```
|
```
|
||||||
Edit /bind/command.sh file properties before first run
|
$ git clone --recurse-submodules https://git.manalejandro.com/ale/bind9
|
||||||
|
|
||||||
|
cd bind and edit ./bind/entrypoint.sh file properties before first run
|
||||||
|
```
|
||||||
|
|
||||||
|
##Build
|
||||||
|
```
|
||||||
|
$ docker buildx build -t bind9-docker ./bind9-docker
|
||||||
|
|
||||||
|
$ docker-compose build
|
||||||
```
|
```
|
||||||
|
|
||||||
## Run
|
## Run
|
||||||
|
|
||||||
```
|
```
|
||||||
docker-compose up -d
|
$ docker-compose up -d
|
||||||
```
|
```
|
||||||
|
|
||||||
#### by default all queries are logged under `/var/log/querylog`
|
#### by default all queries are logged under `/var/log/querylog`
|
||||||
|
|||||||
@ -1,3 +1,4 @@
|
|||||||
FROM debian:buster-slim
|
FROM bind9-docker
|
||||||
RUN apt update && apt -y upgrade && apt install -y bind9 ipv6calc curl bc && apt clean
|
RUN apk add ipcalc bash
|
||||||
|
COPY ./bind/entrypoint.sh /etc/bind/
|
||||||
|
ENTRYPOINT "/etc/bind/entrypoint.sh"
|
||||||
|
|||||||
59
bind/command.sh → bind/entrypoint.sh
Normal file → Executable file
59
bind/command.sh → bind/entrypoint.sh
Normal file → Executable file
@ -50,7 +50,7 @@ $DKIM
|
|||||||
\$INCLUDE K$DOMAIN.+XXX+YYYYY.key
|
\$INCLUDE K$DOMAIN.+XXX+YYYYY.key
|
||||||
\$INCLUDE K$DOMAIN.+XXX+YYYYY.key"> /etc/bind/$DOMAIN
|
\$INCLUDE K$DOMAIN.+XXX+YYYYY.key"> /etc/bind/$DOMAIN
|
||||||
echo -e ";
|
echo -e ";
|
||||||
; BIND reverse file for $(ipv6calc -q -a $IP | sed -e 's/^[[:digit:]]\+\.//' -e 's/\.$//')
|
; BIND reverse file for $(ipcalc -4 -a --reverse-dns $IP | grep REVERSEDNS | sed -e 's/^REVERSEDNS=[[:digit:]]\+\.//')
|
||||||
;
|
;
|
||||||
\$TTL 604800
|
\$TTL 604800
|
||||||
@ IN SOA ns1.$DOMAIN. admin.$DOMAIN. (
|
@ IN SOA ns1.$DOMAIN. admin.$DOMAIN. (
|
||||||
@ -63,9 +63,10 @@ echo -e ";
|
|||||||
@ IN NS ns1.$DOMAIN.
|
@ IN NS ns1.$DOMAIN.
|
||||||
@ IN NS ns2.$DOMAIN.
|
@ IN NS ns2.$DOMAIN.
|
||||||
|
|
||||||
$(ipv6calc -q -a $IP | sed -e 's/\..*$//') IN PTR $DOMAIN.
|
$(ipcalc -4 -a --reverse-dns $IP | grep REVERSEDNS | sed -r 's/^REVERSEDNS=([[:digit:]]+).*/\1/') IN PTR $DOMAIN.
|
||||||
$(ipv6calc -q -a $IP | sed -e 's/\..*$//') IN PTR mail.$DOMAIN." > /etc/bind/rev.$(ipv6calc -q -a $IP | sed -e 's/^[[:digit:]]\+\.//' -e 's/\.$//')
|
$(ipcalc -4 -a --reverse-dns $IP | grep REVERSEDNS | sed -r 's/^REVERSEDNS=([[:digit:]]+).*/\1/') IN PTR mail.$DOMAIN." > /etc/bind/rev.$(ipcalc -4 -a --reverse-dns $IP | grep REVERSEDNS | sed -e 's/^REVERSEDNS=[[:digit:]]\+\.//')
|
||||||
echo -e "\$TTL 604800
|
echo -e "\$TTL 604800
|
||||||
|
; BIND reverse file for $(ipcalc -6 -a --reverse-dns $IPV6 | grep REVERSEDNS | sed -e 's/^REVERSEDNS=[[:digit:]]\+\.//')
|
||||||
@ IN SOA ns1.$DOMAIN. admin.$DOMAIN. (
|
@ IN SOA ns1.$DOMAIN. admin.$DOMAIN. (
|
||||||
$(date +%Y%m%d)$(cat /etc/bind/version) ; Serial
|
$(date +%Y%m%d)$(cat /etc/bind/version) ; Serial
|
||||||
3h ; Refresh
|
3h ; Refresh
|
||||||
@ -77,9 +78,8 @@ echo -e "\$TTL 604800
|
|||||||
@ IN NS ns2.$DOMAIN.
|
@ IN NS ns2.$DOMAIN.
|
||||||
|
|
||||||
; IPv6 PTR entries
|
; IPv6 PTR entries
|
||||||
$(ipv6calc -q -a $(ipv6calc -q --ipv4_to_6to4addr $IP) | sed -e 's/\..*$//') IN PTR $DOMAIN.
|
$(ipcalc -6 -a --reverse-dns $IPV6 | grep REVERSEDNS | sed -e 's/^REVERSEDNS=\([[:digit:]]\)\+.*/\1/') IN PTR $DOMAIN.
|
||||||
$(ipv6calc -q -a $(ipv6calc -q --ipv4_to_6to4addr $IP) | sed -e 's/\..*$//') IN PTR mail.$DOMAIN." > /etc/bind/rev.$(ipv6calc -q -a $(ipv6calc -q --ipv4_to_6to4addr $IP) | sed -e 's/
|
$(ipcalc -6 -a --reverse-dns $IPV6 | grep REVERSEDNS | sed -e 's/^REVERSEDNS=\([[:digit:]]\)\+.*/\1/') IN PTR mail.$DOMAIN." > /etc/bind/rev.$(ipcalc -6 -a --reverse-dns $IPV6 | grep REVERSEDNS | sed -e 's/^REVERSEDNS=[[:digit:]]\+\.//')
|
||||||
^[[:digit:]]\+\.//' -e 's/\.$//')
|
|
||||||
echo -e "\$TTL 604800
|
echo -e "\$TTL 604800
|
||||||
@ IN SOA ns1.$DOMAIN. admin.$DOMAIN. (
|
@ IN SOA ns1.$DOMAIN. admin.$DOMAIN. (
|
||||||
$(date +%Y%m%d)$(cat /etc/bind/version) ; Serial
|
$(date +%Y%m%d)$(cat /etc/bind/version) ; Serial
|
||||||
@ -103,26 +103,23 @@ echo -e "//
|
|||||||
//include \"/etc/bind/zones.rfc1918\";
|
//include \"/etc/bind/zones.rfc1918\";
|
||||||
|
|
||||||
zone \"$DOMAIN\" {
|
zone \"$DOMAIN\" {
|
||||||
type master;
|
type primary;
|
||||||
file \"/etc/bind/$DOMAIN.signed\";
|
file \"/etc/bind/$DOMAIN.signed\";
|
||||||
|
notify explicit;
|
||||||
};
|
};
|
||||||
|
|
||||||
zone \"$(ipv6calc -q -a $IP | sed -e 's/^[[:digit:]]\+\.//' -e 's/\.$//')\" {
|
zone \"$(ipcalc -4 -a --reverse-dns $IP | grep REVERSEDNS | sed -e 's/^REVERSEDNS=[[:digit:]]\+\.//')\" {
|
||||||
type master;
|
type master;
|
||||||
file \"/etc/bind/rev.$(ipv6calc -q -a $IP | sed -e 's/^[[:digit:]]\+\.//' -e 's/\.$//')\";
|
file \"/etc/bind/rev.$(ipcalc -4 -a --reverse-dns $IP | grep REVERSEDNS | sed -e 's/^REVERSEDNS=[[:digit:]]\+\.//')\";
|
||||||
};
|
};
|
||||||
|
|
||||||
zone \"$(ipv6calc -q -a $(ipv6calc -q --ipv4_to_6to4addr $IP) | sed -e 's/^[[:digit:]]\+\.//' -e 's/\.$//')\" {
|
zone \"$(ipcalc -6 -a --reverse-dns $IPV6 | grep REVERSEDNS | sed -e 's/^REVERSEDNS=[[:digit:]]\+\.//')\" {
|
||||||
type master;
|
type master;
|
||||||
file \"/etc/bind/rev.$(ipv6calc -q -a $(ipv6calc -q --ipv4_to_6to4addr $IP) | sed -e 's/^[[:digit:]]\+\.//' -e 's/\.$//')\";
|
file \"/etc/bind/rev.$(ipcalc -6 -a --reverse-dns $IPV6 | grep REVERSEDNS | sed -e 's/^REVERSEDNS=[[:digit:]]\+\.//')\";
|
||||||
};
|
};
|
||||||
|
|
||||||
zone \"$(ipv6calc -q -a ::ffff:$IP | sed -e 's/^[[:digit:]]\+\.//' -e 's/\.$//')\" {
|
acl \"trusted\" {
|
||||||
type master;
|
127.0.0.0/8;
|
||||||
file \"/etc/bind/rev.$(ipv6calc -q -a ::ffff:$IP | sed -e 's/^[[:digit:]]\+\.//' -e 's/\.$//')\";
|
|
||||||
};" > /etc/bind/named.conf.local
|
|
||||||
echo -e "acl \"trusted\" {
|
|
||||||
::1/128; 127.0.0.0/8; 172.0.0.0/8; $IP; $IPV6;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
options {
|
options {
|
||||||
@ -154,9 +151,20 @@ options {
|
|||||||
listen-on-v6 { any; };
|
listen-on-v6 { any; };
|
||||||
|
|
||||||
// config-bind9.txt
|
// config-bind9.txt
|
||||||
recursion yes;
|
disable-empty-zone \".\";
|
||||||
notify yes;
|
// root-delegation-only;
|
||||||
interface-interval 0;
|
require-server-cookie no;
|
||||||
|
send-cookie yes;
|
||||||
|
check-wildcard no;
|
||||||
|
clients-per-query 20;
|
||||||
|
max-clients-per-query 30;
|
||||||
|
auth-nxdomain yes;
|
||||||
|
listen-on { any; };
|
||||||
|
listen-on-v6 { any; };
|
||||||
|
max-udp-size 512;
|
||||||
|
recursion no;
|
||||||
|
minimal-responses yes;
|
||||||
|
notify no;
|
||||||
allow-transfer { none; };
|
allow-transfer { none; };
|
||||||
allow-query { any; };
|
allow-query { any; };
|
||||||
allow-query-cache { trusted; };
|
allow-query-cache { trusted; };
|
||||||
@ -169,22 +177,23 @@ options {
|
|||||||
check-names master warn;
|
check-names master warn;
|
||||||
check-names slave warn;
|
check-names slave warn;
|
||||||
check-names response warn;
|
check-names response warn;
|
||||||
// querylog yes;
|
querylog yes;
|
||||||
|
hostname \"$DOMAIN\";
|
||||||
|
server-id \"$DOMAIN\";
|
||||||
};
|
};
|
||||||
|
|
||||||
logging {
|
logging {
|
||||||
channel querylog{
|
channel querylog{
|
||||||
file \"/var/log/querylog\";
|
file \"/var/log/querylog\";
|
||||||
severity debug 10;
|
severity info;
|
||||||
print-category yes;
|
print-category yes;
|
||||||
print-time yes;
|
print-time yes;
|
||||||
print-severity yes;
|
print-severity yes;
|
||||||
};
|
};
|
||||||
category queries { querylog; };
|
category queries { querylog; };
|
||||||
};"> /etc/bind/named.conf.options
|
};"> /etc/bind/named.conf.options
|
||||||
|
chown $(id -u bind):$(id -g bind) -R /etc/bind
|
||||||
echo $(echo $(cat /etc/bind/version)"+1" | bc) > /etc/bind/version
|
echo $(echo $(cat /etc/bind/version)"+1" | bc) > /etc/bind/version
|
||||||
mkdir /run/named
|
|
||||||
chown 101.101 -R /etc/bind /run/named
|
|
||||||
cd /etc/bind
|
cd /etc/bind
|
||||||
dnssec-signzone -A -3 $(head -c 1000 /dev/urandom | sha1sum | cut -b 1-16) -N INCREMENT $DOMAIN
|
dnssec-signzone -A -3 $(head -c 1000 /dev/urandom | sha1sum | cut -b 1-16) -N INCREMENT $DOMAIN
|
||||||
named -c named.conf -f -u bind
|
/usr/sbin/named -u bind
|
||||||
1
bind9-docker
Submodule
1
bind9-docker
Submodule
@ -0,0 +1 @@
|
|||||||
|
Subproject commit cb3c1822602ee8b9a951e550a8a44b695fd2c13e
|
||||||
@ -7,7 +7,7 @@ services:
|
|||||||
container_name: bind
|
container_name: bind
|
||||||
restart: always
|
restart: always
|
||||||
entrypoint:
|
entrypoint:
|
||||||
- /etc/bind/command.sh
|
- /etc/bind/entrypoint.sh
|
||||||
ports:
|
ports:
|
||||||
- "53:53"
|
- "53:53"
|
||||||
- "53:53/udp"
|
- "53:53/udp"
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user