Tomi Cvetic 7 rokov pred
rodič
commit
dbf7dc44da

+ 3 - 2
Dockerfile

@@ -2,11 +2,12 @@ FROM alpine:latest
 
 MAINTAINER Tomi Cvetic <tomi@slurm.ch>
 
-RUN apk add --no-cache --update bind
+RUN apk add --no-cache --update \
+    bind
 
 EXPOSE 53:53/udp
 
-VOLUME ["/etc/bind/named.conf", "/etc/bind/zones"]
+VOLUME ["/etc/bind/zones"]
 
 CMD ["/usr/sbin/named", "-g", "-u", "named"]
 

+ 4 - 0
ddns.key

@@ -0,0 +1,4 @@
+key DDNS_UPDATE {
+  algorithm HMAC-MD5.SIG-ALG.REG.INT;
+  secret "o9mU3wsAZOuwHBmNEdynjA==";
+}

+ 8 - 9
docker-compose.yml

@@ -1,11 +1,10 @@
 bind:
-        image: bind-docker
-
-        volumes:
-                - ./named.conf:/etc/bind/named.conf
-                - ./zones:/var/lib/bind
-
-        ports:
-                - "53:53/tcp"
-                - "53:53/udp"
+  container_name: bind
+  build: .
+  volumes:
+    - ./named.conf:/etc/bind/named.conf
+    - ./zones:/var/lib/bind
+  ports:
+    - "53:53/tcp"
+    - "53:53/udp"
 

+ 17 - 0
generate_ddns_keys.sh

@@ -0,0 +1,17 @@
+#!/bin/sh
+
+# From https://wiki.debian.org/DDNS
+
+# 1. Generate a DNSSEC key pair
+dnssec-keygen -a HMAC-MD5 -b 128 -r /dev/urandom -K . -n USER DDNS_UPDATE
+
+# 2. Extract the key part from the private key file
+KEY=$(awk '$1 == "Key:" {print $2}' Kddns_update.*.private)
+
+# 3. Create a ddns.key file.
+cat > ddns.key <<EOF
+key DDNS_UPDATE {
+  algorithm HMAC-MD5.SIG-ALG.REG.INT;
+  secret "$KEY";
+}
+EOF

+ 12 - 8
named.conf

@@ -1,8 +1,13 @@
 options {
 	directory "/var/bind";
 
+	forwarders {
+		1.1.1.1;
+		1.0.0.1;
+	}
+
 	listen-on { any; };
-	listen-on-v6 { any; };
+	listen-on-v6 { none; };
 
 	allow-query { any; };
 	allow-transfer { none; };
@@ -14,15 +19,14 @@ options {
 
 zone "slurm.ch" IN {
 	type master;
+	notify no;
 	file "/etc/bind/zones/slurm.ch.zone";
+	allow-update { key DNS_UPDATE; };
 };
 
-zone "145.168.214.91.in-addr.arpa" {
-	type master;
-	file "/etc/bind/zones/fender.reverse.zone";
-};
-
-zone "104.92.33.178.in-addr.arpa" {
+zone "10.in-addr.arpa" {
 	type master;
-	file "/etc/bind/zones/fnog.reverse.zone";
+	notify no;
+	file "/etc/bind/zones/lan.reverse.zone";
+	allow-update { key DNS_UPDATE; };
 };

+ 0 - 11
zones/fender.reverse.zone

@@ -1,11 +0,0 @@
-$TTL 1D
-@		IN	SOA	ns2.slurm.ch.	mail.slurm.ch. (
-			2018072001	; Serial
-			8h		; Refresh
-			2h		; Retry
-			4w		; Expire
-			2d )		; TTL Negative Cache
-
-@		IN	NS	ns2.slurm.ch.
-
-91.214.168.145	IN	PTR	mail

+ 0 - 11
zones/fnog.reverse.zone

@@ -1,11 +0,0 @@
-$TTL 1D
-@				IN	SOA	ns3.slurm.ch.	mail.slurm.ch. (
-			2018072001	; Serial
-			8h		; Refresh
-			2h		; Retry
-			4w		; Expire
-			2d )		; TTL Negative Cache
-
-@				IN	NS	ns3.slurm.ch.
-
-104.92.33.178.in-addr.arpa.	IN	PTR	fnog

+ 15 - 0
zones/lan.reverse.zone

@@ -0,0 +1,15 @@
+$TTL 1D
+@								IN	SOA	ns.slurm.ch.	root.slurm.ch. (
+			2018072001	; Serial
+			8h		; Refresh
+			2h		; Retry
+			4w		; Expire
+			2d )		; TTL Negative Cache
+
+@								IN	NS	ns.slurm.ch.
+
+86.138.11.185.in-addr.arpa.		IN	PTR	flexo			
+145.168.214.91.in-addr.arpa.	IN	PTR	fender
+104.92.33.178.in-addr.arpa.		IN	PTR	fnog
+
+1.0.0							IN	PTR	hubert

+ 8 - 11
zones/slurm.ch.zone

@@ -1,19 +1,16 @@
 $TTL 1d
-@ IN SOA ns1.slurm.ch. root.slurm.ch. (
+@ IN SOA ns.slurm.ch. root.slurm.ch. (
         2018072001      ; serial
         1d	        ; refresh (8 hours)
         6h              ; retry (2 hours)
         4w              ; expire (4 weeks)
         1d              ; minimum (1 day)
 )
-                NS      ns1
-                NS      ns2
-                NS      ns3
+@               IN      NS              ns
 @               IN      MX      10      mail
-@               IN      A               185.11.138.86
-ns1             IN      A               185.11.138.86
-ns2             IN      A               91.214.168.145
-ns3             IN      A               178.33.92.104
-mail            IN      A               91.214.168.145
-www             IN      CNAME   	ns1
-*		IN	CNAME		www
+flexo           IN      A               185.11.138.86
+fender          IN      A               91.214.168.145
+fnog            IN      A               178.33.92.104
+mail            IN      CNAME           fender
+www             IN      CNAME   	flexo
+*		IN	CNAME		flexo