Browse Source

added bind

tags/v2.0.0
Robin Thoni 2 years ago
parent
commit
8130736238

+ 4
- 4
apache/vars-vars View File

@@ -1,7 +1,3 @@
1
-DHCP_TSIG_KEY_NAME
2
-DHCP_TSIG_KEY_ALGO
3
-DHCP_TSIG_KEY_SECRET
4
-
5 1
 DHCP_DNS_MASTER
6 2
 DHCP_DNS_SERVER
7 3
 DHCP_TFTP_SERVER
@@ -17,3 +13,7 @@ DHCP_NETMASK
17 13
 DHCP_IP_FIRST
18 14
 DHCP_IP_LAST
19 15
 DHCP_BROADCAST
16
+
17
+DNS_TSIG_KEY_INTERNAL_SECRET
18
+DNS_TSIG_KEY_EXTERNAL_SECRET
19
+DNS_TSIG_KEY_RNDC_SECRET

+ 29
- 0
bind/Dockerfile View File

@@ -0,0 +1,29 @@
1
+FROM robinthoni/debian-multiarch:jessie
2
+
3
+MAINTAINER Robin Thoni <robin@rthoni.com>
4
+
5
+ARG CONFIG_DIR=/etc/default/config-files/
6
+
7
+RUN apt-get update && apt-get -y install\
8
+        bind9\
9
+        dnsutils\
10
+        bind9utils &&\
11
+        apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
12
+
13
+RUN rm -rf /var/log/*
14
+
15
+COPY ./vars-vars /etc/vars-vars
16
+
17
+COPY ./vars-files /etc/vars-files
18
+
19
+COPY ./common.sh /common.sh
20
+
21
+COPY ./run.sh /run.sh
22
+
23
+RUN mkdir "${CONFIG_DIR}"
24
+
25
+COPY ./config "${CONFIG_DIR}"
26
+
27
+EXPOSE 53/udp 53/tcp
28
+
29
+CMD ["/run.sh"]

+ 41
- 0
bind/common.sh View File

@@ -0,0 +1,41 @@
1
+export CONFIG_DIR="/etc/default/config-files/"
2
+
3
+resolv_host()
4
+{
5
+  hostname="${1}"
6
+  ip=$(getent hosts "${hostname}" | cut -d' ' -f1)
7
+  echo "${ip}"
8
+}
9
+
10
+replace_var()
11
+{
12
+  file="${1}"
13
+  var="${2}"
14
+  sed -e "s?${var}?${!var}?g" -i "${file}"
15
+}
16
+
17
+replace_vars()
18
+{
19
+  file="${1}"
20
+  for var in $(cat /etc/vars-vars)
21
+  do
22
+    replace_var "${file}" "${var}"
23
+  done
24
+}
25
+
26
+replace_files()
27
+{
28
+  cat /etc/vars-files | while read line
29
+  do
30
+    filesrc="${CONFIG_DIR}$(echo "${line}" | awk '{print $1}')"
31
+    filedst=$(echo "${line}" | awk '{print $2}')
32
+    if [ -f "${filesrc}" ]
33
+    then
34
+      echo "Expanding file ${filesrc} to ${filedst}"
35
+      cp "${filesrc}" "${filedst}"
36
+      replace_vars "${filedst}"
37
+    else
38
+      echo "File ${filesrc} does not exist. Skipping."
39
+    fi
40
+  done
41
+}

+ 64
- 0
bind/config/named.conf View File

@@ -0,0 +1,64 @@
1
+logging {
2
+  category default {
3
+    default_stderr;
4
+  };
5
+};
6
+
7
+key "key-internal" {
8
+    algorithm HMAC-MD5;
9
+    secret "DNS_TSIG_KEY_INTERNAL_SECRET";
10
+};
11
+
12
+key "key-external" {
13
+    algorithm HMAC-MD5;
14
+    secret "DNS_TSIG_KEY_EXTERNAL_SECRET";
15
+};
16
+
17
+key "key-rndc" {
18
+    algorithm HMAC-MD5;
19
+    secret "DNS_TSIG_KEY_RNDC_SECRET";
20
+};
21
+
22
+acl "acl-internal" {
23
+  !key "key-external";
24
+  key "key-internal";
25
+  192.168.0.0/16;
26
+  172.16.0.0/12;
27
+  10.0.0.0/8;
28
+  localhost;
29
+};
30
+
31
+acl "acl-external" {
32
+  !key "key-internal";
33
+  key "key-external";
34
+  any;
35
+};
36
+
37
+masters "masters-example.com-internal" {
38
+  10.10.0.1 key "key-internal";
39
+};
40
+
41
+masters "masters-example.com-external" {
42
+  10.10.0.1 key "key-external";
43
+};
44
+
45
+options {
46
+  directory "/var/cache/bind";
47
+  dnssec-validation auto;
48
+  auth-nxdomain no;
49
+  listen-on-v6 {
50
+    none;
51
+  };
52
+  masterfile-format text;
53
+  notify explicit;
54
+};
55
+
56
+controls {
57
+  inet 127.0.0.1 allow {
58
+    localhost;
59
+  } keys {
60
+    "key-rndc";
61
+  };
62
+};
63
+
64
+include "/etc/bind/named.conf.local";

+ 43
- 0
bind/config/named.conf.local View File

@@ -0,0 +1,43 @@
1
+view "view-internal" {
2
+  match-clients {
3
+    "acl-internal";
4
+  };
5
+  allow-recursion {
6
+    any;
7
+  };
8
+  also-notify {
9
+    "masters-example.com-internal";
10
+  };
11
+  allow-transfer {
12
+    key "key-internal";
13
+  };
14
+  allow-update {
15
+    key "key-internal";
16
+  };
17
+
18
+  include "/etc/bind/named.conf.default-zones";
19
+  include "/etc/bind/zones.rfc1918";
20
+  include "/etc/bind/zones/named.conf.local.common";
21
+  include "/etc/bind/zones/named.conf.local.internal";
22
+};
23
+
24
+view "view-external" {
25
+  match-clients {
26
+    "acl-external";
27
+  };
28
+  allow-recursion {
29
+    none;
30
+  };
31
+  also-notify {
32
+    "masters-example.com-external";
33
+  };
34
+  allow-transfer {
35
+    key "key-external";
36
+  };
37
+  allow-update {
38
+    key "key-external";
39
+  };
40
+
41
+  include "/etc/bind/zones/named.conf.local.common";
42
+  include "/etc/bind/zones/named.conf.local.external";
43
+};

+ 10
- 0
bind/config/rndc.conf View File

@@ -0,0 +1,10 @@
1
+key "rndc-key" {
2
+        algorithm hmac-md5;
3
+        secret "DNS_TSIG_KEY_RNDC_SECRET";
4
+};
5
+
6
+options {
7
+        default-key "rndc-key";
8
+        default-server 127.0.0.1;
9
+        default-port 953;
10
+};

+ 8
- 0
bind/run.sh View File

@@ -0,0 +1,8 @@
1
+#! /usr/bin/env bash
2
+
3
+. /common.sh
4
+
5
+replace_files
6
+
7
+exec named -f -d 10 -4
8
+#exec cat /etc/bind/named.conf; named-checkconf -z; named -f -d 10 -4

+ 3
- 0
bind/vars-files View File

@@ -0,0 +1,3 @@
1
+named.conf /etc/bind/named.conf
2
+named.conf.local /etc/bind/named.conf.local
3
+rndc.conf /etc/bind/rndc.conf

+ 19
- 0
bind/vars-vars View File

@@ -0,0 +1,19 @@
1
+DHCP_DNS_MASTER
2
+DHCP_DNS_SERVER
3
+DHCP_TFTP_SERVER
4
+DHCP_ROUTERS
5
+
6
+DHCP_DOMAIN
7
+DHCP_SITE_DOMAIN
8
+DHCP_DYN_IPS_DOMAIN
9
+DHCP_REV_DOMAIN
10
+
11
+DHCP_SUBNET
12
+DHCP_NETMASK
13
+DHCP_IP_FIRST
14
+DHCP_IP_LAST
15
+DHCP_BROADCAST
16
+
17
+DNS_TSIG_KEY_INTERNAL_SECRET
18
+DNS_TSIG_KEY_EXTERNAL_SECRET
19
+DNS_TSIG_KEY_RNDC_SECRET

+ 21
- 0
data/bind/zones/common/db.example.com View File

@@ -0,0 +1,21 @@
1
+$ORIGIN .
2
+$TTL 86400	; 1 day
3
+example.com		IN SOA	ns1.example.com. hostmaster.example.com. (
4
+				2002022402 ; serial
5
+				10800      ; refresh (3 hours)
6
+				15         ; retry (15 seconds)
7
+				604800     ; expire (1 week)
8
+				10800      ; minimum (3 hours)
9
+				)
10
+$TTL 600	; 10 minutes
11
+			NS	ns1.example.com.
12
+			NS	ns2.example.com.
13
+			MX	10 mail.example.com.
14
+$ORIGIN example.com.
15
+mail			A	24.24.24.24
16
+ns1			A	24.24.24.24
17
+ns2			A	24.24.24.42
18
+serv1			CNAME	serv1.site1
19
+serv2			CNAME	serv2.site1
20
+$TTL 300	; 5 minutes
21
+test			A	42.42.42.42

+ 0
- 0
data/bind/zones/external/.gitkeep View File


+ 17
- 0
data/bind/zones/external/db.site1.example.com View File

@@ -0,0 +1,17 @@
1
+$ORIGIN .
2
+$TTL 86400	; 1 day
3
+site1.example.com	IN SOA	ns1.example.com. hostmaster.example.com. (
4
+				2002022402 ; serial
5
+				10800      ; refresh (3 hours)
6
+				15         ; retry (15 seconds)
7
+				604800     ; expire (1 week)
8
+				10800      ; minimum (3 hours)
9
+				)
10
+$TTL 600	; 10 minutes
11
+			NS	ns1.example.com.
12
+			NS	ns2.example.com.
13
+$ORIGIN site1.example.com.
14
+$TTL 600	; 10 minutes
15
+serv1			CNAME	site1
16
+serv2			CNAME	site1
17
+site1			A	42.42.42.43

+ 0
- 0
data/bind/zones/internal/.gitkeep View File


+ 15
- 0
data/bind/zones/internal/db.100.15.10.in-addr.arpa View File

@@ -0,0 +1,15 @@
1
+$ORIGIN .
2
+$TTL 86400	; 1 day
3
+100.15.10.in-addr.arpa	IN SOA	ns1.example.com. hostmaster.example.com. (
4
+				2002022406 ; serial
5
+				10800      ; refresh (3 hours)
6
+				15         ; retry (15 seconds)
7
+				604800     ; expire (1 week)
8
+				10800      ; minimum (3 hours)
9
+				)
10
+$TTL 600	; 10 minutes
11
+			NS	ns1.example.com.
12
+$ORIGIN 100.15.10.in-addr.arpa.
13
+50			PTR	user1-lt1.dhcp.site1.example.com.
14
+$TTL 300	; 5 minutes
15
+55			PTR	betaclean-lt1.dhcp.site1.example.com.

+ 15
- 0
data/bind/zones/internal/db.dhcp.site1.example.com View File

@@ -0,0 +1,15 @@
1
+$ORIGIN .
2
+$TTL 86400	; 1 day
3
+dhcp.site1.example.com	IN SOA	ns1.example.com. hostmaster.example.com. (
4
+				2002022408 ; serial
5
+				10800      ; refresh (3 hours)
6
+				15         ; retry (15 seconds)
7
+				604800     ; expire (1 week)
8
+				10800      ; minimum (3 hours)
9
+				)
10
+$TTL 600	; 10 minutes
11
+			NS	ns1.example.com.
12
+$ORIGIN dhcp.site1.example.com.
13
+$TTL 300	; 5 minutes
14
+betaclean-lt1		A	10.15.100.55
15
+			TXT	"31b93fc9347fc03ee8b440163a6886baf2"

+ 13
- 0
data/bind/zones/internal/db.site1.example.com View File

@@ -0,0 +1,13 @@
1
+$TTL  10m
2
+;$ORIGIN site1.example.com.
3
+@  1D  IN  SOA ns1.example.com. hostmaster.example.com. (
4
+            2002022401 ; serial
5
+            3H ; refresh
6
+            15 ; retry
7
+            1w ; expire
8
+            3h ; nxdomain ttl
9
+           )
10
+        IN  NS     ns1.example.com.
11
+site1   IN  A      42.42.42.42
12
+serv1   IN  A      10.15.0.1
13
+serv2   IN  A      10.15.0.2

+ 4
- 0
data/bind/zones/named.conf.local.common View File

@@ -0,0 +1,4 @@
1
+zone "example.com" {
2
+  type master;
3
+  file "/etc/bind/zones/common/db.example.com";
4
+};

+ 4
- 0
data/bind/zones/named.conf.local.external View File

@@ -0,0 +1,4 @@
1
+zone "site1.example.com" {
2
+  type master;
3
+  file "/etc/bind/zones/external/db.site1.example.com";
4
+};

+ 12
- 0
data/bind/zones/named.conf.local.internal View File

@@ -0,0 +1,12 @@
1
+zone "site1.example.com" {
2
+  type master;
3
+  file "/etc/bind/zones/internal/db.site1.example.com";
4
+};
5
+zone "dhcp.site1.example.com" {
6
+  type master;
7
+  file "/etc/bind/zones/internal/db.dhcp.site1.example.com";
8
+};
9
+zone "100.15.10.in-addr.arpa" {
10
+  type master;
11
+  file "/etc/bind/zones/internal/db.100.15.10.in-addr.arpa";
12
+};

+ 12
- 0
docker-compose.yml View File

@@ -1,6 +1,18 @@
1 1
 version: '2'
2 2
 
3 3
 services:
4
+    bind:
5
+        build: ./bind
6
+        container_name: dhcp-bind
7
+#        restart: unless-stopped
8
+        volumes:
9
+            - ./data/bind/zones:/etc/bind/zones
10
+        ports:
11
+            - "0.0.0.0:53:53/udp"
12
+            - "0.0.0.0:53:53/tcp"
13
+        env_file:
14
+            - env
15
+
4 16
     isc-dhcp:
5 17
         build: ./isc-dhcp
6 18
         container_name: dhcp-isc-dhcp

+ 10
- 10
env View File

@@ -1,15 +1,11 @@
1
-DHCP_TSIG_KEY_NAME=dhcpupdate
2
-DHCP_TSIG_KEY_ALGO=hmac-md5
3
-DHCP_TSIG_KEY_SECRET=change_it
4
-
5
-DHCP_DNS_MASTER=10.15.100.1
6
-DHCP_DNS_SERVER=10.15.100.1
7
-DHCP_TFTP_SERVER=10.15.100.1
8
-DHCP_ROUTERS=10.15.100.1
1
+DHCP_DNS_MASTER=10.15.100.3
2
+DHCP_DNS_SERVER=10.15.100.3
3
+DHCP_TFTP_SERVER=10.15.100.3
4
+DHCP_ROUTERS=10.15.100.2
9 5
 
10 6
 DHCP_DOMAIN=example.com
11
-DHCP_SITE_DOMAIN=site.example.com
12
-DHCP_DYN_IPS_DOMAIN=dhcp.site.example.com
7
+DHCP_SITE_DOMAIN=site1.example.com
8
+DHCP_DYN_IPS_DOMAIN=dhcp.site1.example.com
13 9
 DHCP_REV_DOMAIN=100.15.10.in-addr.arpa.
14 10
 
15 11
 DHCP_SUBNET=10.15.100.0
@@ -17,3 +13,7 @@ DHCP_NETMASK=255.255.255.0
17 13
 DHCP_IP_FIRST=10.15.100.50
18 14
 DHCP_IP_LAST=10.15.100.250
19 15
 DHCP_BROADCAST=10.15.100.255
16
+
17
+DNS_TSIG_KEY_INTERNAL_SECRET=change_it
18
+DNS_TSIG_KEY_EXTERNAL_SECRET=change_it
19
+DNS_TSIG_KEY_RNDC_SECRET=change_it

+ 6
- 7
isc-dhcp/dhcpd.conf View File

@@ -1,22 +1,22 @@
1 1
 #Dynamic DNS security settings
2
-key DHCP_TSIG_KEY_NAME {
3
-        algorithm DHCP_TSIG_KEY_ALGO;
4
-        secret "DHCP_TSIG_KEY_SECRET";
2
+key "key-internal" {
3
+        algorithm HMAC-MD5;
4
+        secret "DNS_TSIG_KEY_INTERNAL_SECRET";
5 5
 };
6 6
 
7 7
 zone DHCP_DYN_IPS_DOMAIN {
8 8
     primary DHCP_DNS_MASTER;
9
-    key DHCP_TSIG_KEY_NAME;
9
+    key "key-internal";
10 10
 }
11 11
 
12 12
 zone DHCP_SITE_DOMAIN {
13 13
     primary DHCP_DNS_MASTER;
14
-    key DHCP_TSIG_KEY_NAME;
14
+    key "key-internal";
15 15
 }
16 16
 
17 17
 zone DHCP_REV_DOMAIN {
18 18
     primary DHCP_DNS_MASTER;
19
-    key DHCP_TSIG_KEY_NAME;
19
+    key "key-internal";
20 20
 }
21 21
 
22 22
 
@@ -33,7 +33,6 @@ ddns-updates on;
33 33
 ddns-update-style interim;
34 34
 update-static-leases on;
35 35
 #allow client-updates;
36
-ddns-rev-domainname "in-addr.arpa.";
37 36
 
38 37
 # Misc settings
39 38
 use-host-decl-names on;

+ 4
- 4
isc-dhcp/vars-vars View File

@@ -1,7 +1,3 @@
1
-DHCP_TSIG_KEY_NAME
2
-DHCP_TSIG_KEY_ALGO
3
-DHCP_TSIG_KEY_SECRET
4
-
5 1
 DHCP_DNS_MASTER
6 2
 DHCP_DNS_SERVER
7 3
 DHCP_TFTP_SERVER
@@ -17,3 +13,7 @@ DHCP_NETMASK
17 13
 DHCP_IP_FIRST
18 14
 DHCP_IP_LAST
19 15
 DHCP_BROADCAST
16
+
17
+DNS_TSIG_KEY_INTERNAL_SECRET
18
+DNS_TSIG_KEY_EXTERNAL_SECRET
19
+DNS_TSIG_KEY_RNDC_SECRET

+ 4
- 4
tftpd/vars-vars View File

@@ -1,7 +1,3 @@
1
-DHCP_TSIG_KEY_NAME
2
-DHCP_TSIG_KEY_ALGO
3
-DHCP_TSIG_KEY_SECRET
4
-
5 1
 DHCP_DNS_MASTER
6 2
 DHCP_DNS_SERVER
7 3
 DHCP_TFTP_SERVER
@@ -17,3 +13,7 @@ DHCP_NETMASK
17 13
 DHCP_IP_FIRST
18 14
 DHCP_IP_LAST
19 15
 DHCP_BROADCAST
16
+
17
+DNS_TSIG_KEY_INTERNAL_SECRET
18
+DNS_TSIG_KEY_EXTERNAL_SECRET
19
+DNS_TSIG_KEY_RNDC_SECRET

+ 1
- 1
update_vars.sh View File

@@ -1,7 +1,7 @@
1 1
 #! /usr/bin/env sh
2 2
 
3 3
 vars=$(cat env | cut -d= -f1)
4
-for docker in isc-dhcp tftpd apache
4
+for docker in isc-dhcp tftpd apache bind
5 5
 do
6 6
   echo "${vars}" > "./${docker}/vars-vars"
7 7
 done

Loading…
Cancel
Save