pdns recursor

docker-compose.yml

@@ -38,16 +38,16 @@ services:
             - "0.0.0.0:53:53/udp"
         env_file:
             - env
-#
-#    pdns-recursor:
-#      build: ./pdns-recursor
-#      container_name: pdns-pdns-recursor
-#        networks:
-#            pdns.internal.docker:
-#                aliases:
-#                  - pdns-recursor.pdns.internal.docker
-#        env_file:
-#            - env
+
+    pdns-recursor:
+        build: ./pdns-recursor
+        container_name: pdns-pdns-recursor
+        networks:
+            pdns.internal.docker:
+                aliases:
+                    - pdns-recursor.pdns.internal.docker
+        env_file:
+            - env
 
 
 networks:

pdns-recursor/Dockerfile

@@ -0,0 +1,23 @@
+FROM debian:jessie
+
+MAINTAINER Robin Thoni <robin@rthoni.com>
+
+RUN DEBIAN_FRONTEND=noninteractive apt-get update &&\
+    apt-get install -y pdns-recursor &&\
+    apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+RUN rm -rf /etc/powerdns/*
+
+RUN rm -rf /var/log/*
+
+COPY ./config/ /etc/powerdns/
+
+COPY ./vars-vars /etc/vars-vars
+
+COPY ./vars-files /etc/vars-files
+
+COPY ./run.sh /run.sh
+
+EXPOSE 53/udp
+
+CMD ["/run.sh"]

pdns-recursor/config/recursor.conf

@@ -0,0 +1,303 @@
+# Autogenerated configuration file template
+#################################
+# aaaa-additional-processing    turn on to do AAAA additional processing (slow)
+#
+# aaaa-additional-processing=off
+
+#################################
+# allow-from    If set, only allow these comma separated netmasks to recurse
+#
+# allow-from=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10
+
+#################################
+# allow-from-file       If set, load allowed netmasks from this file
+#
+# allow-from-file=
+
+#################################
+# auth-can-lower-ttl    If we follow RFC 2181 to the letter, an authoritative server can lower the TTL of NS records
+#
+# auth-can-lower-ttl=off
+
+#################################
+# auth-zones    Zones for which we have authoritative data, comma separated domain=file pairs 
+#
+# auth-zones=
+
+#################################
+# chroot        switch to chroot jail
+#
+# chroot=
+
+#################################
+# client-tcp-timeout    Timeout in seconds when talking to TCP clients
+#
+# client-tcp-timeout=2
+
+#################################
+# config-dir    Location of configuration directory (recursor.conf)
+#
+# config-dir=/etc/powerdns/
+
+#################################
+# daemon        Operate as a daemon
+#
+# daemon=yes
+
+#################################
+# delegation-only       Which domains we only accept delegations from
+#
+# delegation-only=
+
+#################################
+# disable-edns  Disable EDNS
+#
+# disable-edns=
+
+#################################
+# disable-edns-ping     Disable EDNSPing
+#
+# disable-edns-ping=no
+
+#################################
+# disable-packetcache   Disable packetcache
+#
+# disable-packetcache=no
+
+#################################
+# dont-query    If set, do not query these netmasks for DNS data
+#
+# dont-query=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10
+
+#################################
+# entropy-source        If set, read entropy from this file
+#
+# entropy-source=/dev/urandom
+
+#################################
+# etc-hosts-file        Path to 'hosts' file
+#
+# etc-hosts-file=/etc/hosts
+
+#################################
+# export-etc-hosts      If we should serve up contents from /etc/hosts
+#
+# export-etc-hosts=off
+
+#################################
+# forward-zones Zones for which we forward queries, comma separated domain=ip pairs
+#
+# forward-zones=
+
+#################################
+# forward-zones-file    File with (+)domain=ip pairs for forwarding
+#
+# forward-zones-file=
+
+#################################
+# forward-zones-recurse Zones for which we forward queries with recursion bit, comma separated domain=ip pairs
+#
+# forward-zones-recurse=
+
+#################################
+# hint-file     If set, load root hints from this file
+#
+# hint-file=
+
+#################################
+# ignore-rd-bit Assume each packet requires recursion, for compatability
+#
+# ignore-rd-bit=off
+
+#################################
+# local-address IP addresses to listen on, separated by spaces or commas. Also accepts ports.
+#
+local-address=0.0.0.0
+
+#################################
+# local-port    port to listen on
+#
+local-port=53
+
+#################################
+# log-common-errors     If we should log rather common errors
+#
+# log-common-errors=yes
+
+#################################
+# logging-facility      Facility to log messages as. 0 corresponds to local0
+#
+# logging-facility=
+
+#################################
+# lua-dns-script        Filename containing an optional 'lua' script that will be used to modify dns answers
+#
+# lua-dns-script=
+
+#################################
+# max-cache-entries     If set, maximum number of entries in the main cache
+#
+# max-cache-entries=1000000
+
+#################################
+# max-cache-ttl maximum number of seconds to keep a cached entry in memory
+#
+# max-cache-ttl=86400
+
+#################################
+# max-mthreads  Maximum number of simultaneous Mtasker threads
+#
+# max-mthreads=2048
+
+#################################
+# max-negative-ttl      maximum number of seconds to keep a negative cached entry in memory
+#
+# max-negative-ttl=3600
+
+#################################
+# max-packetcache-entries       maximum number of entries to keep in the packetcache
+#
+# max-packetcache-entries=500000
+
+#################################
+# max-tcp-clients       Maximum number of simultaneous TCP clients
+#
+# max-tcp-clients=128
+
+#################################
+# max-tcp-per-client    If set, maximum number of TCP sessions per client (IP address)
+#
+# max-tcp-per-client=0
+
+#################################
+# network-timeout       Wait this nummer of milliseconds for network i/o
+#
+# network-timeout=1500
+
+#################################
+# no-shuffle    Don't change
+#
+# no-shuffle=off
+
+#################################
+# packetcache-servfail-ttl      maximum number of seconds to keep a cached servfail entry in packetcache
+#
+# packetcache-servfail-ttl=60
+
+#################################
+# packetcache-ttl       maximum number of seconds to keep a cached entry in packetcache
+#
+# packetcache-ttl=3600
+
+#################################
+# pdns-distributes-queries      If PowerDNS itself should distribute queries over threads (EXPERIMENTAL)
+#
+# pdns-distributes-queries=no
+
+#################################
+# processes     Launch this number of processes (EXPERIMENTAL, DO NOT CHANGE)
+#
+# processes=1
+
+#################################
+# query-local-address   Source IP address for sending queries
+#
+# query-local-address=0.0.0.0
+
+#################################
+# query-local-address6  Source IPv6 address for sending queries
+#
+# query-local-address6=
+
+#################################
+# quiet Suppress logging of questions and answers
+#
+quiet=yes
+
+#################################
+# remotes-ringbuffer-entries    maximum number of packets to store statistics for
+#
+# remotes-ringbuffer-entries=0
+
+#################################
+# serve-rfc1918 If we should be authoritative for RFC 1918 private IP space
+#
+# serve-rfc1918=
+
+#################################
+# server-id     Returned when queried for 'server.id' TXT or NSID, defaults to hostname
+#
+# server-id=
+
+#################################
+# setgid        If set, change group id to this gid for more security
+#
+setgid=pdns
+
+#################################
+# setuid        If set, change user id to this uid for more security
+#
+setuid=pdns
+
+#################################
+# single-socket If set, only use a single socket for outgoing queries
+#
+# single-socket=off
+
+#################################
+# soa-minimum-ttl       Don't change
+#
+# soa-minimum-ttl=0
+
+#################################
+# soa-serial-offset     Don't change
+#
+# soa-serial-offset=0
+
+#################################
+# socket-dir    Where the controlsocket will live
+#
+# socket-dir=/var/run/
+
+#################################
+# socket-group  Group of socket
+#
+# socket-group=
+
+#################################
+# socket-mode   Permissions for socket
+#
+# socket-mode=
+
+#################################
+# socket-owner  Owner of socket
+#
+# socket-owner=
+
+#################################
+# spoof-nearmiss-max    If non-zero, assume spoofing after this many near misses
+#
+# spoof-nearmiss-max=20
+
+#################################
+# stack-size    stack size per mthread
+#
+# stack-size=200000
+
+#################################
+# threads       Launch this number of threads
+#
+# threads=2
+
+#################################
+# trace if we should output heaps of logging
+#
+# trace=off
+
+#################################
+# version-string        string reported on version.pdns or version.bind
+#
+# version-string=PowerDNS Recursor 3.3 $Id: pdns_recursor.cc 1712 2010-09-11 13:40:03Z ahu $
+
+
+

pdns-recursor/run.sh

@@ -0,0 +1,29 @@
+#! /usr/bin/env bash
+
+replace_var()
+{
+  file="${1}"
+  var="${2}"
+  sed -e "s?${var}?${!var}?g" -i "${file}"
+}
+
+replace_vars()
+{
+  file="${1}"
+  for var in $(cat /etc/vars-vars)
+  do
+    replace_var "${file}" "${var}"
+  done
+}
+
+replace_files()
+{
+  for file in $(cat /etc/vars-files)
+  do
+    replace_vars "${file}"
+  done
+}
+
+replace_files
+
+pdns_recursor --daemon=no

pdns-recursor/vars-files

@@ -0,0 +1,2 @@
+/etc/powerdns/pdns.d/pdns.local.gpgsql.conf
+/etc/powerdns/pdns.conf

pdns-recursor/vars-vars

@@ -0,0 +1,12 @@
+POSTGRES_HOST
+POSTGRES_USER
+POSTGRES_PASSWORD
+POSTGRES_DB
+
+PDNS_RECURSOR_HOST
+
+SESSION_KEY
+
+DNS_HOSTMASTER
+DNS_NS1
+DNS_NS2

pdns/Dockerfile

@@ -7,17 +7,12 @@ COPY ./preseed.txt /tmp/preseed.txt
 RUN debconf-set-selections /tmp/preseed.txt
 
 RUN DEBIAN_FRONTEND=noninteractive apt-get update &&\
-    apt-get install -y pdns-server pdns-backend-pgsql rsyslog &&\
+    apt-get install -y pdns-server pdns-backend-pgsql &&\
     apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
 RUN rm -rf /etc/powerdns/*
 
-RUN rm -rf /var/log/* &&\
-    mkfifo /var/log/mail.info &&\
-    ln -s /dev/null /var/log/mail.log &&\
-    ln -s /dev/stderr /var/log/mail.err &&\
-    ln -s /dev/null /var/log/syslog &&\
-    ln -s /dev/null /var/log/messages
+RUN rm -rf /var/log/*
 
 COPY ./config/ /etc/powerdns/
 

pdns/config/pdns.conf

@@ -1,7 +1,7 @@
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
-allow-axfr-ips=10.15.42.0/24
+# allow-axfr-ips=
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -11,12 +11,12 @@ allow-axfr-ips=10.15.42.0/24
 #################################
 # allow-recursion	List of subnets that are allowed to recurse
 #
-allow-recursion=178.170.0.0/16,127.0.0.1,213.246.52.61,52.28.227.93,52.58.80.7,10.15.42.0/24,10.8.0.0/24
+allow-recursion=127.0.0.1,172.0.0.0/8,192.168.0.0/16
 
 #################################
 # also-notify	When notifying a domain, also notify these nameservers
 #
-also-notify=10.15.42.6,10.15.42.15,10.15.42.16,10.15.42.17,10.15.42.18
+# also-notify=
 
 #################################
 # any-to-tcp	Answer ANY queries with tc=1, shunting to TCP
@@ -66,7 +66,7 @@ config-dir=/etc/powerdns
 #################################
 # daemon	Operate as a daemon
 #
-daemon=yes
+# daemon=yes
 
 #################################
 # default-ksk-algorithms	Default KSK algorithms
@@ -363,7 +363,7 @@ master=yes
 #################################
 # recursor	If recursion is desired, IP address of a recursing nameserver
 #
-recursor=127.0.0.1:54
+recursor=PDNS_RECURSOR_HOST:53
 
 #################################
 # retrieval-threads	Number of AXFR-retrieval threads for slave operation

pdns/run.sh

@@ -1,5 +1,7 @@
 #! /usr/bin/env bash
 
+export PDNS_RECURSOR_HOST="$(getent hosts ${PDNS_RECURSOR_HOST} | cut -d' ' -f1)"
+
 replace_var()
 {
   file="${1}"
@@ -26,9 +28,4 @@ replace_files()
 
 replace_files
 
-
-rm -f /var/run/rsyslogd.pid
-service rsyslog start &&
-service pdns start &&
-
-sleep 3600
+pdns_server --daemon=no

pdns/vars-files

@@ -1 +1,2 @@
 /etc/powerdns/pdns.d/pdns.local.gpgsql.conf
+/etc/powerdns/pdns.conf

poweradmin/poweradmin-2.1.7/.gitignore

@@ -1,4 +1,3 @@
-inc/config.inc.php
 .DS_Store
 /nbproject
 /scripts

poweradmin/poweradmin-2.1.7/inc/config.inc.php

@@ -0,0 +1,16 @@
+<?php
+
+$db_host    = 'POSTGRES_HOST';
+$db_user    = 'POSTGRES_USER';
+$db_pass    = 'POSTGRES_PASSWORD';
+$db_name    = 'POSTGRES_DB';
+$db_type    = 'pgsql';
+$db_layer   = 'PDO';
+
+$session_key    = 'SESSION_KEY';
+
+$iface_lang   = 'en_EN';
+
+$dns_hostmaster   = 'DNS_HOSTMASTER';
+$dns_ns1    = 'DNS_NS1';
+$dns_ns2    = 'DNS_NS2';