davidb
/
docker_bind
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

break up config; add run_rndc.sh

This commit is contained in:
David Blacka 2023-02-24 20:37:14 -05:00
parent 0f495466d8
commit 217a5b7d29
10 changed files with 321 additions and 247 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
cfg/named.conf
View File

@ -1,79 +1,7 @@
options {
directory "/var/cache/bind";
statistics-file "/var/cache/bind/named.stats.txt";
session-keyfile "/var/cache/bind/session.key";
pid-file "/var/cache/bind/named.pid";
lock-file "/var/cache/bind/named.lock";
listen-on { 127.0.0.1; };
listen-on-v6 { ::1; };
allow-recursion { 127.0.0.1; ::1; };
dnssec-validation yes;
};
logging {
channel "dnssec" {
file "/var/log/named/dnssec.log";
print-category yes;
print-severity yes;
print-time iso8601-utc;
};
channel "security" {
file "/var/log/named/security.log";
print-category yes;
print-severity yes;
print-time iso8601-utc;
};
channel "xfr-in" {
file "/var/log/named/xfr-in.log";
print-category yes;
print-severity yes;
print-time iso8601-utc;
};
channel "xfr-out" {
file "/var/log/named/xfr-out.log";
print-category yes;
print-severity yes;
print-time iso8601-utc;
};
channel "default" {
file "/var/log/named/named.log";
print-category yes;
print-severity yes;
print-time iso8601-utc;
};
category dnssec { dnssec; };
category security { security; };
category xfer-in { xfr-in; };
category xfer-out { xfr-out; };
category general { default; };
category config { default; };
category notify { xfr-out; };
category zoneload { default; };
};
key "rndc-key" {
algorithm hmac-sha256;
secret "Divr3QQ1G6qBBuRAx1QPiE4hFwnC6of6z3o82PYf7TY=";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
include "/etc/bind/keys/zeke-tornado.keys";
include "/etc/bind/keys/zeke-ogud.keys";
include "/etc/bind/keys/named_hxr_us.keys";
include "/etc/bind/keys/named_knitbot_org.keys";
dnssec-policy "custom" {
dnskey-ttl 7200;
keys {
csk lifetime unlimited algorithm ed25519;
};
nsec3param iterations 0 optout no salt-length 0;
};
include "/etc/bind/named.zones.conf";
include "/etc/bind/named.options.conf";
include "/etc/bind/named.logging.conf";
include "/etc/bind/named.dnssec.conf";
include "/etc/bind/named.rndc.conf";
include "/etc/bind/named.keys.conf";
include "/etc/bind/named.primary.conf";
include "/etc/bind/named.secondary.conf";

7
cfg/named.dnssec.conf Normal file
View File

@ -0,0 +1,7 @@
dnssec-policy "simple_alg15" {
dnskey-ttl 7200;
keys {
csk lifetime unlimited algorithm ed25519;
};
nsec3param iterations 0 optout no salt-length 0;
};

4
cfg/named.keys.conf Normal file
View File

@ -0,0 +1,4 @@
include "/etc/bind/keys/zeke-tornado.keys";
include "/etc/bind/keys/zeke-ogud.keys";
include "/etc/bind/keys/named_hxr_us.keys";
include "/etc/bind/keys/named_knitbot_org.keys";

40
cfg/named.logging.conf Normal file
View File

@ -0,0 +1,40 @@
logging {
channel "dnssec" {
file "/var/log/named/dnssec.log";
print-category yes;
print-severity yes;
print-time iso8601-utc;
};
channel "security" {
file "/var/log/named/security.log";
print-category yes;
print-severity yes;
print-time iso8601-utc;
};
channel "xfr-in" {
file "/var/log/named/xfr-in.log";
print-category yes;
print-severity yes;
print-time iso8601-utc;
};
channel "xfr-out" {
file "/var/log/named/xfr-out.log";
print-category yes;
print-severity yes;
print-time iso8601-utc;
};
channel "default" {
file "/var/log/named/named.log";
print-category yes;
print-severity yes;
print-time iso8601-utc;
};
category dnssec { dnssec; };
category security { security; };
category xfer-in { xfr-in; };
category xfer-out { xfr-out; };
category general { default; };
category config { default; };
category notify { xfr-out; };
category zoneload { default; };
};

13
cfg/named.options.conf Normal file
View File

@ -0,0 +1,13 @@
options {
directory "/var/cache/bind";
statistics-file "/var/cache/bind/named.stats.txt";
session-keyfile "/var/cache/bind/session.key";
pid-file "/var/cache/bind/named.pid";
lock-file "/var/cache/bind/named.lock";
listen-on { 127.0.0.1; 70.164.19.155; 70.164.19.156; };
listen-on-v6 { ::1; };
allow-recursion { 127.0.0.1; ::1; };
dnssec-validation yes;
};

229
cfg/named.primary.conf Normal file
View File

@ -0,0 +1,229 @@
zone "blacka.com" {
type primary;
file "/var/lib/bind/blacka.com";
dnssec-policy "simple_alg15";
inline-signing yes;
notify yes;
also-notify {
66.92.146.115;
204.109.61.194;
};
allow-transfer {
127.0.0.1;
key zeke-tornado.;
key zeke-ogud2.;
key zeke-ogud3;
};
};
zone "ecotroph.net" {
type primary;
file "/var/lib/bind/ecotroph.net";
notify yes;
allow-transfer {
127.0.0.1;
key zeke-tornado.;
key zeke-ogud2.;
key zeke-ogud3;
};
};
zone "nortonbertram.com" {
type primary;
file "/var/lib/bind/nortonbertram.com";
notify yes;
allow-transfer {
127.0.0.1;
202.157.185.115;
202.157.182.142;
64.151.105.12;
};
};
zone "hxr.us" {
type primary;
file "/var/lib/bind/hxr.us";
notify yes;
allow-transfer {
127.0.0.1;
66.92.146.115;
204.109.61.194;
66.92.146.160;
64.151.105.12;
};
};
zone "fcdissident.us" {
type primary;
file "/var/lib/bind/fcdissident.us";
notify yes;
allow-transfer {
127.0.0.1;
66.92.146.115;
204.109.61.194;
66.92.146.160;
64.151.105.12;
};
};
zone "fallschurchdissident.us" {
type primary;
file "/var/lib/bind/fallschurchdissident.us";
notify yes;
allow-transfer {
127.0.0.1;
66.92.146.115;
204.109.61.194;
66.92.146.160;
64.151.105.12;
};
};
zone "fallschurchdissident.com" {
type primary;
file "/var/lib/bind/fallschurchdissident.com";
notify yes;
allow-transfer {
127.0.0.1;
66.92.146.115;
204.109.61.194;
66.92.146.160;
64.151.105.12;
};
};
zone "t.hxr.us" {
type primary;
file "/var/lib/bind/t.hxr.us";
allow-transfer {
127.0.0.1;
64.151.105.12;
};
};
zone "dyn.hxr.us" {
type primary;
file "/var/lib/bind/dyn/dyn.hxr.us";
allow-transfer {
127.0.0.1;
64.151.105.12;
};
update-policy { grant * self * A; };
};
zone "kosters.net" {
type primary;
file "/var/lib/bind/kosters.net";
notify yes;
also-notify {
65.201.175.12;
66.92.146.115;
204.109.61.194;
};
allow-transfer {
127.0.0.1;
65.201.175.11;
65.201.175.12;
64.151.105.12;
64.22.125.99;
70.164.18.40;
70.164.18.41;
70.164.18.42;
207.234.133.162;
key zeke-ogud2.;
key zeke-ogud3;
};
};
zone "bjmk.com" {
type primary;
file "/var/lib/bind/bjmk.com";
notify yes;
also-notify {
65.201.175.12;
66.92.146.115;
204.109.61.194;
};
allow-transfer {
127.0.0.1;
65.201.175.11;
65.201.175.12;
64.151.105.12;
64.22.125.99;
70.164.18.40;
70.164.18.41;
70.164.18.42;
207.234.133.162;
key zeke-ogud2.;
key zeke-ogud3;
};
};
zone "gracecrc.org" {
type primary;
file "/var/lib/bind/gracecrc.org";
notify yes;
also-notify {
65.201.175.12;
66.92.146.115;
204.109.61.194;
};
allow-transfer {
127.0.0.1;
65.201.175.11;
65.201.175.12;
64.151.105.12;
64.22.125.99;
70.164.18.40;
70.164.18.41;
70.164.18.42;
207.234.133.162;
key zeke-ogud2.;
key zeke-ogud3.;
};
};
zone "toscano.org" {
type primary;
file "/var/lib/bind/toscano.org";
notify yes;
allow-transfer {
127.0.0.1;
202.157.185.115;
202.157.182.142;
};
};
zone "prevelige.org" {
type primary;
file "/var/lib/bind/prevelige.org";
notify yes;
allow-transfer {
127.0.0.1;
202.157.185.115;
202.157.182.142;
};
};
zone "duffyfamily.me" {
type primary;
file "/var/lib/bind/duffyfamily.me";
notify yes;
allow-transfer {
127.0.0.1;
202.157.185.115;
202.157.182.142;
};
};
zone "littlebit.us" {
type primary;
file "/var/lib/bind/littlebit.us";
notify yes;
allow-transfer {
127.0.0.1;
202.157.185.115;
202.157.182.142;
};
};

9
cfg/named.rndc.conf Normal file
View File

@ -0,0 +1,9 @@
key "rndc-key" {
algorithm hmac-sha256;
secret "Divr3QQ1G6qBBuRAx1QPiE4hFwnC6of6z3o82PYf7TY=";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};

8
cfg/named.secondary.conf Normal file
View File

@ -0,0 +1,8 @@
zone "ogud.com" {
type secondary;
file "/var/lib/bind/secondary/ogud.com";
masters {
104.225.12.28;
#204.109.61.194;
};
};

168
cfg/named.zones.conf
View File

@ -1,168 +0,0 @@
zone "blacka.com" {
type primary;
file "/var/lib/bind/blacka.com";
dnssec-policy "custom";
inline-signing yes;
notify yes;
also-notify { 66.92.146.115; 204.109.61.194; };
allow-transfer { 127.0.0.1; key zeke-tornado.; key zeke-ogud2.; key zeke-ogud3; };
};
zone "ecotroph.net" {
type primary;
file "/var/lib/bind/ecotroph.net";
notify yes;
allow-transfer { 127.0.0.1; key zeke-tornado.; key zeke-ogud2.; key zeke-ogud3; };
};
zone "nortonbertram.com" {
type primary;
file "/var/lib/bind/nortonbertram.com";
notify yes;
allow-transfer { 127.0.0.1; 202.157.185.115; 202.157.182.142; 64.151.105.12; };
};
zone "hxr.us" {
type primary;
file "/var/lib/bind/hxr.us";
notify yes;
allow-transfer { 127.0.0.1; 66.92.146.115; 204.109.61.194; 66.92.146.160; 64.151.105.12; };
};
zone "fcdissident.us" {
type primary;
file "/var/lib/bind/fcdissident.us";
notify yes;
allow-transfer { 127.0.0.1; 66.92.146.115; 204.109.61.194; 66.92.146.160; 64.151.105.12; };
};
zone "fallschurchdissident.us" {
type primary;
file "/var/lib/bind/fallschurchdissident.us";
notify yes;
allow-transfer { 127.0.0.1; 66.92.146.115; 204.109.61.194; 66.92.146.160; 64.151.105.12; };
};
zone "fallschurchdissident.com" {
type primary;
file "/var/lib/bind/fallschurchdissident.com";
notify yes;
allow-transfer { 127.0.0.1; 66.92.146.115; 204.109.61.194; 66.92.146.160; 64.151.105.12; };
};
zone "t.hxr.us" {
type primary;
file "/var/lib/bind/t.hxr.us";
allow-transfer { 127.0.0.1; 64.151.105.12; };
};
zone "dyn.hxr.us" {
type primary;
file "/var/lib/bind/dyn/dyn.hxr.us";
allow-transfer { 127.0.0.1; 64.151.105.12; };
update-policy { grant * self * A; };
};
zone "kosters.net" {
type primary;
file "/var/lib/bind/kosters.net";
notify yes;
also-notify { 65.201.175.12; 66.92.146.115; 204.109.61.194; };
allow-transfer { 127.0.0.1;
65.201.175.11;
65.201.175.12;
64.151.105.12;
64.22.125.99;
70.164.18.40;
70.164.18.41;
70.164.18.42;
207.234.133.162;
key zeke-ogud2.; key zeke-ogud3;
};
};
zone "bjmk.com" {
type primary;
file "/var/lib/bind/bjmk.com";
notify yes;
also-notify { 65.201.175.12; 66.92.146.115; 204.109.61.194; };
allow-transfer { 127.0.0.1;
65.201.175.11;
65.201.175.12;
64.151.105.12;
64.22.125.99;
70.164.18.40;
70.164.18.41;
70.164.18.42;
207.234.133.162;
key zeke-ogud2.; key zeke-ogud3;
};
};
zone "gracecrc.org" {
type primary;
file "/var/lib/bind/gracecrc.org";
notify yes;
also-notify { 65.201.175.12; 66.92.146.115; 204.109.61.194; };
allow-transfer { 127.0.0.1;
65.201.175.11;
65.201.175.12;
64.151.105.12;
64.22.125.99;
70.164.18.40;
70.164.18.41;
70.164.18.42;
207.234.133.162;
key zeke-ogud2.; key zeke-ogud3.;
};
};
zone "toscano.org" {
type primary;
file "/var/lib/bind/toscano.org";
notify yes;
allow-transfer { 127.0.0.1;
202.157.185.115;
202.157.182.142;
};
};
zone "prevelige.org" {
type primary;
file "/var/lib/bind/prevelige.org";
notify yes;
allow-transfer { 127.0.0.1;
202.157.185.115;
202.157.182.142;
};
};
zone "duffyfamily.me" {
type primary;
file "/var/lib/bind/duffyfamily.me";
notify yes;
allow-transfer { 127.0.0.1;
202.157.185.115;
202.157.182.142;
};
};
zone "littlebit.us" {
type primary;
file "/var/lib/bind/littlebit.us";
notify yes;
allow-transfer { 127.0.0.1;
202.157.185.115;
202.157.182.142;
};
};
zone "ogud.com" {
type secondary;
file "/var/lib/bind/secondary/ogud.com";
masters {
104.225.12.28;
#204.109.61.194;
};
};

4
run_rndc.sh Executable file
View File

@ -0,0 +1,4 @@
#! /bin/bash
[ -x "$(which docker)" ] && DOCKER=docker
[ -x "$(which podman)" ] && DOCKER=podman
$DOCKER exec bind9 rndc "$@"