davidb/docker_bind
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

initial commit, without tsig keys

Browse Source
This commit is contained in:
David Blacka
2023-02-24 09:12:21 -05:00
commit 6f4bd6c200
25 changed files with 806 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
cfg/named.conf Normal file
View File

@@ -0,0 +1,79 @@
options {
directory "/var/cache/bind";
statistics-file "/var/cache/bind/named.stats.txt";
session-keyfile "/var/cache/bind/session.key";
pid-file "/var/cache/bind/named.pid";
lock-file "/var/cache/bind/named.lock";
listen-on { 127.0.0.1; };
listen-on-v6 { ::1; };
allow-recursion { 127.0.0.1; ::1; };
dnssec-validation yes;
};
logging {
channel "dnssec" {
file "/var/log/named/dnssec.log";
print-category yes;
print-severity yes;
print-time iso8601-utc;
};
channel "security" {
file "/var/log/named/security.log";
print-category yes;
print-severity yes;
print-time iso8601-utc;
};
channel "xfr-in" {
file "/var/log/named/xfr-in.log";
print-category yes;
print-severity yes;
print-time iso8601-utc;
};
channel "xfr-out" {
file "/var/log/named/xfr-out.log";
print-category yes;
print-severity yes;
print-time iso8601-utc;
};
channel "default" {
file "/var/log/named/named.log";
print-category yes;
print-severity yes;
print-time iso8601-utc;
};
category dnssec { dnssec; };
category security { security; };
category xfer-in { xfr-in; };
category xfer-out { xfr-out; };
category general { default; };
category config { default; };
category notify { xfr-out; };
category zoneload { default; };
};
key "rndc-key" {
algorithm hmac-sha256;
secret "Divr3QQ1G6qBBuRAx1QPiE4hFwnC6of6z3o82PYf7TY=";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
include "/etc/bind/keys/zeke-tornado.keys";
include "/etc/bind/keys/zeke-ogud.keys";
include "/etc/bind/keys/named_hxr_us.keys";
include "/etc/bind/keys/named_knitbot_org.keys";
dnssec-policy "custom" {
dnskey-ttl 7200;
keys {
csk lifetime unlimited algorithm ed25519;
};
nsec3param iterations 0 optout no salt-length 0;
};
include "/etc/bind/named.zones.conf";

168
cfg/named.zones.conf Normal file
View File

@@ -0,0 +1,168 @@
zone "blacka.com" {
type primary;
file "/var/lib/bind/blacka.com";
dnssec-policy "custom";
inline-signing yes;
notify yes;
also-notify { 66.92.146.115; 204.109.61.194; };
allow-transfer { 127.0.0.1; key zeke-tornado.; key zeke-ogud2.; key zeke-ogud3; };
};
zone "ecotroph.net" {
type primary;
file "/var/lib/bind/ecotroph.net";
notify yes;
allow-transfer { 127.0.0.1; key zeke-tornado.; key zeke-ogud2.; key zeke-ogud3; };
};
zone "nortonbertram.com" {
type primary;
file "/var/lib/bind/nortonbertram.com";
notify yes;
allow-transfer { 127.0.0.1; 202.157.185.115; 202.157.182.142; 64.151.105.12; };
};
zone "hxr.us" {
type primary;
file "/var/lib/bind/hxr.us";
notify yes;
allow-transfer { 127.0.0.1; 66.92.146.115; 204.109.61.194; 66.92.146.160; 64.151.105.12; };
};
zone "fcdissident.us" {
type primary;
file "/var/lib/bind/fcdissident.us";
notify yes;
allow-transfer { 127.0.0.1; 66.92.146.115; 204.109.61.194; 66.92.146.160; 64.151.105.12; };
};
zone "fallschurchdissident.us" {
type primary;
file "/var/lib/bind/fallschurchdissident.us";
notify yes;
allow-transfer { 127.0.0.1; 66.92.146.115; 204.109.61.194; 66.92.146.160; 64.151.105.12; };
};
zone "fallschurchdissident.com" {
type primary;
file "/var/lib/bind/fallschurchdissident.com";
notify yes;
allow-transfer { 127.0.0.1; 66.92.146.115; 204.109.61.194; 66.92.146.160; 64.151.105.12; };
};
zone "t.hxr.us" {
type primary;
file "/var/lib/bind/t.hxr.us";
allow-transfer { 127.0.0.1; 64.151.105.12; };
};
zone "dyn.hxr.us" {
type primary;
file "/var/lib/bind/dyn/dyn.hxr.us";
allow-transfer { 127.0.0.1; 64.151.105.12; };
update-policy { grant * self * A; };
};
zone "kosters.net" {
type primary;
file "/var/lib/bind/kosters.net";
notify yes;
also-notify { 65.201.175.12; 66.92.146.115; 204.109.61.194; };
allow-transfer { 127.0.0.1;
65.201.175.11;
65.201.175.12;
64.151.105.12;
64.22.125.99;
70.164.18.40;
70.164.18.41;
70.164.18.42;
207.234.133.162;
key zeke-ogud2.; key zeke-ogud3;
};
};
zone "bjmk.com" {
type primary;
file "/var/lib/bind/bjmk.com";
notify yes;
also-notify { 65.201.175.12; 66.92.146.115; 204.109.61.194; };
allow-transfer { 127.0.0.1;
65.201.175.11;
65.201.175.12;
64.151.105.12;
64.22.125.99;
70.164.18.40;
70.164.18.41;
70.164.18.42;
207.234.133.162;
key zeke-ogud2.; key zeke-ogud3;
};
};
zone "gracecrc.org" {
type primary;
file "/var/lib/bind/gracecrc.org";
notify yes;
also-notify { 65.201.175.12; 66.92.146.115; 204.109.61.194; };
allow-transfer { 127.0.0.1;
65.201.175.11;
65.201.175.12;
64.151.105.12;
64.22.125.99;
70.164.18.40;
70.164.18.41;
70.164.18.42;
207.234.133.162;
key zeke-ogud2.; key zeke-ogud3.;
};
};
zone "toscano.org" {
type primary;
file "/var/lib/bind/toscano.org";
notify yes;
allow-transfer { 127.0.0.1;
202.157.185.115;
202.157.182.142;
};
};
zone "prevelige.org" {
type primary;
file "/var/lib/bind/prevelige.org";
notify yes;
allow-transfer { 127.0.0.1;
202.157.185.115;
202.157.182.142;
};
};
zone "duffyfamily.me" {
type primary;
file "/var/lib/bind/duffyfamily.me";
notify yes;
allow-transfer { 127.0.0.1;
202.157.185.115;
202.157.182.142;
};
};
zone "littlebit.us" {
type primary;
file "/var/lib/bind/littlebit.us";
notify yes;
allow-transfer { 127.0.0.1;
202.157.185.115;
202.157.182.142;
};
};
zone "ogud.com" {
type secondary;
file "/var/lib/bind/secondary/ogud.com";
masters {
104.225.12.28;
#204.109.61.194;
};
};

12
cfg/rndc.conf Normal file
View File

@@ -0,0 +1,12 @@
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-sha256;
secret "Divr3QQ1G6qBBuRAx1QPiE4hFwnC6of6z3o82PYf7TY=";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf