davidb/docker_bind
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: davidb:368ca9a934aa8a10c1af8b298e5dea6f819b84bd
Branches Tags
davidb:main
...
compare: davidb:main
Branches Tags
davidb:main

15 Commits
368ca9a934 ... main

Author SHA1 Message Date
David Blacka
95d774d645 improve UID management, hopefully 2026-01-10 11:54:00 -05:00
David Blacka
2828d61265 fix troubleshooting filename 2026-01-10 10:58:51 -05:00
David Blacka
5981074982 add the start of troubleshooting notes 2026-01-10 10:57:22 -05:00
David Blacka
268b1afed7 comment out matt's zone 2026-01-10 10:11:48 -05:00
David Blacka
627900029c adjust install scripts; not ready for podman yet 2026-01-10 09:39:33 -05:00
David Blacka
73e8a856e9 add ns2.kahlerlarson.org; clean up (#1) 
Reviewed-on: #1
 2026-01-10 14:28:32 +00:00
David Blacka
1ec46f1565 Rework to use podman and podman-systemd; improve setup.sh 2024-09-17 22:22:27 -04:00
David Blacka
5566774c55 enable IPv6 in the options 2024-06-11 15:53:41 -04:00
David Blacka
21de98c3e5 add wrapper for running named-compilezone, update README 2024-06-11 15:52:30 -04:00
David Blacka
722f843fe9 point all IPs to diagonal.blacka.com's IPs except zeke.blacka.com 2024-05-15 22:14:44 -04:00
David Blacka
31d402cb5a do not limit bind to only IPv4 going forward 2024-05-15 21:53:19 -04:00
David Blacka
b175813e96 Update for standalone (not zeke) operation 2024-05-15 21:35:52 -04:00
David Blacka
d622e75aa5 add new linode host, tsig key 2024-05-13 19:07:19 -04:00
David Blacka
169631ac4c update README.md, add named-compilezone wrapper 2023-12-02 17:06:45 -05:00
David Blacka
7942b583a7 Update 'README.md' 2023-03-03 17:04:14 -05:00
33 changed files with 269 additions and 793 deletions
Expand all files Collapse all files

64
README.md
View File

@@ -1,48 +1,54 @@
# zeke.ecotroph.net DNS service
# `blacka.com` DNS service
This repo and directory consists of the revamped DNS service for zeke.ecotroph.net. The goals of this service are:
This repo and directory consists of the DNS service for `blacka.com`. The goals of this service are:
1. Host the primary zones we want.
2. DNSSEC-sign those primary zones, if desired.
3. Provide local recursive service for the host itself.
It *was* the revamped DNS service for `zeke.ecotroph.net`, and thus served zones by the collection of owners of `zeke`. However, `zeke` has reached End-of-Life. In the future, the `zeke` operators will operate their own (virtual) environments independently.
## Overview
In the past, we just ran the version of BIND that came with our distribution (at this moment, that is CentOS 7, which translates to bind 9.11.) This new configuration runs a recent very version of BIND 9 via a docker image produced by ISC themselves. We are staring with 9.18.12.
In the past, we just ran the version of BIND that came with our distribution (at this moment, that is CentOS 7, which translates to bind 9.11.) This new configuration runs a very recent version of BIND 9 via a docker image produced by ISC themselves. We started with 9.18.12 and now are up to 9.18.43.
This docker image imposes a few requirements:
* Interally, the image runs `named` as the `bind` user, (104:105) by default. Since we bind-mount directories, we do need those directories owned by whatever internal UID it is using.
* We need some way to ensure that our container is run on system reboots, etc. Here we chose to use `systemd` to do this, although that is not ideal.
* Presumably the normal way to do logging for a docker container is to use the standard journal service, however, this image is set up to bind-mount `/var/log` anyway. On the other hand, the standard command uses the `-g` flag, which is "debug" mode, and causes all of the logs to go to stderr.
* We do want named to stay in the foreground here. Fortunately, there have always been command line options that do this (`-g` and `-f`).
* Internally, the image runs `named` as the `bind` user (53:53). Since we bind-mount directories, we do need those directories owned by whatever internal UID it is using.
* We need some way to ensure that our container is run on system reboots, etc. Here we chose to use `systemd` to do this.
* Presumably the normal way to do logging for a docker container is to use the standard journal service, although this image is set up to bind-mount `/var/log`. On the other hand, the standard command uses the `-g` flag, which is "debug" mode, and causes all of the logs to go to stderr.
* We do want named to stay in the foreground here. Fortunately, there have always been command line options that do this (`-g` and `-f`). Thus, in order to log to `/var/log`, we supply a different command: `/usr/sbin/named -f -u bind`. This will run in the foreground, and run as the internal `bind` user.
## Source
I have this in a local git repository on zeke, however we can see it (sort of) here: <https://blacka.com/cgit/docker_bind.git/tree/> (athough the viewer here is subject to change, and when that does, the URL will change.)
We can see it here: <https://blacka.com/git/docker_bind.git>.
## Design
We have in this repo:
* named configurations. I've broken this up into sections (options, keys, logging, primary, secondary, etc.), which all just get included in the primary named.conf. It isn't tricky.
* "keys". Well, mostly TSIG keys. Those are are but are encrypted with `git-crypt`. With a key that is ... somewhere. I've saved it in my password manager, but it can be extracted from the current checkout in `/etc/bind` with `cd /etc/bind; git-crypt export-key /tmp/docker_bind_crypto.key`.
* zone files. I have all of the zone files we started with, although currently the configuration does not load all of them.
* "keys". Well, mostly TSIG keys. Those are encrypted with [`git-crypt`](https://github.com/AGWA/git-crypt). With a key that is ... somewhere. I've saved it in my password manager, but it can be extracted from the current checkout in `/etc/bind` with `cd /etc/bind; git-crypt export-key /tmp/docker_bind_crypto.key`. `git-crypt` doesn't seem to come via RPM and yum, but I built it and installed it into `/usr/local/bin` on my virtual host (and `zeke` when this was first set up.)
* zone files. This is now just the `blacka.com` domains, which is currently just `blacka.com` itself.
* A script to launch the container (`run_bind_container.sh`).
* A script to use as the internal "command" (`cfg/run.sh`) -- it isn't config, but we need to bind-mount it.
* A helper script to run `rndc` that just runs that inside the container itself (via a docker exec). You would need to be in the `docker` group to run it. Another helper script to run `named-checkconf`.
* A helper script to prepare zeke to run this container and properly work, in case we want to do this install again (`setup.sh`).
* A script to use as the internal "command" (`cfg/run.sh`) -- it isn't config, but we need to bind-mount it. It could possibly be moved to `cache`.
* A helper script to run `rndc` that just runs that inside the container itself (via a docker exec). You would need to be in the `docker` group to run it. Another few helper scripts to run other command line tools: `named-checkconf`, `named-compilezone`.
* A helper script to prepare your host to run this container and properly work, in case we want to do this install again (`setup.sh`).
## Installation
Working with `github.com` or <https://blacka.com/git> (`gitea` currently) is tricky as a different user, as git will want to use your own SSH keys. Thus some of this advice doesn't really work as stated. Instead of cloning the repo as the `bind` user, we clone it as ourselves and copy it to the expected location.
1. Clone this repo to `/etc/bind` (clone in `/etc` -- we want the working copy to *be* `/etc/bind`.)
2. Create a user to match the internal user (uid 104): `useradd -u 104 -g 105 -M --no-log-init bind`
2. Create a user to match the internal user (`uid 104`): `useradd -u 104 -g 105 -M --no-log-init bind`. The `setup.sh` will do this.
3. Change the ownership of everything under `/etc/bind` to the `bind` user and group: `chown -R 104:105 /etc/bind`.
3. Copy the supplied systemd unit file to /etc/systemd/system, and `systemctl enable docker.bind.service`, then `systemctl start docker.bind.service`.
4. Copy the supplied `systemd` unit file to `/etc/systemd/system`, and `systemctl enable docker.bind.service`, then `systemctl start docker.bind.service`.
Note that in the future, we will attempt to adjust this to use `podman` natively instead of `docker`.
## Zone Changes
All of our zone files are now in this git repo, so we can just make changes and commit them, assuming you have write access to the local repo, that is. The `bind` user should be able to do it, though. Once you've changed your zone, you *could* bounce the service via systemctl, or we could use `rndc`. I've made a little script that will do this with `docker exec`, `/etc/bind/run_rndc.sh`. Thus:
All of our zone files are now in this git repo, so we can just make changes and commit them, assuming you have write access to the local repo, that is. The `bind` user should be able to do it, though. Once you've changed your zone, you *could* bounce the service via `systemctl`, or we could use `rndc`. I've made a little script that will do this with `docker exec`, `/etc/bind/run_rndc.sh`. Thus:
```bash
sudo -u bind -s
@@ -54,13 +60,29 @@ cd ..
./run_rndc.sh reload <zone>
```
Which would work, if and only if as `bind` the `git push` actually works.
Instead, we need to develop a sustainable way to update the zone. Currently we update in the repo *somewhere*, git pull the changes to a local working copy, and copy the zone file into place. This is not ideal.
## DNSSEC
More modern BIND releases have changed the configuration for this. Now, *how* your zone is signed is based on a `dnssec-policy` block (I've put those in `cfg/named.dnssec.conf`). Then, in your zone, you add:
More modern BIND releases have changed the configuration for this. Note *how* your zone is signed is based on a `dnssec-policy` block (I've put those in `cfg/named.dnssec.conf`). Then, in your BIND configuration, you add:
```
dnssec-policy "default_alg13";
inline-signing yes;
```conf
dnssec-policy "default_alg13";
inline-signing yes;
```
in your zone block. After restarting/reconfiguring BIND, it will create a <zonefile>.signed and <zonefile>.signed.jnl file, and start serving a DNSSEC signed version of the zone. It will then take care of resigning activities, key rollovers etc.
in your zone block. After restarting/reconfiguring BIND, it will create a `<zonefile>.signed` and `<zonefile>.signed.jnl` file, and start serving a DNSSEC signed version of the zone. It will then take care of resigning activities, key rollovers etc.
### Zone Files
We can find the zone files in `/etc/bind/zones`, although note that your zone may be in BIND's *raw* format. If you want to see the contents, you can use `named-compilezone` for that (either using a version inside the container or not):
```bash
named-compilezone -f raw -F text -o - blacka.com /etc/bind/zones/blacka.com.signed
```
If using the script that runs the version in our container, note that you may have to use the paths that work *inside the container*. The current script mounts your current working directory, so you can use `run_named_compilezone.sh ./some.zone`, but not `run_named_compilezone.sh /etc/named/zones/blacka.com`.
That said, we are probably better off just using the version that comes with our OS, and not using the container.

42
README_TROUBLESHOOTING.md Normal file
View File

@@ -0,0 +1,42 @@
# Troubleshooting docker.named.service
I'm writing this so hopefully the next time I touch this serivce, I can remember how to actually troubleshoot this service, and what the common pitfalls are.
## Docker-based setup
I was in the *very slow* process of switching `diagonal.blacka.com` from using `docker` to using `podman` and `podman-systemd.unit` when I last touched this. Let's assume we are still on docker.
It took me a while to remember how this service is run. It is run as simple systemd unit. No docker-compose, or anything. But all of the docker run option are in a shell script.
The unit file is in /etc/systemd/system/docker.named.service
Commands to stop/start, see the status
```bash
sudo systemctl status docker.named.service
sudo systemctl start docker.named.service
sudo systemctl stop docker.named.service
sudo journalctl -u docker.named.service
```
The config install is all in `/etc/bind` -- this is mounted into the container in different spots, but we have it all together, here.
Some pitfalls for working on this:
1. the TSIG keys are encrypted by git-crypt. There is a filter on the source repo that encrypts the files on update. This tool exists entirely to have these files unreadable, but checked in, in git. When you check out or pull from the repo, you will need to unlock the repo -- this will decrypt all of the encrypted files.
* The main README talks about how to get the key, but it is in my 1password, although I probably already have it downloaded. I expect it just be sitting in ~/src/docker_bind on diagonal itself.
* The main point is *check to see that files are not encrypted* before copying the updated config into place.
2. The ISC-provided docker image seems to change the internal UIDs on a periodic basis. This is a critical detail for running this, so I wonder how other users deal with this.
* There is code in `setup.sh` and `setup_docker.sh` to *create* the bind user and group, but it doesn't yet *correct* the UIDs when they change
* In any case, there is some code in there to fetch the UID and GID out of the container, which also gives you a hint on how to run the container and get a shell.
In general, if the container doesn't start, we need to just try and run it in debug mode in the container. The way I did this last:
```bash
export IMAGE=docker.io/internetsystemsconsortium/bind9:9.18
docker run -ti --rm --entrypoint=/bin/sh -v /etc/bind/cfg:/etc/bind -v /etc/bind/cache:/var/cache/bind -v /etc/bind/zones:/var/lib/bind -v /etc/bind/log:/var/log "$IMAGE"
# now inside the image
/usr/sbin/named -u bind -g -c /etc/bind/named.conf
```
Then look at the logging. There is a lot of noise (which we should probably investigate), but there should be a real error in there.

BIN
cfg/keys/named_hxr_us.keys
View File

Binary file not shown.

BIN
cfg/keys/named_knitbot_org.keys
View File

Binary file not shown.

BIN
cfg/keys/zeke-ogud.keys
View File

Binary file not shown.

3
cfg/named.keys.conf
View File

@@ -1,4 +1 @@
include "/etc/bind/keys/zeke-tornado.keys";
include "/etc/bind/keys/zeke-ogud.keys";
include "/etc/bind/keys/named_hxr_us.keys";
include "/etc/bind/keys/named_knitbot_org.keys";

4
cfg/named.options.conf
View File

@@ -6,8 +6,6 @@ options {
lock-file "/var/cache/bind/named.lock";
listen-on { any; };
listen-on-v6 { ::1; };
listen-on-v6 { any; };
allow-recursion { 127.0.0.1; ::1; };
dnssec-validation yes;
};

239
cfg/named.primary.conf
View File

@@ -6,246 +6,13 @@ zone "blacka.com" {
notify yes;
also-notify {
45.79.181.51; // typhoon.kahlerlarson.org
104.225.12.28; // keilir.ogud.com
66.92.146.115; // foss.ogud.com
204.109.61.194; // katla.ogud.com
45.79.181.51; // typhoon.kahlerlarson.org, ns1.kahlerlarson.org
45.79.191.213; // ns2.kahlerlarson.org
};
allow-transfer {
127.0.0.1;
45.79.181.51; // typhoon.kahlerlarson.lorg
104.225.12.28; // keilir.ogud.com
// key zeke-tornado.;
// key zeke-ogud2.;
// key zeke-ogud3;
};
};
zone "ecotroph.net" {
type primary;
file "/var/lib/bind/ecotroph.net";
# dnssec-policy "default_alg13";
# inline-signing yes;
notify yes;
allow-transfer {
127.0.0.1;
45.79.181.51; // typhoon.kahlerlarson.lorg
104.225.12.28; // keilir.ogud.com
45.79.181.213; // ns2.kahlerlarson.org
key zeke-tornado.;
key zeke-ogud2.;
key zeke-ogud3;
};
};
# Note: No longer registered
# zone "nortonbertram.com" {
# type primary;
# file "/var/lib/bind/nortonbertram.com";
# notify yes;
# allow-transfer {
# 127.0.0.1;
# 202.157.185.115;
# 202.157.182.142;
# 64.151.105.12;
# };
# };
# Note: hosted by directnic.com
# zone "hxr.us" {
# type primary;
# file "/var/lib/bind/hxr.us";
# notify yes;
# allow-transfer {
# 127.0.0.1;
# 66.92.146.115;
# 204.109.61.194;
# 66.92.146.160;
# 64.151.105.12;
# };
# };
# Note: no longer registered
# zone "fcdissident.us" {
# type primary;
# file "/var/lib/bind/fcdissident.us";
# notify yes;
# allow-transfer {
# 127.0.0.1;
# 66.92.146.115;
# 204.109.61.194;
# 66.92.146.160;
# 64.151.105.12;
# };
# };
# Note: no longer registered
# zone "fallschurchdissident.us" {
# type primary;
# file "/var/lib/bind/fallschurchdissident.us";
# notify yes;
# allow-transfer {
# 127.0.0.1;
# 66.92.146.115;
# 204.109.61.194;
# 66.92.146.160;
# 64.151.105.12;
# };
# };
# Note: no longer registered
# zone "fallschurchdissident.com" {
# type primary;
# file "/var/lib/bind/fallschurchdissident.com";
# notify yes;
# allow-transfer {
# 127.0.0.1;
# 66.92.146.115;
# 204.109.61.194;
# 66.92.146.160;
# 64.151.105.12;
# };
# };
# Note: not registered
# zone "t.hxr.us" {
# type primary;
# file "/var/lib/bind/t.hxr.us";
# allow-transfer {
# 127.0.0.1;
# 64.151.105.12;
# };
# };
# Note: not registered
# zone "dyn.hxr.us" {
# type primary;
# file "/var/lib/bind/dyn/dyn.hxr.us";
# allow-transfer {
# 127.0.0.1;
# 64.151.105.12;
# };
# update-policy { grant * self * A; };
# };
zone "kosters.net" {
type primary;
file "/var/lib/bind/kosters.net";
notify yes;
also-notify {
65.201.175.12;
66.92.146.115;
204.109.61.194;
};
allow-transfer {
127.0.0.1;
65.201.175.11;
65.201.175.12;
64.151.105.12;
64.22.125.99;
70.164.18.40;
70.164.18.41;
70.164.18.42;
207.234.133.162;
key zeke-ogud2.;
key zeke-ogud3;
};
};
zone "bjmk.com" {
type primary;
file "/var/lib/bind/bjmk.com";
notify yes;
also-notify {
65.201.175.12;
66.92.146.115;
204.109.61.194;
};
allow-transfer {
127.0.0.1;
65.201.175.11;
65.201.175.12;
64.151.105.12;
64.22.125.99;
70.164.18.40;
70.164.18.41;
70.164.18.42;
207.234.133.162;
key zeke-ogud2.;
key zeke-ogud3;
};
};
# Note: hosted elsewhere
# zone "gracecrc.org" {
# type primary;
# file "/var/lib/bind/gracecrc.org";
# notify yes;
# also-notify {
# 65.201.175.12;
# 66.92.146.115;
# 204.109.61.194;
# };
# allow-transfer {
# 127.0.0.1;
# 65.201.175.11;
# 65.201.175.12;
# 64.151.105.12;
# 64.22.125.99;
# 70.164.18.40;
# 70.164.18.41;
# 70.164.18.42;
# 207.234.133.162;
# key zeke-ogud2.;
# key zeke-ogud3.;
# };
# };
# Note: hosted by gkg.net
# zone "toscano.org" {
# type primary;
# file "/var/lib/bind/toscano.org";
# notify yes;
# allow-transfer {
# 127.0.0.1;
# 202.157.185.115;
# 202.157.182.142;
# };
# };
# Note: hosted by gkg.net
# zone "prevelige.org" {
# type primary;
# file "/var/lib/bind/prevelige.org";
# notify yes;
# allow-transfer {
# 127.0.0.1;
# 202.157.185.115;
# 202.157.182.142;
# };
# };
# Note: expired/directnic.com
# zone "duffyfamily.me" {
# type primary;
# file "/var/lib/bind/duffyfamily.me";
# notify yes;
# allow-transfer {
# 127.0.0.1;
# 202.157.185.115;
# 202.157.182.142;
# };
# };
# Note: hosted by worldnic(!).com
# zone "littlebit.us" {
# type primary;
# file "/var/lib/bind/littlebit.us";
# notify yes;
# allow-transfer {
# 127.0.0.1;
# 202.157.185.115;
# 202.157.182.142;
# };
# };

23
cfg/named.secondary.conf
View File

@@ -1,8 +1,15 @@
zone "ogud.com" {
type secondary;
file "/var/lib/bind/secondary/ogud.com";
masters {
104.225.12.28;
#204.109.61.194;
};
};
# talk to Matt about secondarying his zone, since he is double secondarying mine
# but at the moment, he does not allow me to zone transfer.
# zone "kahlerlarson.org" {
# type secondary;
# file "/var/lib/bind/secondary/kahlerlarson.org";
# masters {
# 45.79.181.51;
# 45.79.191.213;
# };
# allow-transfer {
# key zeke-tornado.;
# };
# };

2
cfg/run.sh
View File

@@ -2,4 +2,4 @@
# run in the forground, but not in debug-mode
# use IPv4 only -- if zeke ever gets IPv6 access, we can turn that on
# use the built-in `bind` user
exec /usr/sbin/named -c /etc/bind/named.conf -f -4 -u bind
exec /usr/sbin/named -c /etc/bind/named.conf -f -u bind

2
docker.named.service → docker.bind.service
View File

@@ -13,4 +13,4 @@ ExecStartPre=-/usr/bin/docker rm bind9
ExecStart=/etc/bind/run_bind_container.sh
[Install]
WantedBy=multi-user.target
WantedBy=multi-user.target

14
named.container Normal file
View File

@@ -0,0 +1,14 @@
[Container]
Image=docker.io/internetsystemsconsortium/bind9:9.18
ContainerName=bind9
Network=host
Volume=/etc/bind/cfg:/etc/bind
Volume=/etc/bind/cache:/var/cache/bind
Volume=/etc/bind/zones:/var/lib/bind
Volume=/etc/bind/log:/var/log
# note that the default command is '-f -c /etc/bind/named.conf -L /var/log/bind/default.log'
# this is close, but not quite what we want
Exec=-f -c /etc/bind/named.conf
[Install]
WantedBy=default.target

40
run_bind_container.sh
View File

@@ -1,11 +1,25 @@
#! /bin/bash
BASE_CONF_DIR=/etc/bind
CMD="/etc/bind/run.sh"
[ "$1" = "interactive" ] && ARGS="-ti --entrypoint=/bin/bash" && CMD=""
# This is not normally how this container is launched. Instead, see
# named.container, which allows podman-systemd to construct a systemd
# unit files and run using podman.
#
# Instead, this script can be used to launch the container "by hand".
BASE_CONF_DIR=/etc/bind
CMD="-f -c /etc/bind/named.conf"
[ "$1" = "interactive" ] && ARGS="-ti --entrypoint=/bin/sh" && CMD=""
[ -x /usr/bin/docker ] && DOCKER=/usr/bin/docker
[ -x /usr/bin/podman ] && DOCKER=/usr/bin/podman
# Note that as of 2024-09-01, this image is based on Alpine linux and its entrypoint is:
# '/usr/sbin/named -u bind'
# and the default command is:
# '-f -c /etc/bind/named.conf -L /var/log/bind/default.log'
# shellcheck disable=SC2086
docker run $ARGS \
$DOCKER run $ARGS \
--rm \
--name=bind9 \
--network=host \
@@ -13,20 +27,4 @@ docker run $ARGS \
-v $BASE_CONF_DIR/cache:/var/cache/bind \
-v $BASE_CONF_DIR/zones:/var/lib/bind \
-v $BASE_CONF_DIR/log:/var/log \
docker.io/internetsystemsconsortium/bind9:9.18 $CMD
# using bridge networking
# : "${DNS_PORT:=53}"
# : "${RNDC_PORT:=953}"
# docker run $ARGS \
# --rm \
# --name=bind9 \
# --add-host=host.docker.internal:host-gateway \
# --publish "$RNDC_PORT:953/tcp" \
# --publish "$DNS_PORT:53/udp" \
# --publish "$DNS_PORT:53/tcp" \
# -v $BASE_CONF_DIR/cfg:/etc/bind \
# -v $BASE_CONF_DIR/cache:/var/cache/bind \
# -v $BASE_CONF_DIR/zones:/var/lib/bind \
# -v $BASE_CONF_DIR/log:/var/log \
# docker.io/internetsystemsconsortium/bind9:9.18 $CMD
docker.io/internetsystemsconsortium/bind9:9.18 "$CMD"

19
run_bind_podman_mac.sh Executable file
View File

@@ -0,0 +1,19 @@
#! /bin/bash
BASE_CONF_DIR=/Users/davidb/src/docker_bind
: "${DNS_PORT:=1053}"
: "${RNDC_PORT:=1953}"
CMD="/usr/sbin/named -f -4 -u davidb"
[ "$1" = "interactive" ] && ARGS="-ti --entrypoint=/bin/bash" && CMD=""
podman run $ARGS \
--rm \
--arch=amd64 \
--name=bind9 \
--publish $RNDC_PORT:953/tcp \
--publish $DNS_PORT:53/udp \
--publish $DNS_PORT:53/tcp \
-v $BASE_CONF_DIR/cfg:/etc/bind \
-v $BASE_CONF_DIR/cache:/var/cache/bind \
-v $BASE_CONF_DIR/zones:/var/lib/bind \
-v $BASE_CONF_DIR/log:/var/log \
localhost/blacka/bind9:9.18 $CMD

8
run_named-compilezone.sh Executable file
View File

@@ -0,0 +1,8 @@
#! /bin/bash
[ -x "$(which docker 2>/dev/null)" ] && DOCKER=docker
[ -x "$(which podman 2>/dev/null)" ] && DOCKER=podman
$DOCKER run -ti --rm --name=bind9-tools --network=host \
-v "$(pwd):$(pwd)" -w "$(pwd)" \
docker.io/internetsystemsconsortium/bind9:9.18 named-compilezone "$@"

39
setup.sh
View File

@@ -1,9 +1,40 @@
#! /bin/bash
if [ "$EUID" -ne 0 ]; then
echo "Must run as root"
set -e
# NOTE: groupadd and useradd require root.
[ "$EUID" -ne 0 ] && echo "Must be run by root" && exit 1
IMAGE="docker.io/internetsystemsconsortium/bind9:9.18"
# determine current uid and gid
uidgid=$(podman run --rm --entrypoint=/bin/sh "$IMAGE" -c "/usr/bin/id -u bind; /usr/bin/id -g bind")
read -d '' -r uid gid <<< "$uidgid" || :
# Create or update the on host user to match the container's 'bind' user and group
ACTUAL_UID=$(id -u bind 2>/dev/null)
ACTUAL_GID=$(id -g bind 2>/dev/null)
[ -z "$ACTUAL_GID" ] && groupadd -f -g "$gid" bind
[ -z "$ACTUAL_UID" ] && useradd -u "$uid" -g "$gid" -M --no-log-init bind
[ "$ACTUAL_GID" -ne "$gid" ] && groupmod -g "$gid" bind
[ "$ACTUAL_UID" -ne "$uid" ] && usermod -u "$uid" -g "$gid"
# create/update our main directory setup
install -d -o bind -g bind -m 0755 /etc/bind/cfg /etc/bind/cache /etc/bind/zones /etc/bind/log/named
# copy over our config and data without overwriting anything, hopefully.
rsync -av --chown bind:bind --del ./cfg/ /etc/bind/cfg/
rsync -av --chown bind:bind ./zones /etc/bind/zones/
rsync -av --chown bind:bind --ignore-existing ./cache/ /etc/bind/cache/
# install our podman config
if [ -d /etc/containers/systemd ]; then
install -o root -g root -m 0644 named.container /etc/containers/systemd/
systemctl daemon-reload
systemctl start named
else
echo "containers-common not installed?"
exit 1
fi
groupadd -f -g 105 bind
useradd -u 104 -g 105 -M --no-log-init bind
exit 0

36
setup_docker.sh Executable file
View File

@@ -0,0 +1,36 @@
#! /bin/bash
set -e
# NOTE: groupadd and useradd require root.
[ "$EUID" -ne 0 ] && echo "Must be run by root" && exit 1
IMAGE="docker.io/internetsystemsconsortium/bind9:9.18"
# determine current uid and gid
uidgid=$(docker run --rm --entrypoint=/bin/sh "$IMAGE" -c "/usr/bin/id -u bind; /usr/bin/id -g bind")
read -d '' -r uid gid <<< "$uidgid" || :
# Create or update the on host user to match the container's 'bind' user and group
ACTUAL_UID=$(id -u bind 2>/dev/null)
ACTUAL_GID=$(id -g bind 2>/dev/null)
[ -z "$ACTUAL_GID" ] && groupadd -f -g "$gid" bind
[ -z "$ACTUAL_UID" ] && useradd -u "$uid" -g "$gid" -M --no-log-init bind
[ "$ACTUAL_GID" -ne "$gid" ] && groupmod -g "$gid" bind
[ "$ACTUAL_UID" -ne "$uid" ] && usermod -u "$uid" -g "$gid"
# create/update our main directory setup
install -d -o bind -g bind -m 0755 /etc/bind/cfg /etc/bind/cache /etc/bind/zones /etc/bind/log/named
# copy over our config and data without overwriting anything, hopefully.
rsync -av --chown bind:bind --del ./cfg/ /etc/bind/cfg/
rsync -av --chown bind:bind ./zones /etc/bind/zones/
rsync -av --chown bind:bind --ignore-existing ./cache/ /etc/bind/cache/
if [ -f docker.named.service ]; then
install -m 0644 docker.named.service /etc/systemd/system/docker.named.service
fi
systemctl try-restart docker.named.service
exit 0

19
zones/bjmk.com
View File

@@ -1,19 +0,0 @@
;; $Id: bjmk.com,v 1.4 2003/04/15 15:05:00 named Exp $
$TTL 1D
@ IN SOA ns.kosters.net. mark.kosters.net. (
2017080700 ; serial Number
32400 ; Refresh after 12 hours
3600 ; Retry after 1 hour
86400 ; Expire after 1 day
86400 ; Minimum time-to-live of 1 day
)
; IP Address
IN NS ns.kosters.net.
IN NS ns.nova.org.
IN NS ns2.nova.org.
IN NS ns3.nova.org.
IN MX 10 MAIL.BJMK.COM.
NS IN A 70.164.19.155
MAIL IN A 70.164.19.156
WWW IN A 70.164.19.155
oldmail IN A 70.164.19.155

69
zones/blacka.com
View File

@@ -1,24 +1,25 @@
$ORIGIN .
$TTL 3600 ; 1 hour
blacka.com IN SOA ns1.blacka.com. david.blacka.com. (
100054 ; serial
101020 ; serial
43200 ; refresh (12 hours)
3600 ; retry (1 hour)
2592000 ; expire (30 days)
86400 ; minimum (1 day)
)
NS ns1.blacka.com.
NS typhoon.kahlerlarson.org.
NS keilir.ogud.com.
A 70.164.19.155
NS ns1.blacka.com.
NS typhoon.kahlerlarson.org.
NS keilir.ogud.com.
A 45.79.170.188
AAAA 2600:3c03::f03c:94ff:fe52:8c02
; mail handled by google (google apps for business standard)
MX 10 aspmx.l.google.com.
MX 20 alt1.aspmx.l.google.com.
MX 20 alt2.aspmx.l.google.com.
MX 30 aspmx2.googlemail.com.
MX 30 aspmx3.googlemail.com.
MX 30 aspmx4.googlemail.com.
MX 30 aspmx5.googlemail.com.
MX 10 aspmx.l.google.com.
MX 20 alt1.aspmx.l.google.com.
MX 20 alt2.aspmx.l.google.com.
MX 30 aspmx2.googlemail.com.
MX 30 aspmx3.googlemail.com.
MX 30 aspmx4.googlemail.com.
MX 30 aspmx5.googlemail.com.
$ORIGIN blacka.com.
@@ -26,35 +27,29 @@ $ORIGIN blacka.com.
mail CNAME ghs.google.com.
calendar CNAME ghs.google.com.
ns1 A 70.164.19.155
ns1 A 45.79.170.188
AAAA 2600:3c03::f03c:94ff:fe52:8c02
; new blacka.com linode instance
diagonal A 45.79.170.188
AAAA 2600:3c03::f03c:94ff:fe52:8c02
; zeke at NOVA.org
zeke A 70.164.19.155
; zoidberg at NOVA.org
zoidberg A 70.164.19.156
; zelda at NOVA.org
zelda A 70.164.19.157
zeke A 70.164.19.155
; mail controls
nomail A 70.164.19.157
nomail2 A 70.164.19.157
nomail A 45.79.170.188
nomail2 A 45.79.170.188
blase CNAME blase.dyn
fury CNAME blase.dyn
www CNAME blacka.com.
; old mail system, handled by zoidberg (postfix)
old MX 10 mail.old.blacka.com.
mail.old A 70.164.19.156
www CNAME blacka.com.
; test area for google apps for business (standard)
g A 70.164.19.155
g 86400 MX 10 aspmx.l.google.com.
86400 MX 20 alt1.aspmx.l.google.com.
86400 MX 20 alt2.aspmx.l.google.com.
86400 MX 30 aspmx2.googlemail.com.
86400 MX 30 aspmx3.googlemail.com.
86400 MX 30 aspmx4.googlemail.com.
86400 MX 30 aspmx5.googlemail.com.
g A 45.79.170.188
g 86400 MX 10 aspmx.l.google.com.
86400 MX 20 alt1.aspmx.l.google.com.
86400 MX 20 alt2.aspmx.l.google.com.
86400 MX 30 aspmx2.googlemail.com.
86400 MX 30 aspmx3.googlemail.com.
86400 MX 30 aspmx4.googlemail.com.
86400 MX 30 aspmx5.googlemail.com.
mail.g CNAME ghs.google.com.
calendar.g CNAME ghs.google.com.

23
zones/duffyfamily.me
View File

@@ -1,23 +0,0 @@
$TTL 8h
@ IN SOA zeke.ecotroph.net. pete-dns.toscano.org. (
2012031600 ; serial Number
8h ; Refresh after 8 hours
2h ; Retry after 2 hours
2w ; Expire after 1 week
1d ; Minimum time-to-live of 1 day
)
IN NS ns.toscano.org.
IN NS ns1.twisted4life.com.
IN MX 10 ASPMX.L.GOOGLE.COM.
IN MX 20 ALT1.ASPMX.L.GOOGLE.COM.
IN MX 20 ALT2.ASPMX.L.GOOGLE.COM.
IN MX 30 ASPMX2.GOOGLEMAIL.COM.
IN MX 30 ASPMX3.GOOGLEMAIL.COM.
IN MX 30 ASPMX4.GOOGLEMAIL.COM.
IN MX 30 ASPMX5.GOOGLEMAIL.COM.
www IN CNAME ghs.google.com.
mail IN CNAME ghs.google.com.
calendar IN CNAME ghs.google.com.
start IN CNAME ghs.google.com.
docs IN CNAME ghs.google.com.
wave IN CNAME ghs.google.com.

20
zones/dyn/dyn.hxr.us
View File

@@ -1,20 +0,0 @@
$ORIGIN .
$TTL 86400 ; 1 day
dyn.hxr.us IN SOA zeke.hxr.us. andy.hxr.us. (
200611263 ; serial
43200 ; refresh (12 hours)
3600 ; retry (1 hour)
86400 ; expire (1 day)
86400 ; minimum (1 day)
)
NS zeke.hxr.us.
$ORIGIN _dns-sd._udp.dyn.hxr.us.
$TTL 600 ; 10 minutes
b PTR dyn.hxr.us.
lb PTR dyn.hxr.us.
r PTR dyn.hxr.us.
$ORIGIN dyn.hxr.us.
zilogprime A 67.187.56.200
zoloft A 70.179.98.221
zoltar A 72.196.237.170
zonna A 12.205.226.149

64
zones/ecotroph.net
View File

@@ -1,64 +0,0 @@
$TTL 1D
@ IN SOA zeke.ecotroph.net. anewton.ecotroph.net. (
202302270; Serial
8H; Refresh
2H; Retry
1W; Expire
1D ) ; Minimum
;
TXT "v=spf1 a mx ip4:64.151.105.12 a:cliffie.verisignlabs.com -all"
NS zeke
NS ns.ogud.com.
NS typhoon.kahlerlarson.org.
MX 10 zoidberg
A 70.164.19.155
www CNAME zeke
jabber CNAME @
conference CNAME @
aim CNAME @
icq CNAME @
msn CNAME @
yahoo CNAME @
pubsub CNAME @
;users CNAME @
;zakold A 216.93.167.200
zak CNAME zeke
;zak2 A 216.93.167.201
;zak3 A 216.93.167.202
;zak4 A 216.93.167.203
zeke A 70.164.19.155
TXT "v=spf1 a mx ip4:64.151.105.12 a:cliffie.verisignlabs.com -all"
idisk A 70.164.19.156
zoidberg A 70.164.19.156
zelda A 70.164.19.157
zilch A 64.83.8.178
;;_xmpp-client._tcp SRV 5 0 5222 @
;;_jabber-client._tcp SRV 5 0 5222 @
;;_jabber-ssl-client._tcp SRV 5 0 5223 @
;;_xmpp-server._tcp SRV 5 0 5269 @
;;_jabber._tcp SRV 5 0 5269 @
;;_xmpp-server._tcp.yahoo SRV 5 0 5235 @
; reverse DNS entries from ZUBR
; note: these are still active even though theses addresses aren't.
124-8-31-69.ptr PTR zeke
124-8-31-69.ptr PTR zeke.blacka.com.
124-8-31-69.ptr PTR zeke.hxr.us.
124-8-31-69.ptr PTR zeke.toscano.org.
125-8-31-69.ptr PTR zoidberg
125-8-31-69.ptr PTR zoidberg.blacka.com.
125-8-31-69.ptr PTR zoidberg.hxr.us.
126-8-31-69.ptr PTR zeke
126-8-31-69.ptr PTR zeke.blacka.com.
126-8-31-69.ptr PTR zeke.hxr.us.
; hxr-specific entries
hxr-imaps CNAME zak
hxr-mailout CNAME zak

21
zones/fallschurchdissident.com
View File

@@ -1,21 +0,0 @@
$TTL 1D
@ IN SOA zak.fallschurchdissident.com. anewton.ecotroph.net. (
200803011; Serial
8H; Refresh
2H; Retry
1W; Expire
1D ) ; Minimum
;
TXT "v=spf1 a mx -all"
NS zeke.ecotroph.net.
NS ns.ogud.com.
MX 10 zeke
A 70.164.19.155
www CNAME zak
zak CNAME zeke
zakold A 216.93.167.200
zeke A 70.164.19.155
TXT "v=spf1 a -all"

21
zones/fallschurchdissident.us
View File

@@ -1,21 +0,0 @@
$TTL 1D
@ IN SOA zak.fallschurchdissident.us. anewton.ecotroph.net. (
200803011; Serial
8H; Refresh
2H; Retry
1W; Expire
1D ) ; Minimum
;
TXT "v=spf1 a mx -all"
NS zeke.ecotroph.net.
NS ns.ogud.com.
MX 10 zeke
A 70.164.19.155
www CNAME zak
zak CNAME zeke
zakold A 216.93.167.200
zeke A 70.164.19.155
TXT "v=spf1 a -all"

21
zones/fcdissident.us
View File

@@ -1,21 +0,0 @@
$TTL 1D
@ IN SOA zak.fcdissident.us. anewton.ecotroph.net. (
200803011; Serial
8H; Refresh
2H; Retry
1W; Expire
1D ) ; Minimum
;
TXT "v=spf1 a mx -all"
NS zeke.ecotroph.net.
NS ns.ogud.com.
MX 10 zeke
A 70.164.19.155
www CNAME zak
zak CNAME zeke
zakold A 216.93.167.200
zeke A 70.164.19.155
TXT "v=spf1 a -all"

16
zones/gracecrc.org
View File

@@ -1,16 +0,0 @@
;; $Id: gracecrc.org ,v 1.4 2003/04/15 15:05:00 named Exp $
$TTL 1D
@ IN SOA ns.kosters.net. mark.kosters.net. (
2018060150 ; serial Number
32400 ; Refresh after 12 hours
3600 ; Retry after 1 hour
86400 ; Expire after 1 day
86400 ; Minimum time-to-live of 1 day
)
; IP Address
IN NS ns.kosters.net.
IN NS ns.nova.org.
IN NS ns2.nova.org.
IN NS ns3.nova.org.
WWW IN A 146.66.97.184
;; WWW IN A 70.164.19.155

39
zones/hxr.us
View File

@@ -1,39 +0,0 @@
$TTL 2H
@ IN SOA zak.hxr.us. anewton.ecotroph.net. (
201605081; Serial
8H; Refresh
2H; Retry
1W; Expire
1D ) ; Minimum
;
NS zeke.ecotroph.net.
NS ns.ogud.com.
MX 1 ASPMX.L.GOOGLE.COM.
MX 5 ALT1.ASPMX.L.GOOGLE.COM.
MX 5 ALT2.ASPMX.L.GOOGLE.COM.
MX 10 ASPMX2.GOOGLEMAIL.COM.
MX 10 ASPMX3.GOOGLEMAIL.COM.
A 216.239.32.21
A 216.239.34.21
A 216.239.36.21
A 216.239.38.21
www CNAME zeke
zeke A 216.239.32.21
A 216.239.34.21
A 216.239.36.21
A 216.239.38.21
blog CNAME anewton1998.github.io.
t NS zeke.ecotroph.net.
dyn NS zeke
gmail CNAME ghs.google.com.
buserror CNAME ghs.google.com.
sea CNAME ghs.google.com.
laserjet.home A 10.0.1.201

20
zones/kosters.net
View File

@@ -1,20 +0,0 @@
$TTL 1D
@ IN SOA ns.kosters.net. mark.kosters.net. (
2017080703 ; serial Number
12H ; Refresh after 12 hours
1H ; Retry after 1 hour
1D ; Expire after 1 day
1D ; Minimum time-to-live of 1 day
)
IN NS ns.kosters.net.
IN NS ns.nova.org.
IN NS ns2.nova.org.
IN NS ns3.nova.org.
IN MX 10 mail.kosters.net.
IN A 70.164.19.156
oldmail IN A 70.164.19.155
www IN CNAME kosters.net.
ns IN A 70.164.19.155
ns IN A 70.164.19.156
mail IN A 70.164.19.156

30
zones/littlebit.us
View File

@@ -1,30 +0,0 @@
$TTL 8h
@ IN SOA zeke.ecotroph.net. pete-dns.toscano.org. (
2011061300 ; serial Number
8h ; Refresh after 8 hours
2h ; Retry after 2 hours
2w ; Expire after 1 week
1d ; Minimum time-to-live of 1 day
)
IN NS ns.toscano.org.
IN NS ns1.twisted4life.com.
; IN MX 10 zoidberg
; IN MX 100 mail.kahlerlarson.org.
IN MX 10 ASPMX.L.GOOGLE.COM.
IN MX 20 ALT1.ASPMX.L.GOOGLE.COM.
IN MX 20 ALT2.ASPMX.L.GOOGLE.COM.
IN MX 30 ASPMX2.GOOGLEMAIL.COM.
IN MX 30 ASPMX3.GOOGLEMAIL.COM.
IN MX 30 ASPMX4.GOOGLEMAIL.COM.
IN MX 30 ASPMX5.GOOGLEMAIL.COM.
IN A 70.164.19.155
zeke IN A 70.164.19.155
zoidberg IN A 70.164.19.156
www IN CNAME ghs.google.com.
mail IN CNAME ghs.google.com.
calendar IN CNAME ghs.google.com.
start IN CNAME ghs.google.com.
docs IN CNAME ghs.google.com.
wave IN CNAME ghs.google.com.
miniox AAAA 2001:470:1d:be::2
fred AAAA 2001:470:1d:be:226:8ff:fee2:eb31

21
zones/nortonbertram.com
View File

@@ -1,21 +0,0 @@
$TTL 1D
@ IN SOA zak.ecotroph.net. anewton.ecotroph.net. (
200310291; Serial
8H; Refresh
2H; Retry
1W; Expire
1D ) ; Minimum
;
TXT "NortonBertram.com"
NS zak
NS ns1.twisted4life.com.
MX 10 zak
A 216.93.164.123
www CNAME zak
zak A 216.93.164.123
fake-test TXT "fake-test @ NORTONBERTRAM.COM"
mx-test MX 10 zak

24
zones/prevelige.org
View File

@@ -1,24 +0,0 @@
$TTL 8h
@ IN SOA zeke.ecotroph.net. pete-dns.toscano.org. (
2012031601 ; serial Number
8h ; Refresh after 8 hours
2h ; Retry after 2 hours
2w ; Expire after 1 week
1d ; Minimum time-to-live of 1 day
)
IN NS ns.toscano.org.
IN NS ns1.twisted4life.com.
IN MX 10 ASPMX.L.GOOGLE.COM.
IN MX 20 ALT1.ASPMX.L.GOOGLE.COM.
IN MX 20 ALT2.ASPMX.L.GOOGLE.COM.
IN MX 30 ASPMX2.GOOGLEMAIL.COM.
IN MX 30 ASPMX3.GOOGLEMAIL.COM.
IN MX 30 ASPMX4.GOOGLEMAIL.COM.
IN MX 30 ASPMX5.GOOGLEMAIL.COM.
IN TXT google-site-verification=2sBar1STQs2Vssjp60boRA_-u0JHnxa3exahKpAtCNM
www IN CNAME ghs.google.com.
mail IN CNAME ghs.google.com.
calendar IN CNAME ghs.google.com.
start IN CNAME ghs.google.com.
docs IN CNAME ghs.google.com.
wave IN CNAME ghs.google.com.

66
zones/t.hxr.us
View File

@@ -1,66 +0,0 @@
$TTL 10
@ IN SOA zeke.hxr.us. anewton.ecotroph.net. (
200605180; Serial
8H; Refresh
2H; Retry
1W; Expire
1D ) ; Minimum
;
NS zeke.ecotroph.net.
NAPTR 100 20 "" "IM:ProtA:ProtB" "" im.t.hxr.us.
NAPTR 200 10 "" "CREDREG:ldap:iris-beep" "" credreg.t.hxr.us.
* TXT "v=marid record goes here"
im NAPTR 100 20 "s" "IM:ProtA" "" prota.t.hxr.us.
NAPTR 100 20 "s" "IM:ProtB" "" protb.t.hxr.us.
credreg NAPTR 100 20 "s" "CREDREG:ldap" "" ldap.t.hxr.us.
NAPTR 100 20 "s" "CREDREG:iris-lwz:iris-beep" "" iris.t.hxr.us.
prota SRV 10 0 5222 hosta.t.hxr.us.
SRV 20 0 5222 hostb.t.hxr.us.
protb SRV 10 0 5223 hostc.t.hxr.us.
SRV 20 0 5223 hostd.t.hxr.us.
ldap SRV 10 0 389 hoste.t.hxr.us.
SRV 20 0 389 hostf.t.hxr.us.
iris SRV 10 0 34034 hostg.t.hxr.us.
SRV 20 0 34034 hosth.t.hxr.us.
hosta A 10.0.0.1
A 10.0.0.2
hostb A 10.0.1.1
A 10.0.1.2
hostc A 10.0.2.1
A 10.0.2.2
hostd A 10.0.3.1
A 10.0.3.2
hoste A 10.0.4.1
A 10.0.4.2
hostf A 10.0.5.1
A 10.0.5.2
hostg A 10.0.6.1
A 10.0.6.2
hosth A 10.0.7.1
A 10.0.7.2
s2048 TXT "k=rsa\; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1xCyQVeC3kljo91RQF1GhkcaN7MLUlQWVdVFD/WA2T6O9iq/ucWMAOf3cL/kj0PKXKiA8EX8jo" "7OXV4YuEuPg+i/hk5Iq1dx34SF+IlKs+sotoWPTLgpu8L2Jyw76D5Oyzq/iqo1gBxF4+avhdCZd13wuIlt9SygbzD6fcM37qm1FSNY0SDAQBV2vxrkLoXVAG6DtI7mL" "gdjvIbBxmYsypA5pDLpWEr3zwh2NXufc9JsfTZ3k2/vnVLB+CgPRGMYbkfbgriYq5H8dtmryxJHDT06Ib4Gr4HQIB06OR2c0XVO5/r22xvTJui8nmoUbQJIAYBrYRJq" "0rKt5rGBm9Lh0wIDAP//"
ptr-t PTR zeke.ecotroph.net.
PTR zeke.hxr.us.
PTR zeke.blacka.com.
1.9.9.3.9.9.3.9.9.3.1 NAPTR 10 100 "u" "E2U+sip" "!^.*$!sip:13993993991@ecotroph.net!" .

53
zones/toscano.org
View File

@@ -1,53 +0,0 @@
$TTL 8h
@ IN SOA zeke.ecotroph.net. pete-dns.toscano.org. (
2012121300 ; serial Number
8h ; Refresh after 8 hours
2h ; Retry after 2 hours
1w ; Expire after 1 week
1d ; Minimum time-to-live of 1 day
)
NS ns
NS ns1.twisted4life.com.
; IN MX 5 zoidberg
MX 10 ASPMX.L.GOOGLE.COM.
MX 20 ALT1.ASPMX.L.GOOGLE.COM.
MX 20 ALT2.ASPMX.L.GOOGLE.COM.
MX 30 ASPMX2.GOOGLEMAIL.COM.
MX 30 ASPMX3.GOOGLEMAIL.COM.
MX 30 ASPMX4.GOOGLEMAIL.COM.
MX 30 ASPMX5.GOOGLEMAIL.COM.
A 70.164.19.155
;; IN TXT "v=spf1 mx ptr:cox.net a:cliffie.verisignlabs.com include:cox.net -all"
;;home IN A 70.179.67.5
;home IN A 68.100.187.113
;home IN A 72.196.229.138
;home IN A 68.106.101.1
;home IN A 68.106.101.48
;home IN A 173.66.178.226
home A 96.255.164.157
AAAA 2001:470:7:102::2
www CNAME @
ns A 70.164.19.155
zeke A 70.164.19.155
zoidberg A 70.164.19.156
tumblr A 72.32.231.8
mail CNAME ghs.google.com.
start CNAME ghs.google.com.
calendar CNAME ghs.google.com.
wave CNAME ghs.google.com.
docs CNAME ghs.google.com.
sites CNAME ghs.google.com.
miniox AAAA 2001:470:1d:be::2
_xmpp-client._tcp.toscano.org. SRV 5 0 5269 xmpp-server.l.google.com.
_xmpp-server._tcp.toscano.org. SRV 5 0 5269 xmpp-server.l.google.com.
_xmpp-server._tcp.toscano.org. SRV 20 0 5269 xmpp-server1.l.google.com.
_xmpp-server._tcp.toscano.org. SRV 20 0 5269 xmpp-server2.l.google.com.
_xmpp-server._tcp.toscano.org. SRV 20 0 5269 xmpp-server3.l.google.com.
_xmpp-server._tcp.toscano.org. SRV 20 0 5269 xmpp-server4.l.google.com.
_jabber._tcp.toscano.org. SRV 5 0 5269 xmpp-server.l.google.com.
_jabber._tcp.toscano.org. SRV 20 0 5269 xmpp-server1.l.google.com.
_jabber._tcp.toscano.org. SRV 20 0 5269 xmpp-server2.l.google.com.
_jabber._tcp.toscano.org. SRV 20 0 5269 xmpp-server3.l.google.com.
_jabber._tcp.toscano.org. SRV 20 0 5269 xmpp-server4.l.google.com.