nigger/lixonet-ee
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Feature bind

Browse Source
This commit is contained in:
sump pump 2020-06-13 04:22:42 +00:00
parent 43482b3c1a
commit e31a3d8970
7 changed files with 141 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Dockerfile.bind Normal file
View File

@ -0,0 +1,11 @@
FROM alpine:latest
MAINTAINER Team Lixo <lixonet@team.lixo>
RUN apk add bind
EXPOSE 53/udp 53/tcp
VOLUME /var/cache/bind
VOLUME /etc/bind
CMD [ "sh", "-c", "/usr/sbin/named -f -c /etc/bind/named.conf" ]

7
README.md
View File

@ -136,6 +136,13 @@ For options we expose here, for information see: https://bird.network.cz/?get_do
* `bgp_passwd_*`: The password for a specific BGP peer (i.e. `bgp_passwd_denco_mane_lixo`). If not specified, no password is used for the host. * `bgp_passwd_*`: The password for a specific BGP peer (i.e. `bgp_passwd_denco_mane_lixo`). If not specified, no password is used for the host.
* `bgp_routes`: A comma-delimited list of routes to advertise over BGP. If not specified, no routes are propagated. * `bgp_routes`: A comma-delimited list of routes to advertise over BGP. If not specified, no routes are propagated.
#### BIND options
These settings are optional, and are already defaulted to general network common practices.
* `bind_forward_address`: The overridden DNS server IP address to forward all requests for your own domain to. Defaults to the value of `internal_gateway`, which is proper in most if not all cases. Your BIND zone is automatically converted from your `tinc_peer_name` (i.e. `lkwco_mane_lixo` becomes `lkwco.mane.lixo`).
* `tld`: The network-wide TLD to use. Defaults to `lixo`.
# Setup # Setup
#### Prerequisites: #### Prerequisites:

11
bind/lixo.rpz Normal file
View File

@ -0,0 +1,11 @@
$TTL 60
@ IN SOA localhost. root.localhost. (
4 ; serial
3H ; refresh
1H ; retry
1W ; expiry
1H) ; minimum
IN NS localhost.
* CNAME .

12
bind/lixo.rpz.whitelist.tmpl Normal file
View File

@ -0,0 +1,12 @@
\$TTL 60
@ IN SOA localhost. root.localhost. (
4 ; serial
3H ; refresh
1H ; retry
1W ; expiry
1H) ; minimum
IN NS localhost.
${tld:-lixo} CNAME rpz-passthru.
*.${tld:-lixo} CNAME rpz-passthru.

76
bind/named.conf.tmpl Normal file
View File

@ -0,0 +1,76 @@
acl "lixonet_global" {
${network_address}/${global_prefix:-16};
};
acl "lixonet_local" {
{{ if len "${bgp_routes:-}" }}{{ range "$bgp_routes" | split "," }}{{.}};
{{ end }}{{ end }}
};
options {
directory "/var/cache/bind";
listen-on { ${tinc_peer_address}; };
forward only;
forwarders { ${bind_forward_address-"${internal_gateway}"}; };
dnssec-enable no;
dnssec-validation no;
};
logging {
channel custom {
stderr;
print-time yes;
print-severity yes;
print-category yes;
severity debug 9;
};
category default { custom; };
};
view "lixonet" {
recursion yes;
match-clients { lixonet_global; };
allow-query { any; };
allow-recursion { any; };
response-policy { zone "rpz.whitelist"; zone "rpz"; };
zone "rpz.whitelist" {
type master;
file "/etc/bind/lixo.rpz.whitelist";
allow-query { none; };
};
zone "rpz" {
type master;
file "/etc/bind/lixo.rpz";
allow-query { none; };
};
# Self zone
zone "{{ "$tinc_peer_name" | replace "_" "." }}" {
type forward;
forward only;
forwarders { ${bind_forward_address-"${internal_gateway}"}; };
};
# Forwarders
{{ range files "bind/peers" }} {{ if ne . "${tinc_peer_name}" }}
zone "{{ . | replace "_" "." }}" {
type forward;
forward only;
{{ include (print "bind/peers/" .) }}
};{{ end }}{{ end }}
};
view "default" {
recursion no;
match-clients { any; };
allow-recursion { none; };
};

12
build.sh
View File

@ -40,6 +40,7 @@ do
# Copy default files # Copy default files
cp -r ../tinc/* tinc/ cp -r ../tinc/* tinc/
cp -r ../bird/* bird/ cp -r ../bird/* bird/
cp -r ../bind/* bind/
# Tinc # Tinc
# Remove existing configuration # Remove existing configuration
@ -60,12 +61,21 @@ do
# Bird # Bird
# Remove existing configuration # Remove existing configuration
rm -v -rf /etc/bird/$netname/* rm -v -rf /etc/bird/$netname/*
# Copy all tinc default files to /etc/(bird) # Copy all bird default files to /etc/(bird)
find bird -type d | sed -e "s@bird@bird/${netname}@g" | xargs -I '{}' mkdir --verbose -p /etc/{} find bird -type d | sed -e "s@bird@bird/${netname}@g" | xargs -I '{}' mkdir --verbose -p /etc/{}
find bird -type f | sed -e "s@bird/@@g" | xargs -I '{}' cp --verbose bird/{} /etc/bird/$netname/{} find bird -type f | sed -e "s@bird/@@g" | xargs -I '{}' cp --verbose bird/{} /etc/bird/$netname/{}
# Fill out templates and remove them after # Fill out templates and remove them after
process_templates "/etc/bird/$netname/" "$sigil_vars" process_templates "/etc/bird/$netname/" "$sigil_vars"
# BIND
# Remove existing configuration
rm -v -rf /etc/bind/$netname/*
# Copy all bind default files to /etc/(bind)
find bind -type d | sed -e "s@bind@bind/${netname}@g" | xargs -I '{}' mkdir --verbose -p /etc/{}
find bind -type f | sed -e "s@bind/@@g" | xargs -I '{}' cp --verbose bind/{} /etc/bind/$netname/{}
# Fill out templates and remove them after
process_templates "/etc/bind/$netname/" "$sigil_vars"
echo "COMPOSE_PROJECT_NAME=$netname" > .env echo "COMPOSE_PROJECT_NAME=$netname" > .env
docker-compose -p $netname up -d --build docker-compose -p $netname up -d --build
rm .env rm .env

13
docker-compose.yml
View File

@ -30,3 +30,16 @@ services:
cap_add: cap_add:
- NET_ADMIN - NET_ADMIN
restart: always restart: always
bind:
network_mode: host
depends_on:
- tinc
build:
context: .
dockerfile: Dockerfile.bind
ports:
- "53:53/udp"
- "53:53/tcp"
volumes:
- /etc/bind/${COMPOSE_PROJECT_NAME}/:/etc/bind/
restart: always