🗃️ Committing everything that changed 🗃️

rootfs/tmp/ rootfs/usr/local/etc/docker/init.d/00-named.sh
2025-11-04 01:02:38 -05:00 · 2024-08-27 10:37:59 -04:00
parent 02d064b722
commit 28b60bf0d6
4 changed files with 197 additions and 8 deletions
--- a/rootfs/tmp/etc/bind/named.conf
+++ b/rootfs/tmp/etc/bind/named.conf
@@ -0,0 +1,87 @@
 # default options - https://bind9.readthedocs.io/en/latest/chapter3.html
 #####################################################################
 # rndc keys
 key "dhcp-key" { algorithm hmac-md5; secret "REPLACE_KEY_DHCP"; };
 key "rndc-key" { algorithm hmac-sha256; secret "REPLACE_KEY_RNDC"; };
 key "backup-key" { algorithm hmac-sha256; secret "MKEQ/REPLACE_KEY_BACKUP"; };
 key "certbot." { algorithm hmac-sha512; secret "REPLACE_KEY_CERTBOT"; };
 #####################################################################
 # rndc settings
 controls { inet 127.0.0.1 allow { trusted; } keys { "rndc-key"; }; };
 #####################################################################
 # access settings
 acl "all" { 0.0.0.0/0; ::/0; };
 acl "secondary" { DNS_SERVER_SECONDARY; };
 acl "trusted" { 10.0.0.0/8; 127.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16; };
 acl "updates" { key "dhcp-key"; key "certbot."; };
 acl "transfers" {key "dhcp-key"; key "certbot."; key "backup-key"; secondary; };
 acl "forward" { 1.1.1.1; 8.8.8.8; 4.4.4.4; };
 #####################################################################
 options {
  version "9";
  listen-on { any; };
  listen-on-v6 { any; };
  zone-statistics yes;
  max-cache-size 60m;
  interface-interval 60;
  max-ncache-ttl 10800;
  max-udp-size 4096;
  notify yes;
  also-notify { DNS_SERVER_SECONDARY; };
  allow-update { updates; };
  allow-update-forwarding { DNS_SERVER_SECONDARY; };
  allow-transfer { trusted; };
  transfer-format many-answers;
  allow-query { any; };
  allow-recursion { any; };
  allow-query-cache { any; };
  auth-nxdomain no;
  dnssec-validation auto;
  directory "REPLACE_VAR_DIR";
  managed-keys-directory "REPLACE_ETC_DIR/keys";
  pid-file "REPLACE_RUN_DIR/named.pid";
  dump-file "REPLACE_DATA_DIR/stats/dump.txt";
  statistics-file "REPLACE_DATA_DIR/stats/stats.txt";
  memstatistics-file "REPLACE_DATA_DIR/stats/mem.txt";
  forwarders { 1.1.1.1; 8.8.8.8; 4.4.4.4; };
 };
 #####################################################################
 # named logging options
 logging {
 channel debug { file "REPLACE_LOG_DIR/debug.info" versions 0 size 5m; severity debug; };
 channel querylog { file "REPLACE_LOG_DIR/querylog.log" versions 0 size 5m; severity info; print-time yes; };
 channel security { file "REPLACE_LOG_DIR/security.log" versions 0 size 5m; severity dynamic; print-severity yes; print-time yes; };
 channel xfer-in { file "REPLACE_LOG_DIR/xfer.log" versions 0 size 5m; severity info; print-category yes; print-severity yes; print-time yes; };
 channel xfer-out { file "REPLACE_LOG_DIR/xfer.log" versions 0 size 5m; severity info; print-category yes; print-severity yes; print-time yes; };
 channel update { file "REPLACE_LOG_DIR/update.log" versions 0 size 5m; severity info; print-category yes; print-severity yes; print-time yes; };
 channel notify { file "REPLACE_LOG_DIR/notify.log" versions 0 size 5m; severity info; print-category yes; print-severity yes; print-time yes; };
 channel client { file "REPLACE_LOG_DIR/client.log" versions 0 size 5m; severity debug; print-category yes; print-severity yes; print-time yes; };
 channel default { file "REPLACE_LOG_DIR/default.log" versions 0 size 5m; severity debug; print-category yes; print-severity yes; print-time yes; };
 channel general { file "REPLACE_LOG_DIR/general.log" versions 0 size 5m; severity info; print-category yes; print-severity yes; print-time yes; };
 channel database { file "REPLACE_LOG_DIR/database.log" versions 0 size 5m; severity info; print-category yes; print-severity yes; print-time yes; };
 category lame-servers { default; debug; };
 category dispatch { default; debug; };
 category queries { querylog; default; debug; };
 category update { update; default; debug; };
 category network { default; debug; };
 category unmatched { default; debug; };
 category client { client; default; debug; };
 category notify { notify; default; debug; };
 category xfer-out { xfer-out; default; debug; };
 category xfer-in { xfer-in; default; debug; };
 category resolver { default; debug; };
 category config { default; debug; };
 category security { security; default; debug; };
 category database { database; default; debug; };
 category general { general; default; debug; };
 category default { default; debug; };
 category dnssec { security; default; debug; };
 };
 #####################################################################
 #  ********** begin root info **********
 zone "." {
    type hint;
    file "REPLACE_VAR_DIR/root.cache";
 };
 #  ********** end root info **********
 # end
--- a/rootfs/tmp/etc/bind/rndc.key
+++ b/rootfs/tmp/etc/bind/rndc.key
@@ -0,0 +1 @@
 key "rndc-key" { algorithm hmac-sha256; secret "REPLACE_KEY_RNDC"; };
--- a/rootfs/tmp/var/bind/root.cache
+++ b/rootfs/tmp/var/bind/root.cache
@@ -0,0 +1,92 @@
 ;       This file holds the information on root name servers needed to 
 ;       initialize cache of Internet domain name servers
 ;       (e.g. reference this file in the "cache  .  <file>"
 ;       configuration file of BIND domain name servers). 
 ; 
 ;       This file is made available by InterNIC 
 ;       under anonymous FTP as
 ;           file                /domain/named.cache 
 ;           on server           FTP.INTERNIC.NET
 ;       -OR-                    RS.INTERNIC.NET
 ;
 ;       last update:     August 14, 2024
 ;       related version of root zone:     2024081401
 ; 
 ; FORMERLY NS.INTERNIC.NET 
 ;
 .                        3600000      NS    A.ROOT-SERVERS.NET.
 A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
 A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:ba3e::2:30
 ; 
 ; FORMERLY NS1.ISI.EDU 
 ;
 .                        3600000      NS    B.ROOT-SERVERS.NET.
 B.ROOT-SERVERS.NET.      3600000      A     170.247.170.2
 B.ROOT-SERVERS.NET.      3600000      AAAA  2801:1b8:10::b
 ; 
 ; FORMERLY C.PSI.NET 
 ;
 .                        3600000      NS    C.ROOT-SERVERS.NET.
 C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
 C.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2::c
 ; 
 ; FORMERLY TERP.UMD.EDU 
 ;
 .                        3600000      NS    D.ROOT-SERVERS.NET.
 D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
 D.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2d::d
 ; 
 ; FORMERLY NS.NASA.GOV
 ;
 .                        3600000      NS    E.ROOT-SERVERS.NET.
 E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
 E.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:a8::e
 ; 
 ; FORMERLY NS.ISC.ORG
 ;
 .                        3600000      NS    F.ROOT-SERVERS.NET.
 F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
 F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
 ; 
 ; FORMERLY NS.NIC.DDN.MIL
 ;
 .                        3600000      NS    G.ROOT-SERVERS.NET.
 G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
 G.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:12::d0d
 ; 
 ; FORMERLY AOS.ARL.ARMY.MIL
 ;
 .                        3600000      NS    H.ROOT-SERVERS.NET.
 H.ROOT-SERVERS.NET.      3600000      A     198.97.190.53
 H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::53
 ; 
 ; FORMERLY NIC.NORDU.NET
 ;
 .                        3600000      NS    I.ROOT-SERVERS.NET.
 I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
 I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fe::53
 ; 
 ; OPERATED BY VERISIGN, INC.
 ;
 .                        3600000      NS    J.ROOT-SERVERS.NET.
 J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
 J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:c27::2:30
 ; 
 ; OPERATED BY RIPE NCC
 ;
 .                        3600000      NS    K.ROOT-SERVERS.NET.
 K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
 K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fd::1
 ; 
 ; OPERATED BY ICANN
 ;
 .                        3600000      NS    L.ROOT-SERVERS.NET.
 L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
 L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:9f::42
 ; 
 ; OPERATED BY WIDE
 ;
 .                        3600000      NS    M.ROOT-SERVERS.NET.
 M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
 M.ROOT-SERVERS.NET.      3600000      AAAA  2001:dc3::35
 ; End of file
--- a/rootfs/usr/local/etc/docker/init.d/00-named.sh
+++ b/rootfs/usr/local/etc/docker/init.d/00-named.sh
@@ -59,8 +59,10 @@ printf '%s\n' "# - - - Initializing $SERVICE_NAME - - - #"
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 # Custom functions
 __rndc_key() { grep -s 'key "rndc-key" ' /etc/named.conf | grep -v 'KEY_RNDC' | sed 's|.*secret ||g;s|"||g;s|;.*||g' | grep '^' || return 1; }
 __dhcp_key() { grep -s 'key "dhcp-key" ' /etc/named.conf | grep -v 'KEY_DHCP' | sed 's|.*secret ||g;s|"||g;s|;.*||g' | grep '^' || return 1; }
 __certbot_key() { grep -s 'key "certbot" ' /etc/named.conf | grep -v 'KEY_CERTBOT' | sed 's|.*secret ||g;s|"||g;s|;.*||g' | grep '^' || return 1; }
 __backup_key() { grep -s 'key "backup-key" ' /etc/named.conf | grep -v 'KEY_BACKUP' | sed 's|.*secret ||g;s|"||g;s|;.*||g' | grep '^' || return 1; }
 __tsig_key() { tsig-keygen -a hmac-sha256 | grep 'secret' | sed 's|.*secret "||g;s|"||g;s|;||g' | grep '^' || echo 'wp/HApbthaVPjwqgp6ziLlmnkyLSNbRTehkdARBDcpI='; }
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 # Script to execute
 START_SCRIPT="/usr/local/etc/docker/exec/$SERVICE_NAME"
@@ -155,15 +157,16 @@ user_pass="${NAMED_USER_PASS_WORD:-}" # normal user password
 [ -f "/config/env/named.sh" ] && . "/config/env/named.sh"               # Overwrite the variabes
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 # Additional predefined variables
-KEY_RNDC="${KEY_RNDC:-$(__tsig_key)}"
+KEY_RNDC="${KEY_RNDC:-$(__rndc_key || __tsig_key)}"
-KEY_DHCP="${KEY_DHCP:-$(__tsig_key)}"
+KEY_DHCP="${KEY_DHCP:-$(__dhcp_key || __tsig_key)}"
-KEY_BACKUP="${KEY_BACKUP:-$(__tsig_key)}"
+KEY_BACKUP="${KEY_BACKUP:-$(__backup_key || __tsig_key)}"
-KEY_CERTBOT="${KEY_CERTBOT:-$(__tsig_key)}"
+KEY_CERTBOT="${KEY_CERTBOT:-$(__certbot_key || __tsig_key)}"
 DNS_SERIAL="$(date +'%Y%m%d%S')"
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 # Additional variables
-DNS_SERVER_PRIMARY="${DNS_SERVER_PRIMARY:-}"
+DNS_TYPE="${DNS_TYPE:-primary}"
-DNS_SERVER_SECONDARY="${DNS_SERVER_SECONDARY:-}"
+DNS_SERVER_PRIMARY="${DNS_SERVER_PRIMARY:-127.0.0.1}"
 DNS_SERVER_SECONDARY="${DNS_SERVER_SECONDARY:-127.0.0.1}"
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 # Specifiy custom directories to be created
 ADD_APPLICATION_FILES=""
@@ -233,13 +236,19 @@ __update_conf_files() {
  # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  # custom commands
-  mkdir -p "$ETC_DIR/keys" "$CONF_DIR/keys" "$VAR_DIR/zones" "$DATA_DIR/zones"
+  mkdir -p "$ETC_DIR/keys" "$CONF_DIR/keys" "$VAR_DIR/zones" "$DATA_DIR/zones" "$DATA_DIR/stats"
  for logfile in xfer update notify querylog default debug security; do
    touch "$LOG_DIR/$logfile.log"
    chmod -Rf 777 "$logfile"
  done
  # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  # replace variables
  __replace "REPLACE_KEY_RNDC" "$KEY_RNDC" "$ETC_DIR/rndc.key"
  __replace "REPLACE_KEY_RNDC" "$KEY_RNDC" "$ETC_DIR/named.conf"
  __replace "REPLACE_KEY_DHCP" "$KEY_DHCP" "$ETC_DIR/named.conf"
  __replace "REPLACE_KEY_BACKUP" "$KEY_BACKUP" "$ETC_DIR/named.conf"
  __replace "REPLACE_KEY_CERTBOT" "$KEY_CERTBOT" "$ETC_DIR/named.conf"
  __replace "REPLACE_KEY_RNDC" "$KEY_RNDC" "$CONF_DIR/rndc.key"
  __replace "REPLACE_KEY_RNDC" "$KEY_RNDC" "$CONF_DIR/named.conf"
  __replace "REPLACE_KEY_DHCP" "$KEY_DHCP" "$CONF_DIR/named.conf"
		`@@ -0,0 +1 @@`
							`key "rndc-key" { algorithm hmac-sha256; secret "REPLACE_KEY_RNDC"; };`