From a0c449be73d1477a4765867b8793135bd3bfc8ca Mon Sep 17 00:00:00 2001 From: casjay Date: Tue, 27 Aug 2024 15:18:58 -0400 Subject: [PATCH] =?UTF-8?q?=F0=9F=97=83=EF=B8=8F=20Committing=20everything?= =?UTF-8?q?=20that=20changed=20=F0=9F=97=83=EF=B8=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit rootfs/tmp/etc/bind/named.conf rootfs/tmp/etc/bind/rndc.key rootfs/usr/local/etc/docker/init.d/00-named.sh --- rootfs/tmp/etc/bind/named.conf | 6 +++--- rootfs/tmp/etc/bind/rndc.key | 2 +- rootfs/usr/local/etc/docker/init.d/00-named.sh | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/rootfs/tmp/etc/bind/named.conf b/rootfs/tmp/etc/bind/named.conf index 4cab310..8d3f227 100644 --- a/rootfs/tmp/etc/bind/named.conf +++ b/rootfs/tmp/etc/bind/named.conf @@ -1,10 +1,10 @@ # default options - https://bind9.readthedocs.io/en/latest/chapter3.html ##################################################################### # rndc keys -key "dhcp-key" { algorithm hmac-sha256; secret "REPLACE_KEY_DHCP"; }; -key "rndc-key" { algorithm hmac-sha256; secret "REPLACE_KEY_RNDC"; }; -key "backup-key" { algorithm hmac-sha256; secret "MKEQ/REPLACE_KEY_BACKUP"; }; +key "dhcp-key" { algorithm hmac-sha512; secret "REPLACE_KEY_DHCP"; }; +key "rndc-key" { algorithm hmac-sha512; secret "REPLACE_KEY_RNDC"; }; key "certbot." { algorithm hmac-sha512; secret "REPLACE_KEY_CERTBOT"; }; +key "backup-key" { algorithm hmac-sha512; secret "MKEQ/REPLACE_KEY_BACKUP"; }; ##################################################################### # access settings acl "all" { 0.0.0.0/0; ::/0; }; diff --git a/rootfs/tmp/etc/bind/rndc.key b/rootfs/tmp/etc/bind/rndc.key index 7c06d05..21405ec 100644 --- a/rootfs/tmp/etc/bind/rndc.key +++ b/rootfs/tmp/etc/bind/rndc.key @@ -1 +1 @@ -key "rndc-key" { algorithm hmac-sha256; secret "REPLACE_KEY_RNDC"; }; +key "rndc-key" { algorithm hmac-sha512; secret "REPLACE_KEY_RNDC"; }; diff --git a/rootfs/usr/local/etc/docker/init.d/00-named.sh b/rootfs/usr/local/etc/docker/init.d/00-named.sh index d5112ad..ea05d9a 100755 --- a/rootfs/usr/local/etc/docker/init.d/00-named.sh +++ b/rootfs/usr/local/etc/docker/init.d/00-named.sh @@ -62,7 +62,7 @@ __rndc_key() { grep -s 'key "rndc-key" ' /etc/named.conf | grep -v 'KEY_RNDC' | __dhcp_key() { grep -s 'key "dhcp-key" ' /etc/named.conf | grep -v 'KEY_DHCP' | sed 's|.*secret ||g;s|"||g;s|;.*||g' | grep '^' || return 1; } __certbot_key() { grep -s 'key "certbot" ' /etc/named.conf | grep -v 'KEY_CERTBOT' | sed 's|.*secret ||g;s|"||g;s|;.*||g' | grep '^' || return 1; } __backup_key() { grep -s 'key "backup-key" ' /etc/named.conf | grep -v 'KEY_BACKUP' | sed 's|.*secret ||g;s|"||g;s|;.*||g' | grep '^' || return 1; } -__tsig_key() { tsig-keygen -a hmac-${1:-sha256} | grep 'secret' | sed 's|.*secret "||g;s|"||g;s|;||g' | grep '^' || echo 'wp/HApbthaVPjwqgp6ziLlmnkyLSNbRTehkdARBDcpI='; } +__tsig_key() { tsig-keygen -a hmac-${1:-sha512} | grep 'secret' | sed 's|.*secret "||g;s|"||g;s|;||g' | grep '^' || echo 'I665bFnjoPMB9EmEUl5uZ+o7e4ryM02irerkCkLJiSPJJYJBvBHSXCauNn44zY2C318DSWRcCx+tf8WESYwgKQ=='; } # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # Script to execute START_SCRIPT="/usr/local/etc/docker/exec/$SERVICE_NAME"