diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..ebe1e6c --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,14 @@ +unbound: + build: unbound + hostname: unbound.mock.zknt.org + dns: 127.0.0.1 + links: + - nsd:nsd.mock.zknt.org + volumes: + - "./unbound.conf:/etc/unbound/unbound.conf:ro" +nsd: + build: nsd + hostname: nsd.mock.zknt.org + volumes: + - "./zones:/zones" + - "./nsd.conf:/etc/nsd/nsd.conf:ro" diff --git a/nsd.conf b/nsd.conf new file mode 100644 index 0000000..5bfeb82 --- /dev/null +++ b/nsd.conf @@ -0,0 +1,12 @@ +server: + server-count: 1 + pidfile: "/var/run/nsd.pid" + + verbosity: 1 + hide-version: yes + + statistics: 3600 + +zone: + name: 168.192.in-addr.arpa + zonefile: "/zones/%s.zone" diff --git a/nsd/Dockerfile b/nsd/Dockerfile new file mode 100644 index 0000000..0eab843 --- /dev/null +++ b/nsd/Dockerfile @@ -0,0 +1,5 @@ +FROM alpine:3.4 +RUN apk --no-cache add nsd +COPY nsd.conf /etc/nsd/nsd.conf +EXPOSE 53 +CMD ["nsd", "-d"] diff --git a/nsd/nsd.conf b/nsd/nsd.conf new file mode 100644 index 0000000..e21b4c4 --- /dev/null +++ b/nsd/nsd.conf @@ -0,0 +1,8 @@ +server: + server-count: 1 + pidfile: "/var/run/nsd.pid" + + verbosity: 1 + hide-version: yes + + statistics: 3600 diff --git a/unbound.conf b/unbound.conf new file mode 100644 index 0000000..a271fac --- /dev/null +++ b/unbound.conf @@ -0,0 +1,23 @@ +server: + verbosity: 2 + statistics-interval: 3600 + + interface: 0.0.0.0 + + # accept anything, firewall your ports! + access-control: 0.0.0.0/0 allow + logfile: "" + log-time-ascii: yes + log-queries: yes + + root-hints: /etc/unbound/root.hints + trust-anchor-file: "/usr/share/dnssec-root/trusted-key.key" + include: /etc/unbound/localzone.conf.new + + domain-insecure: 168.192.in-addr.arpa. + private-address: 192.168.0.0/16 + local-zone: "168.192.in-addr.arpa." nodefault + +forward-zone: + name: "168.192.in-addr.arpa." + forward-host: nsd.mock.zknt.org. diff --git a/unbound/Dockerfile b/unbound/Dockerfile index a0b9e40..adccf0c 100644 --- a/unbound/Dockerfile +++ b/unbound/Dockerfile @@ -1,6 +1,8 @@ FROM alpine:3.4 -RUN apk --no-cache add unbound &&\ +RUN apk --no-cache add unbound perl &&\ unbound-anchor COPY unbound.conf /etc/unbound/unbound.conf +COPY build-unbound-localzone-from-hosts.pl / +COPY entrypoint.sh / EXPOSE 53 -CMD ["unbound", "-d"] +CMD ["/entrypoint.sh", "-d"] diff --git a/unbound/build-unbound-localzone-from-hosts.pl b/unbound/build-unbound-localzone-from-hosts.pl new file mode 100644 index 0000000..c11bbc3 --- /dev/null +++ b/unbound/build-unbound-localzone-from-hosts.pl @@ -0,0 +1,67 @@ +#!/usr/bin/perl -WT + +use strict; +use warnings; + +my $hostsfile = '/etc/hosts'; +my $localzonefile = '/etc/unbound/localzone.conf.new'; + +my $localzone = 'example.com'; + +open( HOSTS,"<${hostsfile}" ) or die( "Could not open ${hostsfile}: $!" ); +open( ZONE,">${localzonefile}" ) or die( "Could not open ${localzonefile}: $!" ); + +print ZONE "server:\n\n"; +print ZONE "local-zone: \"${localzone}\" transparent\n\n"; + +my %ptrhash; + +while ( my $hostline = ) { + + # Skip comments + if ( $hostline !~ "^#" and $hostline !~ '^\s+$' ) { + + my @entries = split( /\s+/, $hostline ); + + my $ip; + + my $count = 0; + foreach my $entry ( @entries ) { + if ( $count == 0 ) { + $ip = $entry; + } else { + + if ( $count == 1) { + + # Only return localhost for 127.0.0.1 and ::1 + if ( ($ip ne '127.0.0.1' and $ip ne '::1') or $entry =~ 'localhost' ) { + if ( ! defined $ptrhash{$ip} ) { + $ptrhash{$ip} = $entry; + print ZONE "local-data-ptr: \"$ip $entry\"\n"; + } + } + + } + + # Use AAAA for IPv6 addresses + my $a = 'A'; + if ( $ip =~ ':' ) { + $a = 'AAAA'; + } + + print ZONE "local-data: \"$entry ${a} $ip\"\n"; + + } + $count++; + } + print ZONE "\n"; + + + } +} + + + + +__END__ + diff --git a/unbound/entrypoint.sh b/unbound/entrypoint.sh new file mode 100755 index 0000000..2255a50 --- /dev/null +++ b/unbound/entrypoint.sh @@ -0,0 +1,3 @@ +#!/bin/sh +/usr/bin/perl -T /build-unbound-localzone-from-hosts.pl +/usr/sbin/unbound $@ diff --git a/unbound/unbound.conf b/unbound/unbound.conf index 300a6ae..754729f 100644 --- a/unbound/unbound.conf +++ b/unbound/unbound.conf @@ -11,3 +11,4 @@ server: root-hints: /etc/unbound/root.hints trust-anchor-file: "/usr/share/dnssec-root/trusted-key.key" + include: /etc/unbound/localzone.conf.new diff --git a/zones/168.192.in-addr.arpa.zone b/zones/168.192.in-addr.arpa.zone new file mode 100644 index 0000000..43cc40a --- /dev/null +++ b/zones/168.192.in-addr.arpa.zone @@ -0,0 +1,12 @@ +$ORIGIN 168.192.in-addr.arpa. +$TTL 1800 +@ IN SOA ns1.mock.zknt.org. hostmaster.zknt.org. ( + 2014070201 ; serial number + 3600 ; refresh + 900 ; retry + 1209600 ; expire + 1800 ; ttl + ) + IN NS ns1.mock.zknt.org. + +1.0 IN PTR foo.bar.