diff --git a/docker-compose.yml b/docker-compose.yml index ebe1e6c..4c09dc5 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,14 +1,14 @@ unbound: build: unbound - hostname: unbound.mock.zknt.org + hostname: unbound dns: 127.0.0.1 links: - - nsd:nsd.mock.zknt.org + - nsd volumes: - - "./unbound.conf:/etc/unbound/unbound.conf:ro" + - "./unbound-local.conf:/unbound-local.conf:ro" nsd: build: nsd - hostname: nsd.mock.zknt.org + hostname: nsd volumes: - - "./zones:/zones" - - "./nsd.conf:/etc/nsd/nsd.conf:ro" + - "./zones:/zones" + - "./nsd-local.conf:/etc/nsd/nsd-local.conf:ro" diff --git a/nsd-local.conf b/nsd-local.conf new file mode 100644 index 0000000..9b6f884 --- /dev/null +++ b/nsd-local.conf @@ -0,0 +1,6 @@ +zone: + name: 168.192.in-addr.arpa + zonefile: "/zones/%s.zone" +zone: + name: local + zonefile: "/zones/%s.zone" diff --git a/nsd.conf b/nsd.conf deleted file mode 100644 index 5bfeb82..0000000 --- a/nsd.conf +++ /dev/null @@ -1,12 +0,0 @@ -server: - server-count: 1 - pidfile: "/var/run/nsd.pid" - - verbosity: 1 - hide-version: yes - - statistics: 3600 - -zone: - name: 168.192.in-addr.arpa - zonefile: "/zones/%s.zone" diff --git a/nsd/nsd.conf b/nsd/nsd.conf index e21b4c4..f4a0957 100644 --- a/nsd/nsd.conf +++ b/nsd/nsd.conf @@ -6,3 +6,5 @@ server: hide-version: yes statistics: 3600 + + include: /etc/nsd/nsd-local.conf diff --git a/unbound-local.conf b/unbound-local.conf new file mode 100644 index 0000000..871ed9c --- /dev/null +++ b/unbound-local.conf @@ -0,0 +1,14 @@ + domain-insecure: 168.192.in-addr.arpa. + private-address: 192.168.0.0/16 + local-zone: "168.192.in-addr.arpa." nodefault + + domain-insecure: local + private-domain: local + local-zone: local. nodefault + +stub-zone: + name: "168.192.in-addr.arpa." + stub-addr: {{nsd}} +stub-zone: + name: local. + stub-addr: {{nsd}} diff --git a/unbound.conf b/unbound.conf deleted file mode 100644 index a271fac..0000000 --- a/unbound.conf +++ /dev/null @@ -1,23 +0,0 @@ -server: - verbosity: 2 - statistics-interval: 3600 - - interface: 0.0.0.0 - - # accept anything, firewall your ports! - access-control: 0.0.0.0/0 allow - logfile: "" - log-time-ascii: yes - log-queries: yes - - root-hints: /etc/unbound/root.hints - trust-anchor-file: "/usr/share/dnssec-root/trusted-key.key" - include: /etc/unbound/localzone.conf.new - - domain-insecure: 168.192.in-addr.arpa. - private-address: 192.168.0.0/16 - local-zone: "168.192.in-addr.arpa." nodefault - -forward-zone: - name: "168.192.in-addr.arpa." - forward-host: nsd.mock.zknt.org. diff --git a/unbound/Dockerfile b/unbound/Dockerfile index adccf0c..4d43fc5 100644 --- a/unbound/Dockerfile +++ b/unbound/Dockerfile @@ -1,8 +1,7 @@ FROM alpine:3.4 -RUN apk --no-cache add unbound perl &&\ +RUN apk --no-cache add unbound &&\ unbound-anchor COPY unbound.conf /etc/unbound/unbound.conf -COPY build-unbound-localzone-from-hosts.pl / COPY entrypoint.sh / EXPOSE 53 CMD ["/entrypoint.sh", "-d"] diff --git a/unbound/build-unbound-localzone-from-hosts.pl b/unbound/build-unbound-localzone-from-hosts.pl deleted file mode 100644 index c11bbc3..0000000 --- a/unbound/build-unbound-localzone-from-hosts.pl +++ /dev/null @@ -1,67 +0,0 @@ -#!/usr/bin/perl -WT - -use strict; -use warnings; - -my $hostsfile = '/etc/hosts'; -my $localzonefile = '/etc/unbound/localzone.conf.new'; - -my $localzone = 'example.com'; - -open( HOSTS,"<${hostsfile}" ) or die( "Could not open ${hostsfile}: $!" ); -open( ZONE,">${localzonefile}" ) or die( "Could not open ${localzonefile}: $!" ); - -print ZONE "server:\n\n"; -print ZONE "local-zone: \"${localzone}\" transparent\n\n"; - -my %ptrhash; - -while ( my $hostline = ) { - - # Skip comments - if ( $hostline !~ "^#" and $hostline !~ '^\s+$' ) { - - my @entries = split( /\s+/, $hostline ); - - my $ip; - - my $count = 0; - foreach my $entry ( @entries ) { - if ( $count == 0 ) { - $ip = $entry; - } else { - - if ( $count == 1) { - - # Only return localhost for 127.0.0.1 and ::1 - if ( ($ip ne '127.0.0.1' and $ip ne '::1') or $entry =~ 'localhost' ) { - if ( ! defined $ptrhash{$ip} ) { - $ptrhash{$ip} = $entry; - print ZONE "local-data-ptr: \"$ip $entry\"\n"; - } - } - - } - - # Use AAAA for IPv6 addresses - my $a = 'A'; - if ( $ip =~ ':' ) { - $a = 'AAAA'; - } - - print ZONE "local-data: \"$entry ${a} $ip\"\n"; - - } - $count++; - } - print ZONE "\n"; - - - } -} - - - - -__END__ - diff --git a/unbound/entrypoint.sh b/unbound/entrypoint.sh index 2255a50..8406d50 100755 --- a/unbound/entrypoint.sh +++ b/unbound/entrypoint.sh @@ -1,3 +1,3 @@ #!/bin/sh -/usr/bin/perl -T /build-unbound-localzone-from-hosts.pl +sed "s/{{nsd}}/$(grep nsd /etc/hosts | awk -F' ' '{print $1}' | head -1)/g" /unbound-local.conf > /etc/unbound/unbound-local.conf /usr/sbin/unbound $@ diff --git a/unbound/unbound.conf b/unbound/unbound.conf index 754729f..7b40909 100644 --- a/unbound/unbound.conf +++ b/unbound/unbound.conf @@ -11,4 +11,4 @@ server: root-hints: /etc/unbound/root.hints trust-anchor-file: "/usr/share/dnssec-root/trusted-key.key" - include: /etc/unbound/localzone.conf.new + include: /etc/unbound/unbound-local.conf diff --git a/zones/168.192.in-addr.arpa.zone b/zones/168.192.in-addr.arpa.zone index 43cc40a..77db3cd 100644 --- a/zones/168.192.in-addr.arpa.zone +++ b/zones/168.192.in-addr.arpa.zone @@ -1,12 +1,11 @@ $ORIGIN 168.192.in-addr.arpa. $TTL 1800 -@ IN SOA ns1.mock.zknt.org. hostmaster.zknt.org. ( - 2014070201 ; serial number - 3600 ; refresh - 900 ; retry - 1209600 ; expire - 1800 ; ttl +@ SOA nsd. hostmaster.nsd. ( + 2016091901 + 3600 + 900 + 1209600 + 1800 ) - IN NS ns1.mock.zknt.org. - -1.0 IN PTR foo.bar. + NS nsd. +1.0 PTR foo.local. diff --git a/zones/local.zone b/zones/local.zone new file mode 100644 index 0000000..2813bbd --- /dev/null +++ b/zones/local.zone @@ -0,0 +1,11 @@ +$ORIGIN local. +$TTL 1800 +@ SOA nsd. hostmaster.nsd. ( + 2016091901 + 3600 + 900 + 1209600 + 1800 + ) + NS nsd. +foo A 192.168.0.1