chris/unboundnsd
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

remove perl dependency, use -local configs

Browse source
This commit is contained in:
chris 2016-09-19 14:49:10 +02:00
parent 095056017e
commit 3399a0dd8c
12 changed files with 50 additions and 121 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
docker-compose.yml
View file

@ -1,14 +1,14 @@
unbound: unbound:
build: unbound build: unbound
hostname: unbound.mock.zknt.org hostname: unbound
dns: 127.0.0.1 dns: 127.0.0.1
links: links:
- nsd:nsd.mock.zknt.org - nsd
volumes: volumes:
- "./unbound.conf:/etc/unbound/unbound.conf:ro" - "./unbound-local.conf:/unbound-local.conf:ro"
nsd: nsd:
build: nsd build: nsd
hostname: nsd.mock.zknt.org hostname: nsd
volumes: volumes:
- "./zones:/zones" - "./zones:/zones"
- "./nsd.conf:/etc/nsd/nsd.conf:ro" - "./nsd-local.conf:/etc/nsd/nsd-local.conf:ro"

6
nsd-local.conf Normal file
View file

@ -0,0 +1,6 @@
zone:
name: 168.192.in-addr.arpa
zonefile: "/zones/%s.zone"
zone:
name: local
zonefile: "/zones/%s.zone"

12
nsd.conf
View file

@ -1,12 +0,0 @@
server:
server-count: 1
pidfile: "/var/run/nsd.pid"
verbosity: 1
hide-version: yes
statistics: 3600
zone:
name: 168.192.in-addr.arpa
zonefile: "/zones/%s.zone"

2
nsd/nsd.conf
View file

@ -6,3 +6,5 @@ server:
hide-version: yes hide-version: yes
statistics: 3600 statistics: 3600
include: /etc/nsd/nsd-local.conf

14
unbound-local.conf Normal file
View file

@ -0,0 +1,14 @@
domain-insecure: 168.192.in-addr.arpa.
private-address: 192.168.0.0/16
local-zone: "168.192.in-addr.arpa." nodefault
domain-insecure: local
private-domain: local
local-zone: local. nodefault
stub-zone:
name: "168.192.in-addr.arpa."
stub-addr: {{nsd}}
stub-zone:
name: local.
stub-addr: {{nsd}}

23
unbound.conf
View file

@ -1,23 +0,0 @@
server:
verbosity: 2
statistics-interval: 3600
interface: 0.0.0.0
# accept anything, firewall your ports!
access-control: 0.0.0.0/0 allow
logfile: ""
log-time-ascii: yes
log-queries: yes
root-hints: /etc/unbound/root.hints
trust-anchor-file: "/usr/share/dnssec-root/trusted-key.key"
include: /etc/unbound/localzone.conf.new
domain-insecure: 168.192.in-addr.arpa.
private-address: 192.168.0.0/16
local-zone: "168.192.in-addr.arpa." nodefault
forward-zone:
name: "168.192.in-addr.arpa."
forward-host: nsd.mock.zknt.org.

3
unbound/Dockerfile
View file

@ -1,8 +1,7 @@
FROM alpine:3.4 FROM alpine:3.4
RUN apk --no-cache add unbound perl &&\ RUN apk --no-cache add unbound &&\
unbound-anchor unbound-anchor
COPY unbound.conf /etc/unbound/unbound.conf COPY unbound.conf /etc/unbound/unbound.conf
COPY build-unbound-localzone-from-hosts.pl /
COPY entrypoint.sh / COPY entrypoint.sh /
EXPOSE 53 EXPOSE 53
CMD ["/entrypoint.sh", "-d"] CMD ["/entrypoint.sh", "-d"]

67
unbound/build-unbound-localzone-from-hosts.pl
View file

@ -1,67 +0,0 @@
#!/usr/bin/perl -WT
use strict;
use warnings;
my $hostsfile = '/etc/hosts';
my $localzonefile = '/etc/unbound/localzone.conf.new';
my $localzone = 'example.com';
open( HOSTS,"<${hostsfile}" ) or die( "Could not open ${hostsfile}: $!" );
open( ZONE,">${localzonefile}" ) or die( "Could not open ${localzonefile}: $!" );
print ZONE "server:\n\n";
print ZONE "local-zone: \"${localzone}\" transparent\n\n";
my %ptrhash;
while ( my $hostline = <HOSTS> ) {
# Skip comments
if ( $hostline !~ "^#" and $hostline !~ '^\s+$' ) {
my @entries = split( /\s+/, $hostline );
my $ip;
my $count = 0;
foreach my $entry ( @entries ) {
if ( $count == 0 ) {
$ip = $entry;
} else {
if ( $count == 1) {
# Only return localhost for 127.0.0.1 and ::1
if ( ($ip ne '127.0.0.1' and $ip ne '::1') or $entry =~ 'localhost' ) {
if ( ! defined $ptrhash{$ip} ) {
$ptrhash{$ip} = $entry;
print ZONE "local-data-ptr: \"$ip $entry\"\n";
}
}
}
# Use AAAA for IPv6 addresses
my $a = 'A';
if ( $ip =~ ':' ) {
$a = 'AAAA';
}
print ZONE "local-data: \"$entry ${a} $ip\"\n";
}
$count++;
}
print ZONE "\n";
}
}
__END__

2
unbound/entrypoint.sh
View file

@ -1,3 +1,3 @@
#!/bin/sh #!/bin/sh
/usr/bin/perl -T /build-unbound-localzone-from-hosts.pl sed "s/{{nsd}}/$(grep nsd /etc/hosts | awk -F' ' '{print $1}' | head -1)/g" /unbound-local.conf > /etc/unbound/unbound-local.conf
/usr/sbin/unbound $@ /usr/sbin/unbound $@

2
unbound/unbound.conf
View file

@ -11,4 +11,4 @@ server:
root-hints: /etc/unbound/root.hints root-hints: /etc/unbound/root.hints
trust-anchor-file: "/usr/share/dnssec-root/trusted-key.key" trust-anchor-file: "/usr/share/dnssec-root/trusted-key.key"
include: /etc/unbound/localzone.conf.new include: /etc/unbound/unbound-local.conf

17
zones/168.192.in-addr.arpa.zone
View file

@ -1,12 +1,11 @@
$ORIGIN 168.192.in-addr.arpa. $ORIGIN 168.192.in-addr.arpa.
$TTL 1800 $TTL 1800
@ IN SOA ns1.mock.zknt.org. hostmaster.zknt.org. ( @ SOA nsd. hostmaster.nsd. (
2014070201 ; serial number 2016091901
3600 ; refresh 3600
900 ; retry 900
1209600 ; expire 1209600
1800 ; ttl 1800
) )
IN NS ns1.mock.zknt.org. NS nsd.
1.0 PTR foo.local.
1.0 IN PTR foo.bar.

11
zones/local.zone Normal file
View file

@ -0,0 +1,11 @@
$ORIGIN local.
$TTL 1800
@ SOA nsd. hostmaster.nsd. (
2016091901
3600
900
1209600
1800
)
NS nsd.
foo A 192.168.0.1