jketreno/ketr.services
1
0
Fork 0
Code Issues Activity

DNS working correctly, and restructured directories

Browse Source 
Signed-off-by: James Ketrenos <james_git@ketrenos.com>
This commit is contained in:
James Ketr 2023-10-10 13:41:40 -07:00
parent ab8743f7ea
commit 592f54f809
10 changed files with 202 additions and 323 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
dns/Dockerfile.dns
View File

@ -5,6 +5,8 @@ RUN apt-get -q update \
bind9 \
isc-dhcp-server \
openssh-server \
net-tools \
iputils-ping \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/{apt,dpkg,cache,log}

375
dns/etc/bind/named.conf.default-zones
View File

@ -1,232 +1,217 @@
view "parent" {
match-clients { parent; };
match-clients { parent; };
recursion yes;
forwarders {
// Google servers
8.8.8.8;
// Frontier DNS servers
184.16.4.22;
184.16.33.54;
};
// Prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// Be authoritative for the localhost forward and reverse zones,
// and for broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
recursion yes;
zone "1.168.192.in-addr.arpa" {
type slave;
masters { 192.168.1.78 key internal-key;};
file "/var/lib/bind/db.1.168.192-parent";
allow-transfer { any; };
allow-notify { 192.168.1.78; key parent-key; };
};
forwarders {
// Google servers
8.8.8.8;
zone "0.10.10.in-addr.arpa" {
type slave;
masters { 192.168.1.78 key internal-key; };
file "/var/lib/bind/db.0.10.10";
allow-transfer { any; };
allow-notify { 192.168.1.78; key parent-key; };
};
// Frontier DNS servers
184.16.4.22;
184.16.33.54;
};
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
zone "1.168.192.in-addr.arpa" {
type slave;
masters { 192.168.1.78 key internal-key; };
file "/var/lib/bind/db.1.168.192-parent";
allow-transfer { any; };
allow-notify { 192.168.1.78; key parent-key; };//any; };
# allow-update { any; };
};
zone "0.10.10.in-addr.arpa" {
type slave;
masters { 192.168.1.78 key internal-key; };
file "/var/lib/bind/db.0.10.10";
allow-transfer { any; };
allow-notify { 192.168.1.78; key parent-key; };//any; };
# allow-update { any; };
};
# 50.39.247.22
# 85.126.50
zone "85.126.50.in-addr.arpa" IN {
zone "85.126.50.in-addr.arpa" IN {
type master;
file "/var/lib/bind/85.126.50.in-addr.arpa";
allow-update { none; };
};
zone ketrenos.com {
type master;
file "/var/lib/bind/db.ketrenos.com-internal";
allow-update { key ketrenos.com.; };
};
};
zone "sketchitect.com" {
type master;
file "/var/lib/bind/db.sketchitect.com-internal";
notify no;
};
zone ketrenos.com {
type master;
file "/var/lib/bind/db.ketrenos.com-internal";
allow-update { key ketrenos.com.; };
};
zone "portland-werewolf.com" {
type master;
file "/var/lib/bind/db.portland-werewolf.com-internal";
notify no;
};
zone "sketchitect.com" {
type master;
file "/var/lib/bind/db.sketchitect.com-internal";
notify no;
};
zone "kiaoramassage.com" {
type master;
file "/var/lib/bind/db.kiaoramassage.com-internal";
notify no;
};
zone "portland-werewolf.com" {
type master;
file "/var/lib/bind/db.portland-werewolf.com-internal";
notify no;
};
zone "kiaoramassage.com" {
type master;
file "/var/lib/bind/db.kiaoramassage.com-internal";
notify no;
};
};
view "internal" {
match-clients { ketrenos; };
recursion yes;
match-clients { ketrenos; };
recursion yes;
# 50.39.247.22
# 85.126.50
zone "85.126.50.in-addr.arpa" IN {
zone "85.126.50.in-addr.arpa" IN {
type master;
file "/var/lib/bind/85.126.50.in-addr.arpa";
allow-update { none; };
};
};
forwarders {
// Cleanbrowsing DNS server
185.228.168.10;
};
forwarders {
// Cleanbrowsing DNS server
185.228.168.10;
};
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// Prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
// Be authoritative for the localhost forward and reverse zones,
// and for broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone ketrenos.com {
in-view "parent";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "sketchitect.com" {
type master;
file "/var/lib/bind/db.sketchitect.com-internal";
notify no;
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "portland-werewolf.com" {
type master;
file "/var/lib/bind/db.portland-werewolf.com-internal";
notify no;
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
zone "kiaoramassage.com" {
type master;
file "/var/lib/bind/db.kiaoramassage.com-internal";
notify no;
};
zone ketrenos.com {
in-view "parent";
};
zone "1.168.192.in-addr.arpa"{
type master;
file "/var/lib/bind/db.192.168.1";
allow-update { key ketrenos.com.; };
allow-query { 192.168.0.0/16; 127.0.0.1; };
//also-notify { 192.168.1.78 key parent-key; };
notify yes;
};
zone "sketchitect.com" {
type master;
file "/var/lib/bind/db.sketchitect.com-internal";
notify no;
};
zone "0.10.10.in-addr.arpa" {
type master;
file "/var/lib/bind/db.10.10.0";
allow-update { key ketrenos.com.; };
allow-query { 10.10.0.0/24; 127.0.0.1; };
//also-notify { 192.168.1.78 key parent-key; };
notify yes;
};
zone "portland-werewolf.com" {
type master;
file "/var/lib/bind/db.portland-werewolf.com-internal";
notify no;
};
zone "kiaoramassage.com" {
type master;
file "/var/lib/bind/db.kiaoramassage.com-internal";
notify no;
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/var/lib/bind/db.192.168.1";
allow-transfer { key internal-key; };
allow-update { key ketrenos.com.; key internal-key; key parent-key; };
allow-query { 192.168.0.0/16; 127.0.0.1; };
notify yes;
};
zone "0.10.10.in-addr.arpa" {
type master;
file "/var/lib/bind/db.10.10.0";
allow-update { key ketrenos.com.; key internal-key; key parent-key; };
allow-query { 10.10.0.0/24; 127.0.0.1; };
notify yes;
};
};
view "internet" {
match-clients { "any"; };
recursion no;
match-clients { "any"; };
recursion no;
zone "." {
type hint;
file "/etc/bind/db.root";
};
zone "." {
type hint;
file "/etc/bind/db.root";
};
zone "0.0.127.in-addr.arpa"{
type master;
file "/etc/bind/db.127";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
# zone "85.126.50.in-addr.arpa"{
# type master;
# file "/var/lib/bind/db.50.39.247";
# notify yes;
# };
# 50.39.247.22
# 85.126.50
zone "85.126.50.in-addr.arpa" IN {
zone "85.126.50.in-addr.arpa" IN {
type master;
file "/var/lib/bind/85.126.50.in-addr.arpa";
allow-update { none; };
};
zone ketrenos.com {
type master;
file "/var/lib/bind/db.ketrenos.com";
allow-update { none; };
notify yes;
};
zone "sketchitect.com" {
type master;
file "/var/lib/bind/db.sketchitect.com";
notify yes;
};
zone "portland-werewolf.com" {
type master;
file "/var/lib/bind/db.portland-werewolf.com";
notify yes;
};
zone "kiaoramassage.com" {
type master;
file "/var/lib/bind/db.kiaoramassage.com";
notify yes;
};
};
zone ketrenos.com {
type master;
file "/var/lib/bind/db.ketrenos.com";
notify yes;
};
zone "sketchitect.com" {
type master;
file "/var/lib/bind/db.sketchitect.com";
notify yes;
};
zone "portland-werewolf.com" {
type master;
file "/var/lib/bind/db.portland-werewolf.com";
notify yes;
};
zone "kiaoramassage.com" {
type master;
file "/var/lib/bind/db.kiaoramassage.com";
notify yes;
};
};

17
dns/etc/bind/named.conf.logging
View File

@ -12,23 +12,22 @@ logging {
category notify { default_log; };
category update { default_debug; };
category security { security_info; };
category queries { queries_log; };
category queries { queries_log; };
category config { security_info; };
category config { security_info; };
category default { default_log; };
channel default_log {
file "/var/log/named.log";
severity info;
//severity debug;
//severity debug;
print-time yes;
};
channel queries_log {
file "/var/log/named-queries.log";
// severity info;
severity debug;
channel queries_log {
file "/var/log/named-queries.log";
// severity info;
severity debug;
print-time yes;
};
};
};

51
dns/etc/bind/named.conf.new
View File

@ -1,51 +0,0 @@
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
logging {
category lame-servers { null; };
channel update_debug {
file "/var/log/named-update.log";
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
channel security_info {
file "/var/log/named-auth.log";
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category update { update_debug; };
category security { security_info; };
category queries { queries_log; };
category config { security_info; };
category default { default_log; };
channel default_log {
file "/var/log/named.log";
severity info;
print-time yes;
};
channel queries_log {
file "/var/log/named-queries.log";
severity info;
print-time yes;
};
};

9
dns/etc/bind/named.conf.options
View File

@ -27,6 +27,7 @@ acl ketrenos {
!key parent-key;
192.168.0.0/16;
10.10.0.0/16;
172.0.0.0/8;
localhost;
};
@ -39,9 +40,9 @@ options {
listen-on-v6 { none; };
listen-on { any; }; //50.39.247.22; 192.168.1.1; 127.0.0.1; };
allow-query { any; };
listen-on { any; }; //50.39.247.22; 192.168.1.1; 127.0.0.1; };
allow-query { any; };
notify explicit;
allow-transfer { none; };
notify explicit;
allow-transfer { none; };
};

59
dns/etc/bind/named.conf.options.new
View File

@ -1,59 +0,0 @@
acl parent {
192.168.1.152/32;
192.168.1.101/32;
}
acl ketrenos {
192.168.0.0/16;
10.0.0.0/24;
localhost;
};
// Options added based on Gentoo configuration
key DHCP_UPDATER {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret N6LHZWHvV7AVTEZECW18Pw==;
};
options {
dnssec-enable yes;
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { none; };
listen-on { 50.39.247.22; 192.168.1.1; 127.0.0.1; };
allow-query { any; };
};
view "ketrenos" {
match-clients {
ketrenos;
};
forwarders {
// Cleanbrowsing DNS server
185.228.168.10;
// OpenDNS filtered DNS servers
// 208.67.222.222;
// 208.67.220.220;
// 208.67.222.123;
// 208.67.220.123;
};
};
view "ketrenos" {
match-clients {
parent;
}
forwarders {
// Google servers
8.8.8.8;
// Frontier DNS servers
184.16.4.22;
184.16.33.54;
};
};

2
dns/etc/dhcp/dhcpd.conf
View File

@ -28,7 +28,7 @@ subnet 192.168.3.0 netmask 255.255.255.0 {
}
# Ignore docker interface
subnet 172.26.0.0 netmask 255.255.0.0 {
subnet 172.0.0.0 netmask 255.0.0.0 {
}
subnet 192.168.1.0 netmask 255.255.255.0 {

7
docker-compose.yml
View File

@ -61,7 +61,7 @@ services:
# Keys
- ./keys/mail/etc/dkimkeys:/etc/dkimkeys:ro
- ./keys/mail/etc/spamassassin/sa-update-keys/:/etc/spamassassin/sa-update-keys:rw
- ./keys/mail/etc/dovecot/private:/etc/dovecot/private:ro
- ./keys/mail/etc/dovecot/private:/etc/dovecot-private:ro
# Authentication of dovecot users via pam
#
@ -110,13 +110,14 @@ services:
ketrenet-dns:
image: ketrenet-dns
container_name: ketrenet-dns
hostname: email
hostname: dns
build:
context: dns
dockerfile: Dockerfile.dns
restart: always
ports:
- 53:53 # bind
- 53:53/udp # bind
- 53:53/tcp # bind
- 67:67/udp # dhcp
- 68:68/udp # dhcp
volumes:

1
mail/etc/dovecot/private Symbolic link
View File

@ -0,0 +1 @@
../dovecot-private

2
web/etc/nginx/sites-available/default
View File

@ -132,7 +132,7 @@ server {
}
location /airsonic {
proxy_pass http://azurite.ketrenos.com:4040;
proxy_pass http://192.168.1.78:4040;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;