From 592f54f809965815e165aad2ffd454879d5cd7a8 Mon Sep 17 00:00:00 2001 From: James Ketrenos Date: Tue, 10 Oct 2023 13:41:40 -0700 Subject: [PATCH] DNS working correctly, and restructured directories Signed-off-by: James Ketrenos --- dns/Dockerfile.dns | 2 + dns/etc/bind/named.conf.default-zones | 375 +++++++++++++------------- dns/etc/bind/named.conf.logging | 17 +- dns/etc/bind/named.conf.new | 51 ---- dns/etc/bind/named.conf.options | 9 +- dns/etc/bind/named.conf.options.new | 59 ---- dns/etc/dhcp/dhcpd.conf | 2 +- docker-compose.yml | 7 +- mail/etc/dovecot/private | 1 + web/etc/nginx/sites-available/default | 2 +- 10 files changed, 202 insertions(+), 323 deletions(-) delete mode 100644 dns/etc/bind/named.conf.new delete mode 100644 dns/etc/bind/named.conf.options.new create mode 120000 mail/etc/dovecot/private diff --git a/dns/Dockerfile.dns b/dns/Dockerfile.dns index e76871e..8787fb1 100644 --- a/dns/Dockerfile.dns +++ b/dns/Dockerfile.dns @@ -5,6 +5,8 @@ RUN apt-get -q update \ bind9 \ isc-dhcp-server \ openssh-server \ + net-tools \ + iputils-ping \ && apt-get clean \ && rm -rf /var/lib/apt/lists/{apt,dpkg,cache,log} diff --git a/dns/etc/bind/named.conf.default-zones b/dns/etc/bind/named.conf.default-zones index 83b4fdd..f01dd02 100644 --- a/dns/etc/bind/named.conf.default-zones +++ b/dns/etc/bind/named.conf.default-zones @@ -1,232 +1,217 @@ view "parent" { - match-clients { parent; }; + match-clients { parent; }; + recursion yes; + + forwarders { + // Google servers + 8.8.8.8; + + // Frontier DNS servers + 184.16.4.22; + 184.16.33.54; + }; + + // Prime the server with knowledge of the root servers + zone "." { + type hint; + file "/etc/bind/db.root"; + }; + + // Be authoritative for the localhost forward and reverse zones, + // and for broadcast zones as per RFC 1912 + zone "localhost" { + type master; + file "/etc/bind/db.local"; + }; + + zone "127.in-addr.arpa" { + type master; + file "/etc/bind/db.127"; + }; + + zone "0.in-addr.arpa" { + type master; + file "/etc/bind/db.0"; + }; + + zone "255.in-addr.arpa" { + type master; + file "/etc/bind/db.255"; + }; - recursion yes; + zone "1.168.192.in-addr.arpa" { + type slave; + masters { 192.168.1.78 key internal-key;}; + file "/var/lib/bind/db.1.168.192-parent"; + allow-transfer { any; }; + allow-notify { 192.168.1.78; key parent-key; }; + }; - forwarders { - // Google servers - 8.8.8.8; + zone "0.10.10.in-addr.arpa" { + type slave; + masters { 192.168.1.78 key internal-key; }; + file "/var/lib/bind/db.0.10.10"; + allow-transfer { any; }; + allow-notify { 192.168.1.78; key parent-key; }; + }; - // Frontier DNS servers - 184.16.4.22; - 184.16.33.54; - }; - - - // prime the server with knowledge of the root servers - zone "." { - type hint; - file "/etc/bind/db.root"; - }; - - // be authoritative for the localhost forward and reverse zones, and for - // broadcast zones as per RFC 1912 - - zone "localhost" { - type master; - file "/etc/bind/db.local"; - }; - - zone "127.in-addr.arpa" { - type master; - file "/etc/bind/db.127"; - }; - - zone "0.in-addr.arpa" { - type master; - file "/etc/bind/db.0"; - }; - - zone "255.in-addr.arpa" { - type master; - file "/etc/bind/db.255"; - }; - - - zone "1.168.192.in-addr.arpa" { - type slave; - masters { 192.168.1.78 key internal-key; }; - file "/var/lib/bind/db.1.168.192-parent"; - allow-transfer { any; }; - allow-notify { 192.168.1.78; key parent-key; };//any; }; -# allow-update { any; }; - }; - - zone "0.10.10.in-addr.arpa" { - type slave; - masters { 192.168.1.78 key internal-key; }; - file "/var/lib/bind/db.0.10.10"; - allow-transfer { any; }; - allow-notify { 192.168.1.78; key parent-key; };//any; }; -# allow-update { any; }; - }; -# 50.39.247.22 -# 85.126.50 -zone "85.126.50.in-addr.arpa" IN { + zone "85.126.50.in-addr.arpa" IN { type master; file "/var/lib/bind/85.126.50.in-addr.arpa"; allow-update { none; }; -}; - zone ketrenos.com { - type master; - file "/var/lib/bind/db.ketrenos.com-internal"; - allow-update { key ketrenos.com.; }; - }; + }; - zone "sketchitect.com" { - type master; - file "/var/lib/bind/db.sketchitect.com-internal"; - notify no; - }; + zone ketrenos.com { + type master; + file "/var/lib/bind/db.ketrenos.com-internal"; + allow-update { key ketrenos.com.; }; + }; - zone "portland-werewolf.com" { - type master; - file "/var/lib/bind/db.portland-werewolf.com-internal"; - notify no; - }; + zone "sketchitect.com" { + type master; + file "/var/lib/bind/db.sketchitect.com-internal"; + notify no; + }; - zone "kiaoramassage.com" { - type master; - file "/var/lib/bind/db.kiaoramassage.com-internal"; - notify no; - }; + zone "portland-werewolf.com" { + type master; + file "/var/lib/bind/db.portland-werewolf.com-internal"; + notify no; + }; + + zone "kiaoramassage.com" { + type master; + file "/var/lib/bind/db.kiaoramassage.com-internal"; + notify no; + }; }; view "internal" { - match-clients { ketrenos; }; - recursion yes; + match-clients { ketrenos; }; + recursion yes; -# 50.39.247.22 -# 85.126.50 -zone "85.126.50.in-addr.arpa" IN { + zone "85.126.50.in-addr.arpa" IN { type master; file "/var/lib/bind/85.126.50.in-addr.arpa"; allow-update { none; }; -}; + }; - forwarders { - // Cleanbrowsing DNS server - 185.228.168.10; - }; + forwarders { + // Cleanbrowsing DNS server + 185.228.168.10; + }; - // prime the server with knowledge of the root servers - zone "." { - type hint; - file "/etc/bind/db.root"; - }; + // Prime the server with knowledge of the root servers + zone "." { + type hint; + file "/etc/bind/db.root"; + }; - // be authoritative for the localhost forward and reverse zones, and for - // broadcast zones as per RFC 1912 - - zone "localhost" { - type master; - file "/etc/bind/db.local"; - }; - - zone "127.in-addr.arpa" { - type master; - file "/etc/bind/db.127"; - }; - - zone "0.in-addr.arpa" { - type master; - file "/etc/bind/db.0"; - }; - - zone "255.in-addr.arpa" { - type master; - file "/etc/bind/db.255"; - }; + // Be authoritative for the localhost forward and reverse zones, + // and for broadcast zones as per RFC 1912 + zone "localhost" { + type master; + file "/etc/bind/db.local"; + }; - zone ketrenos.com { - in-view "parent"; - }; + zone "127.in-addr.arpa" { + type master; + file "/etc/bind/db.127"; + }; - zone "sketchitect.com" { - type master; - file "/var/lib/bind/db.sketchitect.com-internal"; - notify no; - }; + zone "0.in-addr.arpa" { + type master; + file "/etc/bind/db.0"; + }; - zone "portland-werewolf.com" { - type master; - file "/var/lib/bind/db.portland-werewolf.com-internal"; - notify no; - }; + zone "255.in-addr.arpa" { + type master; + file "/etc/bind/db.255"; + }; - zone "kiaoramassage.com" { - type master; - file "/var/lib/bind/db.kiaoramassage.com-internal"; - notify no; - }; + zone ketrenos.com { + in-view "parent"; + }; - zone "1.168.192.in-addr.arpa"{ - type master; - file "/var/lib/bind/db.192.168.1"; - allow-update { key ketrenos.com.; }; - allow-query { 192.168.0.0/16; 127.0.0.1; }; - //also-notify { 192.168.1.78 key parent-key; }; - notify yes; - }; + zone "sketchitect.com" { + type master; + file "/var/lib/bind/db.sketchitect.com-internal"; + notify no; + }; - zone "0.10.10.in-addr.arpa" { - type master; - file "/var/lib/bind/db.10.10.0"; - allow-update { key ketrenos.com.; }; - allow-query { 10.10.0.0/24; 127.0.0.1; }; - //also-notify { 192.168.1.78 key parent-key; }; - notify yes; - }; + zone "portland-werewolf.com" { + type master; + file "/var/lib/bind/db.portland-werewolf.com-internal"; + notify no; + }; + + zone "kiaoramassage.com" { + type master; + file "/var/lib/bind/db.kiaoramassage.com-internal"; + notify no; + }; + + zone "1.168.192.in-addr.arpa" { + type master; + file "/var/lib/bind/db.192.168.1"; + allow-transfer { key internal-key; }; + allow-update { key ketrenos.com.; key internal-key; key parent-key; }; + allow-query { 192.168.0.0/16; 127.0.0.1; }; + notify yes; + }; + + zone "0.10.10.in-addr.arpa" { + type master; + file "/var/lib/bind/db.10.10.0"; + allow-update { key ketrenos.com.; key internal-key; key parent-key; }; + allow-query { 10.10.0.0/24; 127.0.0.1; }; + notify yes; + }; }; view "internet" { - match-clients { "any"; }; - recursion no; + match-clients { "any"; }; + recursion no; - zone "." { - type hint; - file "/etc/bind/db.root"; - }; + zone "." { + type hint; + file "/etc/bind/db.root"; + }; - zone "0.0.127.in-addr.arpa"{ - type master; - file "/etc/bind/db.127"; - }; + zone "0.0.127.in-addr.arpa" { + type master; + file "/etc/bind/db.127"; + }; -# zone "85.126.50.in-addr.arpa"{ -# type master; -# file "/var/lib/bind/db.50.39.247"; -# notify yes; -# }; -# 50.39.247.22 -# 85.126.50 -zone "85.126.50.in-addr.arpa" IN { + zone "85.126.50.in-addr.arpa" IN { type master; file "/var/lib/bind/85.126.50.in-addr.arpa"; allow-update { none; }; + }; + + zone ketrenos.com { + type master; + file "/var/lib/bind/db.ketrenos.com"; + allow-update { none; }; + notify yes; + }; + + zone "sketchitect.com" { + type master; + file "/var/lib/bind/db.sketchitect.com"; + notify yes; + }; + + zone "portland-werewolf.com" { + type master; + file "/var/lib/bind/db.portland-werewolf.com"; + notify yes; + }; + + zone "kiaoramassage.com" { + type master; + file "/var/lib/bind/db.kiaoramassage.com"; + notify yes; + }; }; - zone ketrenos.com { - type master; - file "/var/lib/bind/db.ketrenos.com"; - notify yes; - }; - - zone "sketchitect.com" { - type master; - file "/var/lib/bind/db.sketchitect.com"; - notify yes; - }; - zone "portland-werewolf.com" { - type master; - file "/var/lib/bind/db.portland-werewolf.com"; - notify yes; - }; - - zone "kiaoramassage.com" { - type master; - file "/var/lib/bind/db.kiaoramassage.com"; - notify yes; - }; -}; - diff --git a/dns/etc/bind/named.conf.logging b/dns/etc/bind/named.conf.logging index 88e5135..f247238 100644 --- a/dns/etc/bind/named.conf.logging +++ b/dns/etc/bind/named.conf.logging @@ -12,23 +12,22 @@ logging { category notify { default_log; }; category update { default_debug; }; category security { security_info; }; - category queries { queries_log; }; + category queries { queries_log; }; - category config { security_info; }; + category config { security_info; }; category default { default_log; }; - channel default_log { file "/var/log/named.log"; severity info; -//severity debug; + //severity debug; print-time yes; }; - channel queries_log { - file "/var/log/named-queries.log"; -// severity info; -severity debug; + channel queries_log { + file "/var/log/named-queries.log"; + // severity info; + severity debug; print-time yes; - }; + }; }; diff --git a/dns/etc/bind/named.conf.new b/dns/etc/bind/named.conf.new deleted file mode 100644 index 85982c0..0000000 --- a/dns/etc/bind/named.conf.new +++ /dev/null @@ -1,51 +0,0 @@ -// This is the primary configuration file for the BIND DNS server named. -// -// Please read /usr/share/doc/bind9/README.Debian.gz for information on the -// structure of BIND configuration files in Debian, *BEFORE* you customize -// this configuration file. -// -// If you are just adding zones, please do that in /etc/bind/named.conf.local - -include "/etc/bind/named.conf.options"; -include "/etc/bind/named.conf.local"; -include "/etc/bind/named.conf.default-zones"; - -logging { - category lame-servers { null; }; - - channel update_debug { - file "/var/log/named-update.log"; - severity info; - print-category yes; - print-severity yes; - print-time yes; - }; - - channel security_info { - file "/var/log/named-auth.log"; - severity info; - print-category yes; - print-severity yes; - print-time yes; - }; - - category update { update_debug; }; - category security { security_info; }; - category queries { queries_log; }; - - category config { security_info; }; - category default { default_log; }; - - channel default_log { - file "/var/log/named.log"; - severity info; - print-time yes; - }; - - channel queries_log { - file "/var/log/named-queries.log"; - severity info; - print-time yes; - }; -}; - diff --git a/dns/etc/bind/named.conf.options b/dns/etc/bind/named.conf.options index 21ac74e..a5122c9 100644 --- a/dns/etc/bind/named.conf.options +++ b/dns/etc/bind/named.conf.options @@ -27,6 +27,7 @@ acl ketrenos { !key parent-key; 192.168.0.0/16; 10.10.0.0/16; + 172.0.0.0/8; localhost; }; @@ -39,9 +40,9 @@ options { listen-on-v6 { none; }; - listen-on { any; }; //50.39.247.22; 192.168.1.1; 127.0.0.1; }; - allow-query { any; }; + listen-on { any; }; //50.39.247.22; 192.168.1.1; 127.0.0.1; }; + allow-query { any; }; - notify explicit; - allow-transfer { none; }; + notify explicit; + allow-transfer { none; }; }; diff --git a/dns/etc/bind/named.conf.options.new b/dns/etc/bind/named.conf.options.new deleted file mode 100644 index b4721bb..0000000 --- a/dns/etc/bind/named.conf.options.new +++ /dev/null @@ -1,59 +0,0 @@ -acl parent { - 192.168.1.152/32; - 192.168.1.101/32; -} - -acl ketrenos { - 192.168.0.0/16; - 10.0.0.0/24; - localhost; -}; - -// Options added based on Gentoo configuration -key DHCP_UPDATER { - algorithm HMAC-MD5.SIG-ALG.REG.INT; - secret N6LHZWHvV7AVTEZECW18Pw==; -}; - -options { - dnssec-enable yes; - dnssec-validation auto; - - auth-nxdomain no; # conform to RFC1035 - - listen-on-v6 { none; }; - - listen-on { 50.39.247.22; 192.168.1.1; 127.0.0.1; }; - allow-query { any; }; -}; - -view "ketrenos" { - match-clients { - ketrenos; - }; - - forwarders { - // Cleanbrowsing DNS server - 185.228.168.10; - - // OpenDNS filtered DNS servers - // 208.67.222.222; - // 208.67.220.220; - // 208.67.222.123; - // 208.67.220.123; - }; -}; - -view "ketrenos" { - match-clients { - parent; - } - forwarders { - // Google servers - 8.8.8.8; - - // Frontier DNS servers - 184.16.4.22; - 184.16.33.54; - }; -}; diff --git a/dns/etc/dhcp/dhcpd.conf b/dns/etc/dhcp/dhcpd.conf index feaf385..ee0c410 100644 --- a/dns/etc/dhcp/dhcpd.conf +++ b/dns/etc/dhcp/dhcpd.conf @@ -28,7 +28,7 @@ subnet 192.168.3.0 netmask 255.255.255.0 { } # Ignore docker interface -subnet 172.26.0.0 netmask 255.255.0.0 { +subnet 172.0.0.0 netmask 255.0.0.0 { } subnet 192.168.1.0 netmask 255.255.255.0 { diff --git a/docker-compose.yml b/docker-compose.yml index a32fda0..e1079ca 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -61,7 +61,7 @@ services: # Keys - ./keys/mail/etc/dkimkeys:/etc/dkimkeys:ro - ./keys/mail/etc/spamassassin/sa-update-keys/:/etc/spamassassin/sa-update-keys:rw - - ./keys/mail/etc/dovecot/private:/etc/dovecot/private:ro + - ./keys/mail/etc/dovecot/private:/etc/dovecot-private:ro # Authentication of dovecot users via pam # @@ -110,13 +110,14 @@ services: ketrenet-dns: image: ketrenet-dns container_name: ketrenet-dns - hostname: email + hostname: dns build: context: dns dockerfile: Dockerfile.dns restart: always ports: - - 53:53 # bind + - 53:53/udp # bind + - 53:53/tcp # bind - 67:67/udp # dhcp - 68:68/udp # dhcp volumes: diff --git a/mail/etc/dovecot/private b/mail/etc/dovecot/private new file mode 120000 index 0000000..04416e7 --- /dev/null +++ b/mail/etc/dovecot/private @@ -0,0 +1 @@ +../dovecot-private \ No newline at end of file diff --git a/web/etc/nginx/sites-available/default b/web/etc/nginx/sites-available/default index 9e6a71e..59f521b 100644 --- a/web/etc/nginx/sites-available/default +++ b/web/etc/nginx/sites-available/default @@ -132,7 +132,7 @@ server { } location /airsonic { - proxy_pass http://azurite.ketrenos.com:4040; + proxy_pass http://192.168.1.78:4040; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme;