DNS working correctly, and restructured directories

Signed-off-by: James Ketrenos <james_git@ketrenos.com>
2023-10-10 13:41:40 -07:00 · 2023-10-10 13:41:40 -07:00 · 592f54f809
commit 592f54f809
parent ab8743f7ea
10 changed files with 202 additions and 323 deletions
--- a/dns/Dockerfile.dns
+++ b/dns/Dockerfile.dns
@ -5,6 +5,8 @@ RUN apt-get -q update \
    bind9 \
    isc-dhcp-server \
    openssh-server \
    net-tools \
    iputils-ping \
  && apt-get clean \
  && rm -rf /var/lib/apt/lists/{apt,dpkg,cache,log}
--- a/dns/etc/bind/named.conf.default-zones
+++ b/dns/etc/bind/named.conf.default-zones
@ -1,7 +1,6 @@
 view "parent" {
    match-clients { parent; };
    recursion yes;
    forwarders {
@ -13,16 +12,14 @@ view "parent" {
        184.16.33.54;
    };
-
+    // Prime the server with knowledge of the root servers
  // prime the server with knowledge of the root servers
    zone "." {
        type hint;
        file "/etc/bind/db.root";
    };
-	// be authoritative for the localhost forward and reverse zones, and for
+    // Be authoritative for the localhost forward and reverse zones,
-	// broadcast zones as per RFC 1912
+    // and for broadcast zones as per RFC 1912
    zone "localhost" {
        type master;
        file "/etc/bind/db.local";
@ -43,14 +40,12 @@ view "parent" {
        file "/etc/bind/db.255";
    };
    zone "1.168.192.in-addr.arpa" {
        type slave;
        masters { 192.168.1.78 key internal-key;};
        file "/var/lib/bind/db.1.168.192-parent";
        allow-transfer { any; };
-          allow-notify { 192.168.1.78; key parent-key; };//any; };
+        allow-notify { 192.168.1.78; key parent-key; };
 #          allow-update { any; };
    };
    zone "0.10.10.in-addr.arpa" {
@ -58,16 +53,15 @@ view "parent" {
        masters { 192.168.1.78 key internal-key; };
        file "/var/lib/bind/db.0.10.10";
        allow-transfer { any; };
-          allow-notify { 192.168.1.78; key parent-key; };//any; };
+        allow-notify { 192.168.1.78; key parent-key; };
 #          allow-update { any; };
    };
-# 50.39.247.22
+
 # 85.126.50
    zone "85.126.50.in-addr.arpa" IN {
        type master;
        file "/var/lib/bind/85.126.50.in-addr.arpa";
        allow-update { none; };
    };
    zone ketrenos.com {
        type master;
        file "/var/lib/bind/db.ketrenos.com-internal";
@ -97,8 +91,6 @@ view "internal" {
    match-clients { ketrenos; };
    recursion yes;
 # 50.39.247.22
 # 85.126.50
    zone "85.126.50.in-addr.arpa" IN {
        type master;
        file "/var/lib/bind/85.126.50.in-addr.arpa";
@ -110,15 +102,14 @@ zone "85.126.50.in-addr.arpa" IN {
        185.228.168.10;
    };
-  // prime the server with knowledge of the root servers
+    // Prime the server with knowledge of the root servers
    zone "." {
        type hint;
        file "/etc/bind/db.root";
    };
-  // be authoritative for the localhost forward and reverse zones, and for
+    // Be authoritative for the localhost forward and reverse zones,
-  // broadcast zones as per RFC 1912
+    // and for broadcast zones as per RFC 1912
    zone "localhost" {
        type master;
        file "/etc/bind/db.local";
@ -164,18 +155,17 @@ zone "85.126.50.in-addr.arpa" IN {
    zone "1.168.192.in-addr.arpa" {
        type master;
        file "/var/lib/bind/db.192.168.1";
-          allow-update { key ketrenos.com.; };
+        allow-transfer { key internal-key; };
        allow-update { key ketrenos.com.; key internal-key; key parent-key; };
        allow-query { 192.168.0.0/16; 127.0.0.1; };
          //also-notify { 192.168.1.78 key parent-key; };
        notify yes;
    };
    zone "0.10.10.in-addr.arpa" {
        type master;
        file "/var/lib/bind/db.10.10.0";
-          allow-update { key ketrenos.com.; };
+        allow-update { key ketrenos.com.; key internal-key; key parent-key; };
        allow-query { 10.10.0.0/24; 127.0.0.1; };
          //also-notify { 192.168.1.78 key parent-key; };
        notify yes;
    };
 };
@ -194,21 +184,16 @@ view "internet" {
        file "/etc/bind/db.127";
    };
 #        zone "85.126.50.in-addr.arpa"{
 #                type master;
 #                file "/var/lib/bind/db.50.39.247";
 #                notify yes;
 #        };
 # 50.39.247.22
 # 85.126.50
    zone "85.126.50.in-addr.arpa" IN {
        type master;
        file "/var/lib/bind/85.126.50.in-addr.arpa";
        allow-update { none; };
    };
    zone ketrenos.com {
        type master;
        file "/var/lib/bind/db.ketrenos.com";
        allow-update { none; };
        notify yes;
    };
@ -217,6 +202,7 @@ zone "85.126.50.in-addr.arpa" IN {
        file "/var/lib/bind/db.sketchitect.com";
        notify yes;
    };
    zone "portland-werewolf.com" {
        type master;
        file "/var/lib/bind/db.portland-werewolf.com";
@ -229,4 +215,3 @@ zone "85.126.50.in-addr.arpa" IN {
        notify yes;
    };
 };
--- a/dns/etc/bind/named.conf.logging
+++ b/dns/etc/bind/named.conf.logging
@ -17,7 +17,6 @@ logging {
        category config { security_info; };
        category default { default_log; };
        channel default_log {
                file "/var/log/named.log";
                severity info;
--- a/dns/etc/bind/named.conf.new
+++ b/dns/etc/bind/named.conf.new
@ -1,51 +0,0 @@
 // This is the primary configuration file for the BIND DNS server named.
 //
 // Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
 // structure of BIND configuration files in Debian, *BEFORE* you customize 
 // this configuration file.
 //
 // If you are just adding zones, please do that in /etc/bind/named.conf.local
 include "/etc/bind/named.conf.options";
 include "/etc/bind/named.conf.local";
 include "/etc/bind/named.conf.default-zones";
 logging {
        category lame-servers { null; };
        channel update_debug {
                file "/var/log/named-update.log";
                severity info;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        channel security_info {
                file "/var/log/named-auth.log";
                severity info;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        category update { update_debug; };
        category security { security_info; };
 	category queries { queries_log; };
 	category config { security_info; };
        category default { default_log; };
        channel default_log {
                file "/var/log/named.log";
                severity info;
                print-time yes;
        };
 	channel queries_log {
 		file "/var/log/named-queries.log";
                severity info;
                print-time yes;
 	};
 };
--- a/dns/etc/bind/named.conf.options
+++ b/dns/etc/bind/named.conf.options
@ -27,6 +27,7 @@ acl ketrenos {
  !key parent-key;
  192.168.0.0/16;
  10.10.0.0/16;
  172.0.0.0/8;
  localhost;
 };
--- a/dns/etc/bind/named.conf.options.new
+++ b/dns/etc/bind/named.conf.options.new
@ -1,59 +0,0 @@
 acl parent {
  192.168.1.152/32;
  192.168.1.101/32;
 }
 acl ketrenos {
  192.168.0.0/16;
  10.0.0.0/24;
  localhost;
 };
 // Options added based on Gentoo configuration
 key DHCP_UPDATER {
        algorithm HMAC-MD5.SIG-ALG.REG.INT;
        secret N6LHZWHvV7AVTEZECW18Pw==;
 };
 options {
  dnssec-enable yes;
  dnssec-validation auto;
  auth-nxdomain no;    # conform to RFC1035
  listen-on-v6 { none; };
  listen-on { 50.39.247.22; 192.168.1.1; 127.0.0.1; };
  allow-query { any; };
 };
 view "ketrenos" {
  match-clients {
    ketrenos;
  };
  forwarders {
    // Cleanbrowsing DNS server
    185.228.168.10;
    // OpenDNS filtered DNS servers
    //		208.67.222.222;
    //		208.67.220.220;
    //		208.67.222.123;
    //		208.67.220.123;
  };
 };
 view "ketrenos" {
  match-clients {
    parent;
  }
  forwarders {
    // Google servers
    8.8.8.8;
    // Frontier DNS servers
    184.16.4.22;
    184.16.33.54;
  };
 };
--- a/dns/etc/dhcp/dhcpd.conf
+++ b/dns/etc/dhcp/dhcpd.conf
@ -28,7 +28,7 @@ subnet 192.168.3.0 netmask 255.255.255.0 {
 }
 # Ignore docker interface
-subnet 172.26.0.0 netmask 255.255.0.0 {
+subnet 172.0.0.0 netmask 255.0.0.0 {
 }
 subnet 192.168.1.0 netmask 255.255.255.0 {
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -61,7 +61,7 @@ services:
      # Keys
      - ./keys/mail/etc/dkimkeys:/etc/dkimkeys:ro
      - ./keys/mail/etc/spamassassin/sa-update-keys/:/etc/spamassassin/sa-update-keys:rw
-      - ./keys/mail/etc/dovecot/private:/etc/dovecot/private:ro
+      - ./keys/mail/etc/dovecot/private:/etc/dovecot-private:ro
      # Authentication of dovecot users via pam
      #
@ -110,13 +110,14 @@ services:
  ketrenet-dns:
    image: ketrenet-dns
    container_name: ketrenet-dns
-    hostname: email
+    hostname: dns
    build:
      context: dns
      dockerfile: Dockerfile.dns
    restart: always
    ports:
-      - 53:53     # bind
+      - 53:53/udp # bind
      - 53:53/tcp # bind
      - 67:67/udp # dhcp
      - 68:68/udp # dhcp
    volumes:
--- a/mail/etc/dovecot/private
+++ b/mail/etc/dovecot/private
@ -0,0 +1 @@
 ../dovecot-private
--- a/web/etc/nginx/sites-available/default
+++ b/web/etc/nginx/sites-available/default
@ -132,7 +132,7 @@ server {
 	}
  location /airsonic {
-    proxy_pass http://azurite.ketrenos.com:4040;
+    proxy_pass http://192.168.1.78:4040;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;