jketreno/ketr.services
1
0
Fork 0
Code Issues Activity

DNS working correctly, and restructured directories

Browse Source 
Signed-off-by: James Ketrenos <james_git@ketrenos.com>
This commit is contained in:
James Ketr 2023-10-10 13:41:40 -07:00
parent ab8743f7ea
commit 592f54f809
10 changed files with 202 additions and 323 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
dns/Dockerfile.dns
View File

@ -5,6 +5,8 @@ RUN apt-get -q update \
bind9 \ bind9 \
isc-dhcp-server \ isc-dhcp-server \
openssh-server \ openssh-server \
net-tools \
iputils-ping \
&& apt-get clean \ && apt-get clean \
&& rm -rf /var/lib/apt/lists/{apt,dpkg,cache,log} && rm -rf /var/lib/apt/lists/{apt,dpkg,cache,log}

65
dns/etc/bind/named.conf.default-zones
View File

@ -1,7 +1,6 @@
view "parent" { view "parent" {
match-clients { parent; }; match-clients { parent; };
recursion yes; recursion yes;
forwarders { forwarders {
@ -13,16 +12,14 @@ view "parent" {
184.16.33.54; 184.16.33.54;
}; };
// Prime the server with knowledge of the root servers
// prime the server with knowledge of the root servers
zone "." { zone "." {
type hint; type hint;
file "/etc/bind/db.root"; file "/etc/bind/db.root";
}; };
// be authoritative for the localhost forward and reverse zones, and for // Be authoritative for the localhost forward and reverse zones,
// broadcast zones as per RFC 1912 // and for broadcast zones as per RFC 1912
zone "localhost" { zone "localhost" {
type master; type master;
file "/etc/bind/db.local"; file "/etc/bind/db.local";
@ -43,14 +40,12 @@ view "parent" {
file "/etc/bind/db.255"; file "/etc/bind/db.255";
}; };
zone "1.168.192.in-addr.arpa" { zone "1.168.192.in-addr.arpa" {
type slave; type slave;
masters { 192.168.1.78 key internal-key; }; masters { 192.168.1.78 key internal-key;};
file "/var/lib/bind/db.1.168.192-parent"; file "/var/lib/bind/db.1.168.192-parent";
allow-transfer { any; }; allow-transfer { any; };
allow-notify { 192.168.1.78; key parent-key; };//any; }; allow-notify { 192.168.1.78; key parent-key; };
# allow-update { any; };
}; };
zone "0.10.10.in-addr.arpa" { zone "0.10.10.in-addr.arpa" {
@ -58,16 +53,15 @@ view "parent" {
masters { 192.168.1.78 key internal-key; }; masters { 192.168.1.78 key internal-key; };
file "/var/lib/bind/db.0.10.10"; file "/var/lib/bind/db.0.10.10";
allow-transfer { any; }; allow-transfer { any; };
allow-notify { 192.168.1.78; key parent-key; };//any; }; allow-notify { 192.168.1.78; key parent-key; };
# allow-update { any; };
}; };
# 50.39.247.22
# 85.126.50 zone "85.126.50.in-addr.arpa" IN {
zone "85.126.50.in-addr.arpa" IN {
type master; type master;
file "/var/lib/bind/85.126.50.in-addr.arpa"; file "/var/lib/bind/85.126.50.in-addr.arpa";
allow-update { none; }; allow-update { none; };
}; };
zone ketrenos.com { zone ketrenos.com {
type master; type master;
file "/var/lib/bind/db.ketrenos.com-internal"; file "/var/lib/bind/db.ketrenos.com-internal";
@ -97,28 +91,25 @@ view "internal" {
match-clients { ketrenos; }; match-clients { ketrenos; };
recursion yes; recursion yes;
# 50.39.247.22 zone "85.126.50.in-addr.arpa" IN {
# 85.126.50
zone "85.126.50.in-addr.arpa" IN {
type master; type master;
file "/var/lib/bind/85.126.50.in-addr.arpa"; file "/var/lib/bind/85.126.50.in-addr.arpa";
allow-update { none; }; allow-update { none; };
}; };
forwarders { forwarders {
// Cleanbrowsing DNS server // Cleanbrowsing DNS server
185.228.168.10; 185.228.168.10;
}; };
// prime the server with knowledge of the root servers // Prime the server with knowledge of the root servers
zone "." { zone "." {
type hint; type hint;
file "/etc/bind/db.root"; file "/etc/bind/db.root";
}; };
// be authoritative for the localhost forward and reverse zones, and for // Be authoritative for the localhost forward and reverse zones,
// broadcast zones as per RFC 1912 // and for broadcast zones as per RFC 1912
zone "localhost" { zone "localhost" {
type master; type master;
file "/etc/bind/db.local"; file "/etc/bind/db.local";
@ -161,21 +152,20 @@ zone "85.126.50.in-addr.arpa" IN {
notify no; notify no;
}; };
zone "1.168.192.in-addr.arpa"{ zone "1.168.192.in-addr.arpa" {
type master; type master;
file "/var/lib/bind/db.192.168.1"; file "/var/lib/bind/db.192.168.1";
allow-update { key ketrenos.com.; }; allow-transfer { key internal-key; };
allow-update { key ketrenos.com.; key internal-key; key parent-key; };
allow-query { 192.168.0.0/16; 127.0.0.1; }; allow-query { 192.168.0.0/16; 127.0.0.1; };
//also-notify { 192.168.1.78 key parent-key; };
notify yes; notify yes;
}; };
zone "0.10.10.in-addr.arpa" { zone "0.10.10.in-addr.arpa" {
type master; type master;
file "/var/lib/bind/db.10.10.0"; file "/var/lib/bind/db.10.10.0";
allow-update { key ketrenos.com.; }; allow-update { key ketrenos.com.; key internal-key; key parent-key; };
allow-query { 10.10.0.0/24; 127.0.0.1; }; allow-query { 10.10.0.0/24; 127.0.0.1; };
//also-notify { 192.168.1.78 key parent-key; };
notify yes; notify yes;
}; };
}; };
@ -189,26 +179,21 @@ view "internet" {
file "/etc/bind/db.root"; file "/etc/bind/db.root";
}; };
zone "0.0.127.in-addr.arpa"{ zone "0.0.127.in-addr.arpa" {
type master; type master;
file "/etc/bind/db.127"; file "/etc/bind/db.127";
}; };
# zone "85.126.50.in-addr.arpa"{ zone "85.126.50.in-addr.arpa" IN {
# type master;
# file "/var/lib/bind/db.50.39.247";
# notify yes;
# };
# 50.39.247.22
# 85.126.50
zone "85.126.50.in-addr.arpa" IN {
type master; type master;
file "/var/lib/bind/85.126.50.in-addr.arpa"; file "/var/lib/bind/85.126.50.in-addr.arpa";
allow-update { none; }; allow-update { none; };
}; };
zone ketrenos.com { zone ketrenos.com {
type master; type master;
file "/var/lib/bind/db.ketrenos.com"; file "/var/lib/bind/db.ketrenos.com";
allow-update { none; };
notify yes; notify yes;
}; };
@ -217,6 +202,7 @@ zone "85.126.50.in-addr.arpa" IN {
file "/var/lib/bind/db.sketchitect.com"; file "/var/lib/bind/db.sketchitect.com";
notify yes; notify yes;
}; };
zone "portland-werewolf.com" { zone "portland-werewolf.com" {
type master; type master;
file "/var/lib/bind/db.portland-werewolf.com"; file "/var/lib/bind/db.portland-werewolf.com";
@ -229,4 +215,3 @@ zone "85.126.50.in-addr.arpa" IN {
notify yes; notify yes;
}; };
}; };

7
dns/etc/bind/named.conf.logging
View File

@ -17,18 +17,17 @@ logging {
category config { security_info; }; category config { security_info; };
category default { default_log; }; category default { default_log; };
channel default_log { channel default_log {
file "/var/log/named.log"; file "/var/log/named.log";
severity info; severity info;
//severity debug; //severity debug;
print-time yes; print-time yes;
}; };
channel queries_log { channel queries_log {
file "/var/log/named-queries.log"; file "/var/log/named-queries.log";
// severity info; // severity info;
severity debug; severity debug;
print-time yes; print-time yes;
}; };
}; };

51
dns/etc/bind/named.conf.new
View File

@ -1,51 +0,0 @@
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
logging {
category lame-servers { null; };
channel update_debug {
file "/var/log/named-update.log";
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
channel security_info {
file "/var/log/named-auth.log";
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category update { update_debug; };
category security { security_info; };
category queries { queries_log; };
category config { security_info; };
category default { default_log; };
channel default_log {
file "/var/log/named.log";
severity info;
print-time yes;
};
channel queries_log {
file "/var/log/named-queries.log";
severity info;
print-time yes;
};
};

1
dns/etc/bind/named.conf.options
View File

@ -27,6 +27,7 @@ acl ketrenos {
!key parent-key; !key parent-key;
192.168.0.0/16; 192.168.0.0/16;
10.10.0.0/16; 10.10.0.0/16;
172.0.0.0/8;
localhost; localhost;
}; };

59
dns/etc/bind/named.conf.options.new
View File

@ -1,59 +0,0 @@
acl parent {
192.168.1.152/32;
192.168.1.101/32;
}
acl ketrenos {
192.168.0.0/16;
10.0.0.0/24;
localhost;
};
// Options added based on Gentoo configuration
key DHCP_UPDATER {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret N6LHZWHvV7AVTEZECW18Pw==;
};
options {
dnssec-enable yes;
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { none; };
listen-on { 50.39.247.22; 192.168.1.1; 127.0.0.1; };
allow-query { any; };
};
view "ketrenos" {
match-clients {
ketrenos;
};
forwarders {
// Cleanbrowsing DNS server
185.228.168.10;
// OpenDNS filtered DNS servers
// 208.67.222.222;
// 208.67.220.220;
// 208.67.222.123;
// 208.67.220.123;
};
};
view "ketrenos" {
match-clients {
parent;
}
forwarders {
// Google servers
8.8.8.8;
// Frontier DNS servers
184.16.4.22;
184.16.33.54;
};
};

2
dns/etc/dhcp/dhcpd.conf
View File

@ -28,7 +28,7 @@ subnet 192.168.3.0 netmask 255.255.255.0 {
} }
# Ignore docker interface # Ignore docker interface
subnet 172.26.0.0 netmask 255.255.0.0 { subnet 172.0.0.0 netmask 255.0.0.0 {
} }
subnet 192.168.1.0 netmask 255.255.255.0 { subnet 192.168.1.0 netmask 255.255.255.0 {

7
docker-compose.yml
View File

@ -61,7 +61,7 @@ services:
# Keys # Keys
- ./keys/mail/etc/dkimkeys:/etc/dkimkeys:ro - ./keys/mail/etc/dkimkeys:/etc/dkimkeys:ro
- ./keys/mail/etc/spamassassin/sa-update-keys/:/etc/spamassassin/sa-update-keys:rw - ./keys/mail/etc/spamassassin/sa-update-keys/:/etc/spamassassin/sa-update-keys:rw
- ./keys/mail/etc/dovecot/private:/etc/dovecot/private:ro - ./keys/mail/etc/dovecot/private:/etc/dovecot-private:ro
# Authentication of dovecot users via pam # Authentication of dovecot users via pam
# #
@ -110,13 +110,14 @@ services:
ketrenet-dns: ketrenet-dns:
image: ketrenet-dns image: ketrenet-dns
container_name: ketrenet-dns container_name: ketrenet-dns
hostname: email hostname: dns
build: build:
context: dns context: dns
dockerfile: Dockerfile.dns dockerfile: Dockerfile.dns
restart: always restart: always
ports: ports:
- 53:53 # bind - 53:53/udp # bind
- 53:53/tcp # bind
- 67:67/udp # dhcp - 67:67/udp # dhcp
- 68:68/udp # dhcp - 68:68/udp # dhcp
volumes: volumes:

1
mail/etc/dovecot/private Symbolic link
View File

@ -0,0 +1 @@
../dovecot-private

2
web/etc/nginx/sites-available/default
View File

@ -132,7 +132,7 @@ server {
} }
location /airsonic { location /airsonic {
proxy_pass http://azurite.ketrenos.com:4040; proxy_pass http://192.168.1.78:4040;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;