jketreno/ketr.services
1
0
Fork 0
Code Issues Activity

DNS working correctly, and restructured directories

Browse Source 
Signed-off-by: James Ketrenos <james_git@ketrenos.com>
This commit is contained in:
James Ketr 2023-10-10 13:41:40 -07:00
parent ab8743f7ea
commit 592f54f809
10 changed files with 202 additions and 323 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
dns/Dockerfile.dns
View File

@ -5,6 +5,8 @@ RUN apt-get -q update \
bind9 \ bind9 \
isc-dhcp-server \ isc-dhcp-server \
openssh-server \ openssh-server \
net-tools \
iputils-ping \
&& apt-get clean \ && apt-get clean \
&& rm -rf /var/lib/apt/lists/{apt,dpkg,cache,log} && rm -rf /var/lib/apt/lists/{apt,dpkg,cache,log}

375
dns/etc/bind/named.conf.default-zones
View File

@ -1,232 +1,217 @@
view "parent" { view "parent" {
match-clients { parent; }; match-clients { parent; };
recursion yes;
forwarders {
// Google servers
8.8.8.8;
// Frontier DNS servers
184.16.4.22;
184.16.33.54;
};
// Prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// Be authoritative for the localhost forward and reverse zones,
// and for broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
recursion yes; zone "1.168.192.in-addr.arpa" {
type slave;
masters { 192.168.1.78 key internal-key;};
file "/var/lib/bind/db.1.168.192-parent";
allow-transfer { any; };
allow-notify { 192.168.1.78; key parent-key; };
};
forwarders { zone "0.10.10.in-addr.arpa" {
// Google servers type slave;
8.8.8.8; masters { 192.168.1.78 key internal-key; };
file "/var/lib/bind/db.0.10.10";
allow-transfer { any; };
allow-notify { 192.168.1.78; key parent-key; };
};
// Frontier DNS servers zone "85.126.50.in-addr.arpa" IN {
184.16.4.22;
184.16.33.54;
};
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
zone "1.168.192.in-addr.arpa" {
type slave;
masters { 192.168.1.78 key internal-key; };
file "/var/lib/bind/db.1.168.192-parent";
allow-transfer { any; };
allow-notify { 192.168.1.78; key parent-key; };//any; };
# allow-update { any; };
};
zone "0.10.10.in-addr.arpa" {
type slave;
masters { 192.168.1.78 key internal-key; };
file "/var/lib/bind/db.0.10.10";
allow-transfer { any; };
allow-notify { 192.168.1.78; key parent-key; };//any; };
# allow-update { any; };
};
# 50.39.247.22
# 85.126.50
zone "85.126.50.in-addr.arpa" IN {
type master; type master;
file "/var/lib/bind/85.126.50.in-addr.arpa"; file "/var/lib/bind/85.126.50.in-addr.arpa";
allow-update { none; }; allow-update { none; };
}; };
zone ketrenos.com {
type master;
file "/var/lib/bind/db.ketrenos.com-internal";
allow-update { key ketrenos.com.; };
};
zone "sketchitect.com" { zone ketrenos.com {
type master; type master;
file "/var/lib/bind/db.sketchitect.com-internal"; file "/var/lib/bind/db.ketrenos.com-internal";
notify no; allow-update { key ketrenos.com.; };
}; };
zone "portland-werewolf.com" { zone "sketchitect.com" {
type master; type master;
file "/var/lib/bind/db.portland-werewolf.com-internal"; file "/var/lib/bind/db.sketchitect.com-internal";
notify no; notify no;
}; };
zone "kiaoramassage.com" { zone "portland-werewolf.com" {
type master; type master;
file "/var/lib/bind/db.kiaoramassage.com-internal"; file "/var/lib/bind/db.portland-werewolf.com-internal";
notify no; notify no;
}; };
zone "kiaoramassage.com" {
type master;
file "/var/lib/bind/db.kiaoramassage.com-internal";
notify no;
};
}; };
view "internal" { view "internal" {
match-clients { ketrenos; }; match-clients { ketrenos; };
recursion yes; recursion yes;
# 50.39.247.22 zone "85.126.50.in-addr.arpa" IN {
# 85.126.50
zone "85.126.50.in-addr.arpa" IN {
type master; type master;
file "/var/lib/bind/85.126.50.in-addr.arpa"; file "/var/lib/bind/85.126.50.in-addr.arpa";
allow-update { none; }; allow-update { none; };
}; };
forwarders { forwarders {
// Cleanbrowsing DNS server // Cleanbrowsing DNS server
185.228.168.10; 185.228.168.10;
}; };
// prime the server with knowledge of the root servers // Prime the server with knowledge of the root servers
zone "." { zone "." {
type hint; type hint;
file "/etc/bind/db.root"; file "/etc/bind/db.root";
}; };
// be authoritative for the localhost forward and reverse zones, and for // Be authoritative for the localhost forward and reverse zones,
// broadcast zones as per RFC 1912 // and for broadcast zones as per RFC 1912
zone "localhost" {
zone "localhost" { type master;
type master; file "/etc/bind/db.local";
file "/etc/bind/db.local"; };
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
zone ketrenos.com { zone "127.in-addr.arpa" {
in-view "parent"; type master;
}; file "/etc/bind/db.127";
};
zone "sketchitect.com" { zone "0.in-addr.arpa" {
type master; type master;
file "/var/lib/bind/db.sketchitect.com-internal"; file "/etc/bind/db.0";
notify no; };
};
zone "portland-werewolf.com" { zone "255.in-addr.arpa" {
type master; type master;
file "/var/lib/bind/db.portland-werewolf.com-internal"; file "/etc/bind/db.255";
notify no; };
};
zone "kiaoramassage.com" { zone ketrenos.com {
type master; in-view "parent";
file "/var/lib/bind/db.kiaoramassage.com-internal"; };
notify no;
};
zone "1.168.192.in-addr.arpa"{ zone "sketchitect.com" {
type master; type master;
file "/var/lib/bind/db.192.168.1"; file "/var/lib/bind/db.sketchitect.com-internal";
allow-update { key ketrenos.com.; }; notify no;
allow-query { 192.168.0.0/16; 127.0.0.1; }; };
//also-notify { 192.168.1.78 key parent-key; };
notify yes;
};
zone "0.10.10.in-addr.arpa" { zone "portland-werewolf.com" {
type master; type master;
file "/var/lib/bind/db.10.10.0"; file "/var/lib/bind/db.portland-werewolf.com-internal";
allow-update { key ketrenos.com.; }; notify no;
allow-query { 10.10.0.0/24; 127.0.0.1; }; };
//also-notify { 192.168.1.78 key parent-key; };
notify yes; zone "kiaoramassage.com" {
}; type master;
file "/var/lib/bind/db.kiaoramassage.com-internal";
notify no;
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/var/lib/bind/db.192.168.1";
allow-transfer { key internal-key; };
allow-update { key ketrenos.com.; key internal-key; key parent-key; };
allow-query { 192.168.0.0/16; 127.0.0.1; };
notify yes;
};
zone "0.10.10.in-addr.arpa" {
type master;
file "/var/lib/bind/db.10.10.0";
allow-update { key ketrenos.com.; key internal-key; key parent-key; };
allow-query { 10.10.0.0/24; 127.0.0.1; };
notify yes;
};
}; };
view "internet" { view "internet" {
match-clients { "any"; }; match-clients { "any"; };
recursion no; recursion no;
zone "." { zone "." {
type hint; type hint;
file "/etc/bind/db.root"; file "/etc/bind/db.root";
}; };
zone "0.0.127.in-addr.arpa"{ zone "0.0.127.in-addr.arpa" {
type master; type master;
file "/etc/bind/db.127"; file "/etc/bind/db.127";
}; };
# zone "85.126.50.in-addr.arpa"{ zone "85.126.50.in-addr.arpa" IN {
# type master;
# file "/var/lib/bind/db.50.39.247";
# notify yes;
# };
# 50.39.247.22
# 85.126.50
zone "85.126.50.in-addr.arpa" IN {
type master; type master;
file "/var/lib/bind/85.126.50.in-addr.arpa"; file "/var/lib/bind/85.126.50.in-addr.arpa";
allow-update { none; }; allow-update { none; };
};
zone ketrenos.com {
type master;
file "/var/lib/bind/db.ketrenos.com";
allow-update { none; };
notify yes;
};
zone "sketchitect.com" {
type master;
file "/var/lib/bind/db.sketchitect.com";
notify yes;
};
zone "portland-werewolf.com" {
type master;
file "/var/lib/bind/db.portland-werewolf.com";
notify yes;
};
zone "kiaoramassage.com" {
type master;
file "/var/lib/bind/db.kiaoramassage.com";
notify yes;
};
}; };
zone ketrenos.com {
type master;
file "/var/lib/bind/db.ketrenos.com";
notify yes;
};
zone "sketchitect.com" {
type master;
file "/var/lib/bind/db.sketchitect.com";
notify yes;
};
zone "portland-werewolf.com" {
type master;
file "/var/lib/bind/db.portland-werewolf.com";
notify yes;
};
zone "kiaoramassage.com" {
type master;
file "/var/lib/bind/db.kiaoramassage.com";
notify yes;
};
};

17
dns/etc/bind/named.conf.logging
View File

@ -12,23 +12,22 @@ logging {
category notify { default_log; }; category notify { default_log; };
category update { default_debug; }; category update { default_debug; };
category security { security_info; }; category security { security_info; };
category queries { queries_log; }; category queries { queries_log; };
category config { security_info; }; category config { security_info; };
category default { default_log; }; category default { default_log; };
channel default_log { channel default_log {
file "/var/log/named.log"; file "/var/log/named.log";
severity info; severity info;
//severity debug; //severity debug;
print-time yes; print-time yes;
}; };
channel queries_log { channel queries_log {
file "/var/log/named-queries.log"; file "/var/log/named-queries.log";
// severity info; // severity info;
severity debug; severity debug;
print-time yes; print-time yes;
}; };
}; };

51
dns/etc/bind/named.conf.new
View File

@ -1,51 +0,0 @@
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
logging {
category lame-servers { null; };
channel update_debug {
file "/var/log/named-update.log";
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
channel security_info {
file "/var/log/named-auth.log";
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category update { update_debug; };
category security { security_info; };
category queries { queries_log; };
category config { security_info; };
category default { default_log; };
channel default_log {
file "/var/log/named.log";
severity info;
print-time yes;
};
channel queries_log {
file "/var/log/named-queries.log";
severity info;
print-time yes;
};
};

9
dns/etc/bind/named.conf.options
View File

@ -27,6 +27,7 @@ acl ketrenos {
!key parent-key; !key parent-key;
192.168.0.0/16; 192.168.0.0/16;
10.10.0.0/16; 10.10.0.0/16;
172.0.0.0/8;
localhost; localhost;
}; };
@ -39,9 +40,9 @@ options {
listen-on-v6 { none; }; listen-on-v6 { none; };
listen-on { any; }; //50.39.247.22; 192.168.1.1; 127.0.0.1; }; listen-on { any; }; //50.39.247.22; 192.168.1.1; 127.0.0.1; };
allow-query { any; }; allow-query { any; };
notify explicit; notify explicit;
allow-transfer { none; }; allow-transfer { none; };
}; };

59
dns/etc/bind/named.conf.options.new
View File

@ -1,59 +0,0 @@
acl parent {
192.168.1.152/32;
192.168.1.101/32;
}
acl ketrenos {
192.168.0.0/16;
10.0.0.0/24;
localhost;
};
// Options added based on Gentoo configuration
key DHCP_UPDATER {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret N6LHZWHvV7AVTEZECW18Pw==;
};
options {
dnssec-enable yes;
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { none; };
listen-on { 50.39.247.22; 192.168.1.1; 127.0.0.1; };
allow-query { any; };
};
view "ketrenos" {
match-clients {
ketrenos;
};
forwarders {
// Cleanbrowsing DNS server
185.228.168.10;
// OpenDNS filtered DNS servers
// 208.67.222.222;
// 208.67.220.220;
// 208.67.222.123;
// 208.67.220.123;
};
};
view "ketrenos" {
match-clients {
parent;
}
forwarders {
// Google servers
8.8.8.8;
// Frontier DNS servers
184.16.4.22;
184.16.33.54;
};
};

2
dns/etc/dhcp/dhcpd.conf
View File

@ -28,7 +28,7 @@ subnet 192.168.3.0 netmask 255.255.255.0 {
} }
# Ignore docker interface # Ignore docker interface
subnet 172.26.0.0 netmask 255.255.0.0 { subnet 172.0.0.0 netmask 255.0.0.0 {
} }
subnet 192.168.1.0 netmask 255.255.255.0 { subnet 192.168.1.0 netmask 255.255.255.0 {

7
docker-compose.yml
View File

@ -61,7 +61,7 @@ services:
# Keys # Keys
- ./keys/mail/etc/dkimkeys:/etc/dkimkeys:ro - ./keys/mail/etc/dkimkeys:/etc/dkimkeys:ro
- ./keys/mail/etc/spamassassin/sa-update-keys/:/etc/spamassassin/sa-update-keys:rw - ./keys/mail/etc/spamassassin/sa-update-keys/:/etc/spamassassin/sa-update-keys:rw
- ./keys/mail/etc/dovecot/private:/etc/dovecot/private:ro - ./keys/mail/etc/dovecot/private:/etc/dovecot-private:ro
# Authentication of dovecot users via pam # Authentication of dovecot users via pam
# #
@ -110,13 +110,14 @@ services:
ketrenet-dns: ketrenet-dns:
image: ketrenet-dns image: ketrenet-dns
container_name: ketrenet-dns container_name: ketrenet-dns
hostname: email hostname: dns
build: build:
context: dns context: dns
dockerfile: Dockerfile.dns dockerfile: Dockerfile.dns
restart: always restart: always
ports: ports:
- 53:53 # bind - 53:53/udp # bind
- 53:53/tcp # bind
- 67:67/udp # dhcp - 67:67/udp # dhcp
- 68:68/udp # dhcp - 68:68/udp # dhcp
volumes: volumes:

1
mail/etc/dovecot/private Symbolic link
View File

@ -0,0 +1 @@
../dovecot-private

2
web/etc/nginx/sites-available/default
View File

@ -132,7 +132,7 @@ server {
} }
location /airsonic { location /airsonic {
proxy_pass http://azurite.ketrenos.com:4040; proxy_pass http://192.168.1.78:4040;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;