add dnsdist for pubdns

Dockerfile.dnsdist

@@ -0,0 +1,12 @@
+FROM docker-registry1.in.thelinuxpro.net:5000/tlp/tlp_ubuntu:latest
+
+RUN apt update && apt upgrade -y
+RUN apt install -y dnsdist
+RUN apt clean
+
+EXPOSE 53/tcp 53/udp
+
+COPY dnsdist.conf /etc/dnsdist/dnsdist.conf
+
+ENTRYPOINT ["/usr/bin/dnsdist", "--uid", "_dnsdist", "--gid", "_dnsdist"]
+CMD ["--supervised"]

Jenkinsfile

@@ -19,6 +19,7 @@ pipeline {
 	script {
 	  def status_p = sh(returnStatus: true, script: 'docker images | grep bind9-primary | grep $(grep image docker-compose.yml | grep primary | awk -F\':\' \'{ print $4 }\')')
 	  def status_s = sh(returnStatus: true, script: 'docker images | grep bind9-secondary | grep $(grep image docker-compose.yml | grep secondary | awk -F\':\' \'{ print $4 }\')')
+	  def status_d = sh(returnStatus: true, script: 'docker images | grep pubdnsdist | grep $(grep image docker-compose.yml | grep pubdnsdist | awk -F\':\' \'{ print $4 }\')')
 
 	  if (status_p != 0) {
 	    sh 'docker compose build primary --push'
@@ -31,6 +32,12 @@ pipeline {
 	  } else {
 	    echo "Secondary Image version already exists, no need to rebuild."
 	  }
+
+	  if (status_d != 0) {
+	    sh 'docker compose build pubdnsdist --push'
+	  } else {
+	    echo "pubdnsdist Image version already exists, no need to rebuild."
+	  }
 	}
       }
     }
@@ -69,16 +76,17 @@ pipeline {
     stage('Create contexts') {
       steps {
     	sh 'docker context ls | grep pi502 || docker context create pi502 --docker "host=ssh://pi502.in.thelinuxpro.net"'
+    	sh 'docker context ls | grep pi503 || docker context create pi503 --docker "host=ssh://pi503.in.thelinuxpro.net"'
       }
     }
 
-    stage('Stop secondary container') {
+    stage('Stop secondary container 1') {
       steps {
 	script {
-	  def status_s = sh(returnStatus: true, script: 'grep $(docker --context pi502 compose ps | tail -n1 | awk \'{ print $2 }\') docker-compose.yml')
+	  def status_s = sh(returnStatus: true, script: 'grep $(docker --context pi502 compose ps | grep ns1 | tail -n1 | awk \'{ print $2 }\') docker-compose.yml')
 
 	  if (status_s != 0) {
-	    sh 'docker --context pi502 compose down'
+	    sh 'docker --context pi502 compose down secondary1'
 	    sh 'sleep 5'
 	  } else {
 	    echo 'skip'
@@ -87,13 +95,13 @@ pipeline {
       }
     }
 
-    stage('Start secondary container') {
+    stage('Start secondary container 1') {
       steps {
 	script {
-	  def status_s = sh(returnStatus: true, script: 'grep $(docker --context pi502 compose ps | tail -n1 | awk \'{ print $2 }\') docker-compose.yml')
+	  def status_s = sh(returnStatus: true, script: 'grep $(docker --context pi502 compose ps | grep ns1 | tail -n1 | awk \'{ print $2 }\') docker-compose.yml')
 
 	  if (status_s != 0) {
-	    sh 'docker --context pi502 compose up -d --no-color secondary'
+	    sh 'docker --context pi502 compose up -d --no-color secondary1'
 	    sh 'docker --context pi502 compose ps'
 	  } else {
 	    echo 'skip'
@@ -102,21 +110,115 @@ pipeline {
       }
     }
 
-    stage('Integration Tests') {
+    stage('Stop secondary container 2') {
       steps {
-        sh 'rm -rf test/results'
-	sh 'mkdir -p test/results/integration'
-        sh 'bats -F junit test/integration/dns/**/*.bat test/integration/dns/**/**/*.bat > test/results/integration/dns.xml'
+	script {
+	  def status_s = sh(returnStatus: true, script: 'grep $(docker --context pi503 compose ps | grep ns2 | tail -n1 | awk \'{ print $2 }\') docker-compose.yml')
+
+	  if (status_s != 0) {
+	    sh 'docker --context pi503 compose down secondary2'
+	    sh 'sleep 5'
+	  } else {
+	    echo 'skip'
+	  }
+	}
       }
     }
-  }
 
-  post {
-    always {
-      archiveArtifacts artifacts: 'test/results/**/*.xml', fingerprint: true
-      junit 'test/results/**/*.xml'
-      sh 'rm -rf test/results'
+    stage('Start secondary container 2') {
+      steps {
+	script {
+	  def status_s = sh(returnStatus: true, script: 'grep $(docker --context pi503 compose ps | grep ns2 | tail -n1 | awk \'{ print $2 }\') docker-compose.yml')
+
+	  if (status_s != 0) {
+	    sh 'docker --context pi503 compose up -d --no-color secondary2'
+	    sh 'docker --context pi503 compose ps'
+	  } else {
+	    echo 'skip'
+	  }
+	}
+      }
     }
+
+    stage('Stop pubdnsdist container 1') {
+      steps {
+	script {
+	  def status = sh(returnStatus: true, script: 'grep $(docker --context pi502 compose ps | grep dnsdist1 | tail -n1 | awk \'{ print $2 }\') docker-compose.yml')
+
+	  if (status != 0) {
+	    sh 'docker --context pi502 compose down pubdnsdist1'
+	    sh 'sleep 5'
+	  } else {
+	    echo 'skip'
+	  }
+	}
+      }
+    }
+
+    stage('Start pubdnsdist container 1') {
+      steps {
+	script {
+	  def status = sh(returnStatus: true, script: 'grep $(docker --context pi502 compose ps | grep dnsdist1 | tail -n1 | awk \'{ print $2 }\') docker-compose.yml')
+
+	  if (status != 0) {
+	    sh 'docker --context pi502 compose up pubdnsdist1 -d'
+	    sh 'docker --context pi502 compose ps'
+            sh 'sleep 3'
+	    sh 'docker --context pi502 compose logs'
+	  } else {
+	    echo 'skip'
+	  }
+	}
+      }
+    }
+
+    stage('Stop pubdnsdist container 2') {
+      steps {
+	script {
+	  def status = sh(returnStatus: true, script: 'grep $(docker --context pi503 compose ps | grep dnsdist2 | tail -n1 | awk \'{ print $2 }\') docker-compose.yml')
+
+	  if (status != 0) {
+	    sh 'docker --context pi503 compose down pubdnsdist2'
+	    sh 'sleep 5'
+	  } else {
+	    echo 'skip'
+	  }
+	}
+      }
+    }
+
+    stage('Start pubdnsdist container 2') {
+      steps {
+	script {
+	  def status = sh(returnStatus: true, script: 'grep $(docker --context pi503 compose ps | grep dnsdist2 | tail -n1 | awk \'{ print $2 }\') docker-compose.yml')
+
+	  if (status != 0) {
+	    sh 'docker --context pi503 compose up pubdnsdist2 -d'
+	    sh 'docker --context pi503 compose ps'
+            sh 'sleep 3'
+	    sh 'docker --context pi503 compose logs'
+	  } else {
+	    echo 'skip'
+	  }
+	}
+      }
+    }
+
+//    stage('Integration Tests') {
+//      steps {
+//        sh 'rm -rf test/results'
+//	sh 'mkdir -p test/results/integration'
+//        sh 'bats -F junit test/integration/dns/**/*.bat test/integration/dns/**/**/*.bat > test/results/integration/dns.xml'
+//      }
+//    }
+//  }
+
+//  post {
+//    always {
+//      archiveArtifacts artifacts: 'test/results/**/*.xml', fingerprint: true
+//      junit 'test/results/**/*.xml'
+//      sh 'rm -rf test/results'
+//    }
   }
 }
 

docker-compose.yml

@@ -15,10 +15,10 @@ networks:
 
 services:
   primary:
-    container_name: ns1
+    container_name: ns0
     build:
       dockerfile: Dockerfile.primary
-    image: docker-registry1.in.thelinuxpro.net:5000/tlp/bind9-primary:250225.0.1
+    image: docker-registry1.in.thelinuxpro.net:5000/tlp/bind9-primary:250225.0.3
     restart: always
     user: root
     environment:
@@ -32,16 +32,41 @@ services:
         #- primary/var/lib/bind:/tmp/bind
     networks:
       pub_dns_net:
-        ipv4_address: 10.99.153.241
+        ipv4_address: 10.99.153.250
           #    command: [ "cp", "-rv", "/tmp/bind/*", "/var/lib/bind/" ]
     deploy:
       placement:
         constraints: [node.role == manager]
-  secondary:
+
+  secondary1:
+    container_name: ns1
+    build:
+      dockerfile: Dockerfile.secondary
+    image: docker-registry1.in.thelinuxpro.net:5000/tlp/bind9-secondary:250225.0.3
+    restart: always
+    user: root
+    environment:
+      - TZ='America/Indianapolis'
+      - BIND9_USER=bind
+        #volumes:
+      #- bind9_logs:/var/named/log
+      #- secondary_var_lib_bind:/var/lib/bind
+      #- ./secondary/var/lib/bind:/var/lib/bind:rw
+      #- ./secondary/etc/bind/named.conf:/etc/bind/named.conf:ro
+        #- secondary/var/lib/bind:/tmp/bind
+    networks:
+      pub_dns_net:
+        ipv4_address: 10.99.153.241
+          #command: [ "cp", "-rv", "/tmp/bind/*", "/var/lib/bind/" ]
+    deploy:
+      placement:
+        constraints: [node.role == worker]
+
+  secondary2:
     container_name: ns2
     build:
       dockerfile: Dockerfile.secondary
-    image: docker-registry1.in.thelinuxpro.net:5000/tlp/bind9-secondary:250225.0.1
+    image: docker-registry1.in.thelinuxpro.net:5000/tlp/bind9-secondary:250225.0.3
     restart: always
     user: root
     environment:
@@ -60,3 +85,31 @@ services:
     deploy:
       placement:
         constraints: [node.role == worker]
+
+  pubdnsdist1:
+    build:
+      dockerfile: Dockerfile.dnsdist
+    container_name: pubdnsdist1
+    image: docker-registry1.in.thelinuxpro.net:5000/tlp/pubdnsdist:250225.0.01
+    networks:
+      dns_local_net:
+        ipv4_address: 10.99.153.251
+    restart: always
+    volumes:
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+      - /etc/resolv.conf:/etc/resolv.conf:ro
+
+  pubdnsdist2:
+    build:
+      dockerfile: Dockerfile.dnsdist
+    container_name: pubdnsdist2
+    image: docker-registry1.in.thelinuxpro.net:5000/tlp/pubdnsdist:250225.0.01
+    networks:
+      dns_local_net:
+        ipv4_address: 10.99.153.252
+    restart: always
+    volumes:
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+      - /etc/resolv.conf:/etc/resolv.conf:ro

primary/etc/bind/named.conf

@@ -22,30 +22,54 @@ options {
 zone "thelinuxpro.net" in {
         type master;
         file "/var/lib/bind/db.thelinuxpro.net";
-	allow-transfer { 10.99.153.242; };
-	also-notify { 10.99.153.242; };
+	allow-transfer {
+	  10.99.153.241;
+	  10.99.153.242;
+	};
+	also-notify {
+	  10.99.153.241;
+	  10.99.153.242;
+	};
 };
 
 zone "in.thelinuxpro.net" in {
         type master;
         file "/var/lib/bind/db.in.thelinuxpro.net";
-	allow-transfer { 10.99.153.242; };
+	allow-transfer {
+	  10.99.153.241;
+	  10.99.153.242;
+	};
+	also-notify {
+	  10.99.153.241;
+	  10.99.153.242;
+	};
 //	allow-query { internal-nets; };
-	also-notify { 10.99.153.242; };
 };
 
 zone "kameronkenny.com" in {
         type master;
         file "/var/lib/bind/db.kameronkenny.com";
-	allow-transfer { 10.99.153.242; };
-	also-notify { 10.99.153.242; };
+	allow-transfer {
+	  10.99.153.241;
+	  10.99.153.242;
+	};
+	also-notify {
+	  10.99.153.241;
+	  10.99.153.242;
+	};
 };
 
 zone "thelinux.pro" in {
         type master;
         file "/var/lib/bind/db.thelinux.pro";
-	allow-transfer { 10.99.153.242; };
-	also-notify { 10.99.153.242; };
+	allow-transfer {
+	  10.99.153.241;
+	  10.99.153.242;
+	};
+	also-notify {
+	  10.99.153.241;
+	  10.99.153.242;
+	};
 };
 
 zone "200.10.in-addr.arpa" in {

primary/var/lib/bind/db.10.200

@@ -1,6 +1,6 @@
 $TTL 3600
 @	IN	SOA	in.thelinuxpro.net. hostmaster.in.thelinuxpro.net. (
-			25022501	 	; serial
+			25022502	 	; serial
 			21600      		; refresh after 6 hours
 			3600       		; retry after 1 hour
 			604800     		; expire after 1 week

primary/var/lib/bind/db.10.99

@@ -1,13 +1,13 @@
 $TTL 3600
 @	IN	SOA	in.thelinuxpro.net. hostmaster.in.thelinuxpro.net. (
-			25022501	 	; serial
+			25022502	 	; serial
 			21600      		; refresh after 6 hours
 			3600       		; retry after 1 hour
 			604800     		; expire after 1 week
 			86400 )    		; minimum TTL of 1 day
 ;
-	IN	NS	ns1.in.thelinuxpro.net.
-	IN	NS	ns2.in.thelinuxpro.net.
+	IN	NS	nsd1.in.thelinuxpro.net.
+	IN	NS	nsd2.in.thelinuxpro.net.
 ;
 51.22	IN	PTR	pi501.in.thelinuxpro.net.
 52.22	IN	PTR	pi502.in.thelinuxpro.net.
@@ -40,3 +40,6 @@ $TTL 3600
 111.23	IN	PTR	sensors.in.thelinuxpor.net.
 241.153	IN	PTR	ns1.in.thelinuxpro.net.
 242.153	IN	PTR	ns2.in.thelinuxpro.net.
+250.153 IN	PTR	ns0.in.thelinuxpro.net.
+251.153 IN	PTR	nsd1.in.thelinuxpro.net.
+252.153 IN	PTR	nsd2.in.thelinuxpro.net.

primary/var/lib/bind/db.in.thelinuxpro.net

@@ -1,21 +1,24 @@
 $TTL 2m
 @       IN      SOA     in.thelinuxpro.net. root.in.thelinuxpro.net. (
-                        25022501	    ; serial, todays date + todays serial #
+                        25022502	    ; serial, todays date + todays serial #
                         1h		    ; refresh, seconds
                         15m		    ; retry, seconds
                         10D		    ; expire, seconds
                         1d		    ; minimum, seconds
 			)
 ;
-			NS      ns1.in.thelinuxpro.net.
-			NS      ns2.in.thelinuxpro.net.
+			NS      nsd1.in.thelinuxpro.net.
+			NS      nsd2.in.thelinuxpro.net.
 ;			MX      10 thelinuxpro.net.  ; Primary Mail Exchanger
 			TXT     "The Linux Pro Internal Net"
 ;
 			IN	A	127.0.0.1
 ;
+ns0			IN	A	10.99.153.250
 ns1			IN	A	10.99.153.241
 ns2			IN	A	10.99.153.242
+nsd1			IN	A	10.99.153.251
+nsd2			IN	A	10.99.153.252
 ;
 pi401			IN	A	10.99.22.61
 pi501			IN	A	10.99.22.51

secondary/etc/bind/named.conf

@@ -21,41 +21,69 @@ options {
 
 zone "thelinuxpro.net" in {
         type secondary;
-        primaries { 10.99.153.241; };
+        primaries { 10.99.153.250; };
+	allow-query {
+	  10.99.153.251;
+	  10.99.153.252;
+	};
 };
 
 zone "kameronkenny.com" in {
         type secondary;
-        primaries { 10.99.153.241; };
+        primaries { 10.99.153.250; };
+	allow-query {
+	  10.99.153.251;
+	  10.99.153.252;
+	};
 };
 
 zone "thelinux.pro" in {
         type secondary;
-        primaries { 10.99.153.241; };
+        primaries { 10.99.153.250; };
+	allow-query {
+	  10.99.153.251;
+	  10.99.153.252;
+	};
 };
 
 zone "in.thelinuxpro.net" in {
         type secondary;
-        primaries { 10.99.153.241; };
+        primaries { 10.99.153.250; };
 //	allow-query { internal-nets; };
+	allow-query {
+	  10.99.153.251;
+	  10.99.153.252;
+	};
 };
 
 zone "200.10.in-addr.arpa" in {
         type secondary;
-        primaries { 10.99.153.241; };
+        primaries { 10.99.153.250; };
 //	allow-query { internal-nets; };
+	allow-query {
+	  10.99.153.251;
+	  10.99.153.252;
+	};
 };
 
 zone "99.10.in-addr.arpa" in {
         type secondary;
-        primaries { 10.99.153.241; };
+        primaries { 10.99.153.250; };
 //	allow-query { internal-nets; };
+	allow-query {
+	  10.99.153.251;
+	  10.99.153.252;
+	};
 };
 
 zone "0.0.127.in-addr.arpa" in {
         type secondary;
-        primaries { 10.99.153.241; };
+        primaries { 10.99.153.250; };
 //	allow-query { internal-nets; };
+	allow-query {
+	  10.99.153.251;
+	  10.99.153.252;
+	};
 };
 
 logging {