net-services
/
pub-dns
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add dnsdist for pubdns

This commit is contained in:
Kameron Kenny 2025-02-25 14:17:50 -05:00
parent 9124f51c6d
commit 6b1e014296
8 changed files with 268 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Dockerfile.dnsdist Normal file
View File

@ -0,0 +1,12 @@
FROM docker-registry1.in.thelinuxpro.net:5000/tlp/tlp_ubuntu:latest
RUN apt update && apt upgrade -y
RUN apt install -y dnsdist
RUN apt clean
EXPOSE 53/tcp 53/udp
COPY dnsdist.conf /etc/dnsdist/dnsdist.conf
ENTRYPOINT ["/usr/bin/dnsdist", "--uid", "_dnsdist", "--gid", "_dnsdist"]
CMD ["--supervised"]

134
Jenkinsfile vendored
View File

@ -19,6 +19,7 @@ pipeline {
script { script {
def status_p = sh(returnStatus: true, script: 'docker images | grep bind9-primary | grep $(grep image docker-compose.yml | grep primary | awk -F\':\' \'{ print $4 }\')') def status_p = sh(returnStatus: true, script: 'docker images | grep bind9-primary | grep $(grep image docker-compose.yml | grep primary | awk -F\':\' \'{ print $4 }\')')
def status_s = sh(returnStatus: true, script: 'docker images | grep bind9-secondary | grep $(grep image docker-compose.yml | grep secondary | awk -F\':\' \'{ print $4 }\')') def status_s = sh(returnStatus: true, script: 'docker images | grep bind9-secondary | grep $(grep image docker-compose.yml | grep secondary | awk -F\':\' \'{ print $4 }\')')
def status_d = sh(returnStatus: true, script: 'docker images | grep pubdnsdist | grep $(grep image docker-compose.yml | grep pubdnsdist | awk -F\':\' \'{ print $4 }\')')
if (status_p != 0) { if (status_p != 0) {
sh 'docker compose build primary --push' sh 'docker compose build primary --push'
@ -31,6 +32,12 @@ pipeline {
} else { } else {
echo "Secondary Image version already exists, no need to rebuild." echo "Secondary Image version already exists, no need to rebuild."
} }
if (status_d != 0) {
sh 'docker compose build pubdnsdist --push'
} else {
echo "pubdnsdist Image version already exists, no need to rebuild."
}
} }
} }
} }
@ -69,16 +76,17 @@ pipeline {
stage('Create contexts') { stage('Create contexts') {
steps { steps {
sh 'docker context ls | grep pi502 || docker context create pi502 --docker "host=ssh://pi502.in.thelinuxpro.net"' sh 'docker context ls | grep pi502 || docker context create pi502 --docker "host=ssh://pi502.in.thelinuxpro.net"'
sh 'docker context ls | grep pi503 || docker context create pi503 --docker "host=ssh://pi503.in.thelinuxpro.net"'
} }
} }
stage('Stop secondary container') { stage('Stop secondary container 1') {
steps { steps {
script { script {
def status_s = sh(returnStatus: true, script: 'grep $(docker --context pi502 compose ps | tail -n1 | awk \'{ print $2 }\') docker-compose.yml') def status_s = sh(returnStatus: true, script: 'grep $(docker --context pi502 compose ps | grep ns1 | tail -n1 | awk \'{ print $2 }\') docker-compose.yml')
if (status_s != 0) { if (status_s != 0) {
sh 'docker --context pi502 compose down' sh 'docker --context pi502 compose down secondary1'
sh 'sleep 5' sh 'sleep 5'
} else { } else {
echo 'skip' echo 'skip'
@ -87,13 +95,13 @@ pipeline {
} }
} }
stage('Start secondary container') { stage('Start secondary container 1') {
steps { steps {
script { script {
def status_s = sh(returnStatus: true, script: 'grep $(docker --context pi502 compose ps | tail -n1 | awk \'{ print $2 }\') docker-compose.yml') def status_s = sh(returnStatus: true, script: 'grep $(docker --context pi502 compose ps | grep ns1 | tail -n1 | awk \'{ print $2 }\') docker-compose.yml')
if (status_s != 0) { if (status_s != 0) {
sh 'docker --context pi502 compose up -d --no-color secondary' sh 'docker --context pi502 compose up -d --no-color secondary1'
sh 'docker --context pi502 compose ps' sh 'docker --context pi502 compose ps'
} else { } else {
echo 'skip' echo 'skip'
@ -102,21 +110,115 @@ pipeline {
} }
} }
stage('Integration Tests') { stage('Stop secondary container 2') {
steps { steps {
sh 'rm -rf test/results' script {
sh 'mkdir -p test/results/integration' def status_s = sh(returnStatus: true, script: 'grep $(docker --context pi503 compose ps | grep ns2 | tail -n1 | awk \'{ print $2 }\') docker-compose.yml')
sh 'bats -F junit test/integration/dns/**/*.bat test/integration/dns/**/**/*.bat > test/results/integration/dns.xml'
if (status_s != 0) {
sh 'docker --context pi503 compose down secondary2'
sh 'sleep 5'
} else {
echo 'skip'
}
}
} }
} }
}
post { stage('Start secondary container 2') {
always { steps {
archiveArtifacts artifacts: 'test/results/**/*.xml', fingerprint: true script {
junit 'test/results/**/*.xml' def status_s = sh(returnStatus: true, script: 'grep $(docker --context pi503 compose ps | grep ns2 | tail -n1 | awk \'{ print $2 }\') docker-compose.yml')
sh 'rm -rf test/results'
if (status_s != 0) {
sh 'docker --context pi503 compose up -d --no-color secondary2'
sh 'docker --context pi503 compose ps'
} else {
echo 'skip'
}
}
}
} }
stage('Stop pubdnsdist container 1') {
steps {
script {
def status = sh(returnStatus: true, script: 'grep $(docker --context pi502 compose ps | grep dnsdist1 | tail -n1 | awk \'{ print $2 }\') docker-compose.yml')
if (status != 0) {
sh 'docker --context pi502 compose down pubdnsdist1'
sh 'sleep 5'
} else {
echo 'skip'
}
}
}
}
stage('Start pubdnsdist container 1') {
steps {
script {
def status = sh(returnStatus: true, script: 'grep $(docker --context pi502 compose ps | grep dnsdist1 | tail -n1 | awk \'{ print $2 }\') docker-compose.yml')
if (status != 0) {
sh 'docker --context pi502 compose up pubdnsdist1 -d'
sh 'docker --context pi502 compose ps'
sh 'sleep 3'
sh 'docker --context pi502 compose logs'
} else {
echo 'skip'
}
}
}
}
stage('Stop pubdnsdist container 2') {
steps {
script {
def status = sh(returnStatus: true, script: 'grep $(docker --context pi503 compose ps | grep dnsdist2 | tail -n1 | awk \'{ print $2 }\') docker-compose.yml')
if (status != 0) {
sh 'docker --context pi503 compose down pubdnsdist2'
sh 'sleep 5'
} else {
echo 'skip'
}
}
}
}
stage('Start pubdnsdist container 2') {
steps {
script {
def status = sh(returnStatus: true, script: 'grep $(docker --context pi503 compose ps | grep dnsdist2 | tail -n1 | awk \'{ print $2 }\') docker-compose.yml')
if (status != 0) {
sh 'docker --context pi503 compose up pubdnsdist2 -d'
sh 'docker --context pi503 compose ps'
sh 'sleep 3'
sh 'docker --context pi503 compose logs'
} else {
echo 'skip'
}
}
}
}
// stage('Integration Tests') {
// steps {
// sh 'rm -rf test/results'
// sh 'mkdir -p test/results/integration'
// sh 'bats -F junit test/integration/dns/**/*.bat test/integration/dns/**/**/*.bat > test/results/integration/dns.xml'
// }
// }
// }
// post {
// always {
// archiveArtifacts artifacts: 'test/results/**/*.xml', fingerprint: true
// junit 'test/results/**/*.xml'
// sh 'rm -rf test/results'
// }
} }
} }

63
docker-compose.yml
View File

@ -15,10 +15,10 @@ networks:
services: services:
primary: primary:
container_name: ns1 container_name: ns0
build: build:
dockerfile: Dockerfile.primary dockerfile: Dockerfile.primary
image: docker-registry1.in.thelinuxpro.net:5000/tlp/bind9-primary:250225.0.1 image: docker-registry1.in.thelinuxpro.net:5000/tlp/bind9-primary:250225.0.3
restart: always restart: always
user: root user: root
environment: environment:
@ -32,16 +32,41 @@ services:
#- primary/var/lib/bind:/tmp/bind #- primary/var/lib/bind:/tmp/bind
networks: networks:
pub_dns_net: pub_dns_net:
ipv4_address: 10.99.153.241 ipv4_address: 10.99.153.250
# command: [ "cp", "-rv", "/tmp/bind/*", "/var/lib/bind/" ] # command: [ "cp", "-rv", "/tmp/bind/*", "/var/lib/bind/" ]
deploy: deploy:
placement: placement:
constraints: [node.role == manager] constraints: [node.role == manager]
secondary:
secondary1:
container_name: ns1
build:
dockerfile: Dockerfile.secondary
image: docker-registry1.in.thelinuxpro.net:5000/tlp/bind9-secondary:250225.0.3
restart: always
user: root
environment:
- TZ='America/Indianapolis'
- BIND9_USER=bind
#volumes:
#- bind9_logs:/var/named/log
#- secondary_var_lib_bind:/var/lib/bind
#- ./secondary/var/lib/bind:/var/lib/bind:rw
#- ./secondary/etc/bind/named.conf:/etc/bind/named.conf:ro
#- secondary/var/lib/bind:/tmp/bind
networks:
pub_dns_net:
ipv4_address: 10.99.153.241
#command: [ "cp", "-rv", "/tmp/bind/*", "/var/lib/bind/" ]
deploy:
placement:
constraints: [node.role == worker]
secondary2:
container_name: ns2 container_name: ns2
build: build:
dockerfile: Dockerfile.secondary dockerfile: Dockerfile.secondary
image: docker-registry1.in.thelinuxpro.net:5000/tlp/bind9-secondary:250225.0.1 image: docker-registry1.in.thelinuxpro.net:5000/tlp/bind9-secondary:250225.0.3
restart: always restart: always
user: root user: root
environment: environment:
@ -60,3 +85,31 @@ services:
deploy: deploy:
placement: placement:
constraints: [node.role == worker] constraints: [node.role == worker]
pubdnsdist1:
build:
dockerfile: Dockerfile.dnsdist
container_name: pubdnsdist1
image: docker-registry1.in.thelinuxpro.net:5000/tlp/pubdnsdist:250225.0.01
networks:
dns_local_net:
ipv4_address: 10.99.153.251
restart: always
volumes:
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
- /etc/resolv.conf:/etc/resolv.conf:ro
pubdnsdist2:
build:
dockerfile: Dockerfile.dnsdist
container_name: pubdnsdist2
image: docker-registry1.in.thelinuxpro.net:5000/tlp/pubdnsdist:250225.0.01
networks:
dns_local_net:
ipv4_address: 10.99.153.252
restart: always
volumes:
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
- /etc/resolv.conf:/etc/resolv.conf:ro

40
primary/etc/bind/named.conf
View File

@ -22,30 +22,54 @@ options {
zone "thelinuxpro.net" in { zone "thelinuxpro.net" in {
type master; type master;
file "/var/lib/bind/db.thelinuxpro.net"; file "/var/lib/bind/db.thelinuxpro.net";
allow-transfer { 10.99.153.242; }; allow-transfer {
also-notify { 10.99.153.242; }; 10.99.153.241;
10.99.153.242;
};
also-notify {
10.99.153.241;
10.99.153.242;
};
}; };
zone "in.thelinuxpro.net" in { zone "in.thelinuxpro.net" in {
type master; type master;
file "/var/lib/bind/db.in.thelinuxpro.net"; file "/var/lib/bind/db.in.thelinuxpro.net";
allow-transfer { 10.99.153.242; }; allow-transfer {
10.99.153.241;
10.99.153.242;
};
also-notify {
10.99.153.241;
10.99.153.242;
};
// allow-query { internal-nets; }; // allow-query { internal-nets; };
also-notify { 10.99.153.242; };
}; };
zone "kameronkenny.com" in { zone "kameronkenny.com" in {
type master; type master;
file "/var/lib/bind/db.kameronkenny.com"; file "/var/lib/bind/db.kameronkenny.com";
allow-transfer { 10.99.153.242; }; allow-transfer {
also-notify { 10.99.153.242; }; 10.99.153.241;
10.99.153.242;
};
also-notify {
10.99.153.241;
10.99.153.242;
};
}; };
zone "thelinux.pro" in { zone "thelinux.pro" in {
type master; type master;
file "/var/lib/bind/db.thelinux.pro"; file "/var/lib/bind/db.thelinux.pro";
allow-transfer { 10.99.153.242; }; allow-transfer {
also-notify { 10.99.153.242; }; 10.99.153.241;
10.99.153.242;
};
also-notify {
10.99.153.241;
10.99.153.242;
};
}; };
zone "200.10.in-addr.arpa" in { zone "200.10.in-addr.arpa" in {

2
primary/var/lib/bind/db.10.200
View File

@ -1,6 +1,6 @@
$TTL 3600 $TTL 3600
@ IN SOA in.thelinuxpro.net. hostmaster.in.thelinuxpro.net. ( @ IN SOA in.thelinuxpro.net. hostmaster.in.thelinuxpro.net. (
25022501 ; serial 25022502 ; serial
21600 ; refresh after 6 hours 21600 ; refresh after 6 hours
3600 ; retry after 1 hour 3600 ; retry after 1 hour
604800 ; expire after 1 week 604800 ; expire after 1 week

9
primary/var/lib/bind/db.10.99
View File

@ -1,13 +1,13 @@
$TTL 3600 $TTL 3600
@ IN SOA in.thelinuxpro.net. hostmaster.in.thelinuxpro.net. ( @ IN SOA in.thelinuxpro.net. hostmaster.in.thelinuxpro.net. (
25022501 ; serial 25022502 ; serial
21600 ; refresh after 6 hours 21600 ; refresh after 6 hours
3600 ; retry after 1 hour 3600 ; retry after 1 hour
604800 ; expire after 1 week 604800 ; expire after 1 week
86400 ) ; minimum TTL of 1 day 86400 ) ; minimum TTL of 1 day
; ;
IN NS ns1.in.thelinuxpro.net. IN NS nsd1.in.thelinuxpro.net.
IN NS ns2.in.thelinuxpro.net. IN NS nsd2.in.thelinuxpro.net.
; ;
51.22 IN PTR pi501.in.thelinuxpro.net. 51.22 IN PTR pi501.in.thelinuxpro.net.
52.22 IN PTR pi502.in.thelinuxpro.net. 52.22 IN PTR pi502.in.thelinuxpro.net.
@ -40,3 +40,6 @@ $TTL 3600
111.23 IN PTR sensors.in.thelinuxpor.net. 111.23 IN PTR sensors.in.thelinuxpor.net.
241.153 IN PTR ns1.in.thelinuxpro.net. 241.153 IN PTR ns1.in.thelinuxpro.net.
242.153 IN PTR ns2.in.thelinuxpro.net. 242.153 IN PTR ns2.in.thelinuxpro.net.
250.153 IN PTR ns0.in.thelinuxpro.net.
251.153 IN PTR nsd1.in.thelinuxpro.net.
252.153 IN PTR nsd2.in.thelinuxpro.net.

9
primary/var/lib/bind/db.in.thelinuxpro.net
View File

@ -1,21 +1,24 @@
$TTL 2m $TTL 2m
@ IN SOA in.thelinuxpro.net. root.in.thelinuxpro.net. ( @ IN SOA in.thelinuxpro.net. root.in.thelinuxpro.net. (
25022501 ; serial, todays date + todays serial # 25022502 ; serial, todays date + todays serial #
1h ; refresh, seconds 1h ; refresh, seconds
15m ; retry, seconds 15m ; retry, seconds
10D ; expire, seconds 10D ; expire, seconds
1d ; minimum, seconds 1d ; minimum, seconds
) )
; ;
NS ns1.in.thelinuxpro.net. NS nsd1.in.thelinuxpro.net.
NS ns2.in.thelinuxpro.net. NS nsd2.in.thelinuxpro.net.
; MX 10 thelinuxpro.net. ; Primary Mail Exchanger ; MX 10 thelinuxpro.net. ; Primary Mail Exchanger
TXT "The Linux Pro Internal Net" TXT "The Linux Pro Internal Net"
; ;
IN A 127.0.0.1 IN A 127.0.0.1
; ;
ns0 IN A 10.99.153.250
ns1 IN A 10.99.153.241 ns1 IN A 10.99.153.241
ns2 IN A 10.99.153.242 ns2 IN A 10.99.153.242
nsd1 IN A 10.99.153.251
nsd2 IN A 10.99.153.252
; ;
pi401 IN A 10.99.22.61 pi401 IN A 10.99.22.61
pi501 IN A 10.99.22.51 pi501 IN A 10.99.22.51

42
secondary/etc/bind/named.conf
View File

@ -21,41 +21,69 @@ options {
zone "thelinuxpro.net" in { zone "thelinuxpro.net" in {
type secondary; type secondary;
primaries { 10.99.153.241; }; primaries { 10.99.153.250; };
allow-query {
10.99.153.251;
10.99.153.252;
};
}; };
zone "kameronkenny.com" in { zone "kameronkenny.com" in {
type secondary; type secondary;
primaries { 10.99.153.241; }; primaries { 10.99.153.250; };
allow-query {
10.99.153.251;
10.99.153.252;
};
}; };
zone "thelinux.pro" in { zone "thelinux.pro" in {
type secondary; type secondary;
primaries { 10.99.153.241; }; primaries { 10.99.153.250; };
allow-query {
10.99.153.251;
10.99.153.252;
};
}; };
zone "in.thelinuxpro.net" in { zone "in.thelinuxpro.net" in {
type secondary; type secondary;
primaries { 10.99.153.241; }; primaries { 10.99.153.250; };
// allow-query { internal-nets; }; // allow-query { internal-nets; };
allow-query {
10.99.153.251;
10.99.153.252;
};
}; };
zone "200.10.in-addr.arpa" in { zone "200.10.in-addr.arpa" in {
type secondary; type secondary;
primaries { 10.99.153.241; }; primaries { 10.99.153.250; };
// allow-query { internal-nets; }; // allow-query { internal-nets; };
allow-query {
10.99.153.251;
10.99.153.252;
};
}; };
zone "99.10.in-addr.arpa" in { zone "99.10.in-addr.arpa" in {
type secondary; type secondary;
primaries { 10.99.153.241; }; primaries { 10.99.153.250; };
// allow-query { internal-nets; }; // allow-query { internal-nets; };
allow-query {
10.99.153.251;
10.99.153.252;
};
}; };
zone "0.0.127.in-addr.arpa" in { zone "0.0.127.in-addr.arpa" in {
type secondary; type secondary;
primaries { 10.99.153.241; }; primaries { 10.99.153.250; };
// allow-query { internal-nets; }; // allow-query { internal-nets; };
allow-query {
10.99.153.251;
10.99.153.252;
};
}; };
logging { logging {