net-services
/
pub-dns
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add acls

This commit is contained in:
Kameron Kenny 2024-06-27 20:03:41 -04:00
parent 71b11cdca3
commit 8cba8194b0
No known key found for this signature in database
GPG Key ID: E5006629839D2276
5 changed files with 38 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile.primary
View File

@ -1,6 +1,6 @@
FROM ubuntu/bind9:9.18-22.04_beta FROM ubuntu/bind9:9.18-22.04_beta
LABEL version="20240625.1.1" LABEL version="20240627.1.1"
LABEL description="bind9 primary nameserver" LABEL description="bind9 primary nameserver"
ENV BIND_LIB_DIR=/var/lib/bind ENV BIND_LIB_DIR=/var/lib/bind

2
Dockerfile.secondary
View File

@ -1,6 +1,6 @@
FROM ubuntu/bind9:9.18-22.04_beta FROM ubuntu/bind9:9.18-22.04_beta
LABEL version="20240619.1.1" LABEL version="20240627.1.1"
LABEL description="bind9 secondary nameserver" LABEL description="bind9 secondary nameserver"
ENV BIND_LIB_DIR=/var/lib/bind ENV BIND_LIB_DIR=/var/lib/bind

4
docker-compose.yml
View File

@ -18,7 +18,7 @@ services:
container_name: ns1 container_name: ns1
build: build:
dockerfile: Dockerfile.primary dockerfile: Dockerfile.primary
image: docker-registry1.in.thelinuxpro.net:5000/tlp/bind9-primary:240625.1.1 image: docker-registry1.in.thelinuxpro.net:5000/tlp/bind9-primary:240627.1.1
restart: always restart: always
user: root user: root
environment: environment:
@ -41,7 +41,7 @@ services:
container_name: ns2 container_name: ns2
build: build:
dockerfile: Dockerfile.secondary dockerfile: Dockerfile.secondary
image: docker-registry1.in.thelinuxpro.net:5000/tlp/bind9-secondary:240619.1.1 image: docker-registry1.in.thelinuxpro.net:5000/tlp/bind9-secondary:240627.1.1
restart: always restart: always
user: root user: root
environment: environment:

18
primary/etc/bind/named.conf
View File

@ -1,5 +1,4 @@
options { options {
directory "/var/lib/bind"; directory "/var/lib/bind";
dump-file "/var/log/named_dump.db"; dump-file "/var/log/named_dump.db";
statistics-file "/var/log/named.stats"; statistics-file "/var/log/named.stats";
@ -8,6 +7,19 @@ options {
notify yes; notify yes;
}; };
acl "internal-nets" {
10.200.254.224/27; //Utility_net
10.200.99.192/26; //client_net
10.200.97.224/27; //IoT_net
10.200.17.240/28; //SFDC
10.200.53.240/28; //DNS
172.16.32.224/27; //doorbell-ding-dong (Guest Network)
10.99.153.240/28; //pub_dns
10.99.80.224/27; //pub_web
10.99.22.0/24; //hyporvisors
10.99.23.0/24; //dev_infra
};
zone "thelinuxpro.net" in { zone "thelinuxpro.net" in {
type master; type master;
file "/var/lib/bind/db.thelinuxpro.net"; file "/var/lib/bind/db.thelinuxpro.net";
@ -19,6 +31,7 @@ zone "in.thelinuxpro.net" in {
type master; type master;
file "/var/lib/bind/db.in.thelinuxpro.net"; file "/var/lib/bind/db.in.thelinuxpro.net";
allow-transfer { 10.99.153.242; }; allow-transfer { 10.99.153.242; };
allow-query { internal-nets; };
also-notify { 10.99.153.242; }; also-notify { 10.99.153.242; };
}; };
@ -39,16 +52,19 @@ zone "thelinux.pro" in {
zone "200.10.in-addr.arpa" in { zone "200.10.in-addr.arpa" in {
type master; type master;
file "db.10.200"; file "db.10.200";
allow-query { internal-nets; };
}; };
zone "99.10.in-addr.arpa" in { zone "99.10.in-addr.arpa" in {
type master; type master;
file "db.10.99"; file "db.10.99";
allow-query { internal-nets; };
}; };
zone "0.0.127.in-addr.arpa" in { zone "0.0.127.in-addr.arpa" in {
type master; type master;
file "db.127"; file "db.127";
allow-query { internal-nets; };
}; };
logging { logging {

17
secondary/etc/bind/named.conf
View File

@ -8,6 +8,19 @@ options {
notify yes; notify yes;
}; };
acl "internal-nets" {
10.200.254.224/27; //Utility_net
10.200.99.192/26; //client_net
10.200.97.224/27; //IoT_net
10.200.17.240/28; //SFDC
10.200.53.240/28; //DNS
172.16.32.224/27; //doorbell-ding-dong (Guest Network)
10.99.153.240/28; //pub_dns
10.99.80.224/27; //pub_web
10.99.22.0/24; //hyporvisors
10.99.23.0/24; //dev_infra
};
zone "thelinuxpro.net" in { zone "thelinuxpro.net" in {
type secondary; type secondary;
primaries { 10.99.153.241; }; primaries { 10.99.153.241; };
@ -26,21 +39,25 @@ zone "thelinux.pro" in {
zone "in.thelinuxpro.net" in { zone "in.thelinuxpro.net" in {
type secondary; type secondary;
primaries { 10.99.153.241; }; primaries { 10.99.153.241; };
allow-query { internal-nets; };
}; };
zone "200.10.in-addr.arpa" in { zone "200.10.in-addr.arpa" in {
type secondary; type secondary;
primaries { 10.99.153.241; }; primaries { 10.99.153.241; };
allow-query { internal-nets; };
}; };
zone "99.10.in-addr.arpa" in { zone "99.10.in-addr.arpa" in {
type secondary; type secondary;
primaries { 10.99.153.241; }; primaries { 10.99.153.241; };
allow-query { internal-nets; };
}; };
zone "0.0.127.in-addr.arpa" in { zone "0.0.127.in-addr.arpa" in {
type secondary; type secondary;
primaries { 10.99.153.241; }; primaries { 10.99.153.241; };
allow-query { internal-nets; };
}; };
logging { logging {