commit
8ea9df365e
@ -0,0 +1,79 @@ |
||||
version: "3" |
||||
|
||||
services: |
||||
|
||||
bind9: |
||||
image: internetsystemsconsortium/bind9:9.18 |
||||
container_name: ${BND_CONTAINER_NAME:-bind9} |
||||
restart: ${BND_RESTART:-unless-stopped} |
||||
volumes: |
||||
- ${LOCAL_STACK_DIR:-./vol}/bind9/config:/etc/bind |
||||
- ${LOCAL_STACK_DIR:-./vol}/bind9/cache:/var/cache/bind |
||||
- ${LOCAL_STACK_DIR:-./vol}/bind9/lib:/var/lib/bind |
||||
- ${LOCAL_STACK_DIR:-./vol}/bind9/log:/var/log |
||||
expose: |
||||
- 53/udp |
||||
- 53/tcp |
||||
- 953/tcp |
||||
networks: |
||||
vpcbr: |
||||
ipv4_address: 10.5.0.5 |
||||
|
||||
bind9-lan: |
||||
image: internetsystemsconsortium/bind9:9.18 |
||||
container_name: ${BND_CONTAINER_NAME:-bind9-lan} |
||||
restart: ${BND_RESTART:-unless-stopped} |
||||
volumes: |
||||
- ${LOCAL_STACK_DIR:-./vol}/bind9-lan/config:/etc/bind |
||||
- ${LOCAL_STACK_DIR:-./vol}/bind9-lan/cache:/var/cache/bind |
||||
- ${LOCAL_STACK_DIR:-./vol}/bind9-lan/lib:/var/lib/bind |
||||
- ${LOCAL_STACK_DIR:-./vol}/bind9-lan/log:/var/log |
||||
expose: |
||||
- 53/udp |
||||
- 53/tcp |
||||
- 953/tcp |
||||
networks: |
||||
vpcbr: |
||||
ipv4_address: 10.5.0.6 |
||||
|
||||
bind9-recursor: |
||||
image: internetsystemsconsortium/bind9:9.18 |
||||
container_name: ${BND_CONTAINER_NAME:-bind9-recursor} |
||||
restart: ${BND_RESTART:-unless-stopped} |
||||
volumes: |
||||
- ${LOCAL_STACK_DIR:-./vol}/bind9-recursor/config:/etc/bind |
||||
- ${LOCAL_STACK_DIR:-./vol}/bind9-recursor/cache:/var/cache/bind |
||||
- ${LOCAL_STACK_DIR:-./vol}/bind9-recursor/lib:/var/lib/bind |
||||
- ${LOCAL_STACK_DIR:-./vol}/bind9-recursor/log:/var/log |
||||
expose: |
||||
- 53/udp |
||||
- 53/tcp |
||||
- 953/tcp |
||||
networks: |
||||
vpcbr: |
||||
ipv4_address: 10.5.0.4 |
||||
|
||||
bind9-forwarder: |
||||
image: internetsystemsconsortium/bind9:9.18 |
||||
container_name: ${BND_CONTAINER_NAME:-bind9-forwarder} |
||||
restart: ${BND_RESTART:-unless-stopped} |
||||
volumes: |
||||
- ${LOCAL_STACK_DIR:-./vol}/bind9-forwarder/config:/etc/bind |
||||
- ${LOCAL_STACK_DIR:-./vol}/bind9-forwarder/cache:/var/cache/bind |
||||
- ${LOCAL_STACK_DIR:-./vol}/bind9-forwarder/lib:/var/lib/bind |
||||
- ${LOCAL_STACK_DIR:-./vol}/bind9-forwarder/log:/var/log |
||||
expose: |
||||
- 53/udp |
||||
- 53/tcp |
||||
- 953/tcp |
||||
networks: |
||||
vpcbr: |
||||
ipv4_address: 10.5.0.3 |
||||
|
||||
networks: |
||||
vpcbr: |
||||
driver: bridge |
||||
ipam: |
||||
config: |
||||
- subnet: 10.5.0.0/16 |
||||
gateway: 10.5.0.1 |
@ -0,0 +1,12 @@ |
||||
; |
||||
; BIND reverse data file for broadcast zone |
||||
; |
||||
$TTL 604800 |
||||
@ IN SOA localhost. root.localhost. ( |
||||
1 ; Serial |
||||
604800 ; Refresh |
||||
86400 ; Retry |
||||
2419200 ; Expire |
||||
604800 ) ; Negative Cache TTL |
||||
; |
||||
@ IN NS localhost. |
@ -0,0 +1,13 @@ |
||||
; |
||||
; BIND reverse data file for local loopback interface |
||||
; |
||||
$TTL 604800 |
||||
@ IN SOA localhost. root.localhost. ( |
||||
1 ; Serial |
||||
604800 ; Refresh |
||||
86400 ; Retry |
||||
2419200 ; Expire |
||||
604800 ) ; Negative Cache TTL |
||||
; |
||||
@ IN NS localhost. |
||||
1.0.0 IN PTR localhost. |
@ -0,0 +1,12 @@ |
||||
; |
||||
; BIND reverse data file for broadcast zone |
||||
; |
||||
$TTL 604800 |
||||
@ IN SOA localhost. root.localhost. ( |
||||
1 ; Serial |
||||
604800 ; Refresh |
||||
86400 ; Retry |
||||
2419200 ; Expire |
||||
604800 ) ; Negative Cache TTL |
||||
; |
||||
@ IN NS localhost. |
@ -0,0 +1,14 @@ |
||||
; BIND reverse data file for empty rfc1918 zone |
||||
; |
||||
; DO NOT EDIT THIS FILE - it is used for multiple zones. |
||||
; Instead, copy it, edit named.conf, and use that copy. |
||||
; |
||||
$TTL 86400 |
||||
@ IN SOA localhost. root.localhost. ( |
||||
1 ; Serial |
||||
604800 ; Refresh |
||||
86400 ; Retry |
||||
2419200 ; Expire |
||||
86400 ) ; Negative Cache TTL |
||||
; |
||||
@ IN NS localhost. |
@ -0,0 +1,14 @@ |
||||
; |
||||
; BIND data file for local loopback interface |
||||
; |
||||
$TTL 604800 |
||||
@ IN SOA localhost. root.localhost. ( |
||||
2 ; Serial |
||||
604800 ; Refresh |
||||
86400 ; Retry |
||||
2419200 ; Expire |
||||
604800 ) ; Negative Cache TTL |
||||
; |
||||
@ IN NS localhost. |
||||
@ IN A 127.0.0.1 |
||||
@ IN AAAA ::1 |
@ -0,0 +1,11 @@ |
||||
// This is the primary configuration file for the BIND DNS server named. |
||||
// |
||||
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the |
||||
// structure of BIND configuration files in Debian, *BEFORE* you customize |
||||
// this configuration file. |
||||
// |
||||
// If you are just adding zones, please do that in /etc/bind/named.conf.local |
||||
|
||||
include "/etc/bind/named.conf.options"; |
||||
include "/etc/bind/named.conf.local"; |
||||
include "/etc/bind/named.conf.default-zones"; |
@ -0,0 +1,30 @@ |
||||
// prime the server with knowledge of the root servers |
||||
zone "." { |
||||
type hint; |
||||
file "/usr/share/dns/root.hints"; |
||||
}; |
||||
|
||||
// be authoritative for the localhost forward and reverse zones, and for |
||||
// broadcast zones as per RFC 1912 |
||||
|
||||
zone "localhost" { |
||||
type master; |
||||
file "/etc/bind/db.local"; |
||||
}; |
||||
|
||||
zone "127.in-addr.arpa" { |
||||
type master; |
||||
file "/etc/bind/db.127"; |
||||
}; |
||||
|
||||
zone "0.in-addr.arpa" { |
||||
type master; |
||||
file "/etc/bind/db.0"; |
||||
}; |
||||
|
||||
zone "255.in-addr.arpa" { |
||||
type master; |
||||
file "/etc/bind/db.255"; |
||||
}; |
||||
|
||||
|
@ -0,0 +1,8 @@ |
||||
// |
||||
// Do any local configuration here |
||||
// |
||||
|
||||
// Consider adding the 1918 zones here, if they are not used in your |
||||
// organization |
||||
//include "/etc/bind/zones.rfc1918"; |
||||
|
@ -0,0 +1,24 @@ |
||||
options { |
||||
directory "/var/cache/bind"; |
||||
|
||||
// If there is a firewall between you and nameservers you want |
||||
// to talk to, you may need to fix the firewall to allow multiple |
||||
// ports to talk. See http://www.kb.cert.org/vuls/id/800113 |
||||
|
||||
// If your ISP provided one or more IP addresses for stable |
||||
// nameservers, you probably want to use them as forwarders. |
||||
// Uncomment the following block, and insert the addresses replacing |
||||
// the all-0's placeholder. |
||||
|
||||
// forwarders { |
||||
// 0.0.0.0; |
||||
// }; |
||||
|
||||
//======================================================================== |
||||
// If BIND logs error messages about the root key being expired, |
||||
// you will need to update your keys. See https://www.isc.org/bind-keys |
||||
//======================================================================== |
||||
dnssec-validation auto; |
||||
|
||||
listen-on-v6 { any; }; |
||||
}; |
@ -0,0 +1,20 @@ |
||||
zone "10.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; |
||||
|
||||
zone "16.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; |
||||
zone "17.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; |
||||
zone "18.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; |
||||
zone "19.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; |
||||
zone "20.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; |
||||
zone "21.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; |
||||
zone "22.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; |
||||
zone "23.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; |
||||
zone "24.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; |
||||
zone "25.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; |
||||
zone "26.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; |
||||
zone "27.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; |
||||
zone "28.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; |
||||
zone "29.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; |
||||
zone "30.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; |
||||
zone "31.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; |
||||
|
||||
zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; |
@ -0,0 +1,13 @@ |
||||
; |
||||
; BIND reverse data file for local loopback interface |
||||
; |
||||
$TTL 604800 |
||||
@ IN SOA localhost. root.localhost. ( |
||||
1 ; Serial |
||||
604800 ; Refresh |
||||
86400 ; Retry |
||||
2419200 ; Expire |
||||
604800 ) ; Negative Cache TTL |
||||
; |
||||
@ IN NS localhost. |
||||
1.0.0 IN PTR localhost. |
@ -0,0 +1,56 @@ |
||||
|
||||
acl my_net { |
||||
192.168.2.0/24; |
||||
127.0.0.0/24; |
||||
10.5.0.0/16; |
||||
}; |
||||
|
||||
acl my_other_net { |
||||
172.0.0.0/8; |
||||
}; |
||||
|
||||
options { |
||||
directory "/var/cache/bind"; |
||||
listen-on { any; }; |
||||
listen-on-v6 { none; }; |
||||
|
||||
auth-nxdomain no; # conform to RFC1035 |
||||
|
||||
allow-recursion { |
||||
my_net; |
||||
}; |
||||
blackhole { |
||||
my_other_net; |
||||
}; |
||||
allow-transfer { |
||||
none; |
||||
}; |
||||
allow-update { |
||||
none; |
||||
}; |
||||
dnssec-validation no; |
||||
recursion yes; |
||||
allow-query-cache { any; }; |
||||
version "not available"; // Disable for security |
||||
|
||||
# disable the integrated handling of RFC1918 and non-assigned IPv6 space reverse dns |
||||
empty-zones-enable no; |
||||
|
||||
}; |
||||
|
||||
// the loopback reverse zone |
||||
// why is this needed? |
||||
// - when a reverse DNS lookup for 127.0.0.1 address is received, |
||||
// the recursive server doesn’t have to look somewhere else for |
||||
// the answer. It has to be defined locally |
||||
// since it is just a localhost address |
||||
zone "127.in-addr.arpa" { |
||||
type master; |
||||
file "/etc/bind/db.127"; |
||||
}; |
||||
|
||||
zone "." { |
||||
type forward; |
||||
forward only; |
||||
forwarders { 10.5.0.4; }; |
||||
}; |
@ -0,0 +1,11 @@ |
||||
@ IN SOA a0.dns.nic.lan. hostmaster.nic.lan. ( |
||||
2 ; Serial |
||||
1800 ; Refresh after 30 min |
||||
900 ; Retry after 15 min |
||||
604800 ; Expire after 1 week |
||||
86400 ) ; Minimum TTL of 1 day |
||||
; |
||||
518400 IN NS a0.dns.nic.lan. |
||||
a0.dns.nic 518400 IN A 10.5.0.6 |
||||
|
||||
pippo 172800 IN A 10.0.0.2 |
@ -0,0 +1,23 @@ |
||||
|
||||
options { |
||||
directory "/var/cache/bind"; |
||||
listen-on { any; }; |
||||
#listen-on-v6 { ::1; }; |
||||
allow-recursion { |
||||
none; |
||||
}; |
||||
allow-transfer { |
||||
none; |
||||
}; |
||||
allow-update { |
||||
none; |
||||
}; |
||||
dnssec-validation no; |
||||
recursion no; |
||||
allow-query-cache { none; }; |
||||
}; |
||||
|
||||
zone "lan." { |
||||
type primary; |
||||
file "/etc/bind/lan.zone"; |
||||
}; |
@ -0,0 +1,13 @@ |
||||
; |
||||
; BIND reverse data file for local loopback interface |
||||
; |
||||
$TTL 604800 |
||||
@ IN SOA localhost. root.localhost. ( |
||||
1 ; Serial |
||||
604800 ; Refresh |
||||
86400 ; Retry |
||||
2419200 ; Expire |
||||
604800 ) ; Negative Cache TTL |
||||
; |
||||
@ IN NS localhost. |
||||
1.0.0 IN PTR localhost. |
@ -0,0 +1,57 @@ |
||||
acl my_net { |
||||
192.168.2.0/24; |
||||
127.0.0.0/24; |
||||
10.5.0.0/16; |
||||
}; |
||||
|
||||
acl my_other_net { |
||||
172.0.0.0/8; |
||||
}; |
||||
|
||||
options { |
||||
directory "/var/cache/bind"; |
||||
listen-on { any; }; |
||||
#listen-on-v6 { ::1; }; |
||||
|
||||
auth-nxdomain no; # conform to RFC1035 |
||||
|
||||
allow-recursion { |
||||
my_net; |
||||
}; |
||||
blackhole { |
||||
my_other_net; |
||||
}; |
||||
allow-transfer { |
||||
none; |
||||
}; |
||||
allow-update { |
||||
none; |
||||
}; |
||||
dnssec-validation no; |
||||
recursion yes; |
||||
allow-query-cache { any; }; |
||||
|
||||
# disable the integrated handling of RFC1918 and non-assigned IPv6 space reverse dns |
||||
empty-zones-enable no; |
||||
|
||||
}; |
||||
|
||||
// the loopback reverse zone |
||||
// why is this needed? |
||||
// - when a reverse DNS lookup for 127.0.0.1 address is received, |
||||
// the recursive server doesn’t have to look somewhere else for |
||||
// the answer. It has to be defined locally |
||||
// since it is just a localhost address |
||||
zone "127.in-addr.arpa" { |
||||
type master; |
||||
file "/etc/bind/db.127"; |
||||
}; |
||||
|
||||
|
||||
// recursive/caching name server configuration |
||||
// this will tell named that the IP address of all the root servers are inside |
||||
// the root hints file named named.root |
||||
zone "." { |
||||
type hint; |
||||
file "/etc/bind/named.root"; |
||||
}; |
@ -0,0 +1,20 @@ |
||||
; This file holds the information on root name servers needed to |
||||
; initialize cache of Internet domain name servers |
||||
; (e.g. reference this file in the "cache . <file>" |
||||
; configuration file of BIND domain name servers). |
||||
; |
||||
; This file is made available by InterNIC |
||||
; under anonymous FTP as |
||||
; file /domain/named.cache |
||||
; on server FTP.INTERNIC.NET |
||||
; -OR- RS.INTERNIC.NET |
||||
; |
||||
; last update: January 31, 2022 |
||||
; related version of root zone: 2022013101 |
||||
; |
||||
; FORMERLY NS.INTERNIC.NET |
||||
; |
||||
. 3600000 NS A.ROOT-SERVERS.LOCAL. |
||||
A.ROOT-SERVERS.LOCAL. 3600000 A 10.5.0.5 |
||||
;A.ROOT-SERVERS.LOCAL. 3600000 AAAA 2001:503:ba3e::2:30 |
||||
; End of file |
@ -0,0 +1,9 @@ |
||||
$ORIGIN . |
||||
$TTL 0 ; 0 seconds |
||||
@ IN SOA . . ( |
||||
3 ; serial |
||||
0 ; refresh (0 seconds) |
||||
0 ; retry (0 seconds) |
||||
0 ; expire (0 seconds) |
||||
0 ; minimum (0 seconds) |
||||
) |
Binary file not shown.
@ -0,0 +1,24 @@ |
||||
|
||||
options { |
||||
directory "/var/cache/bind"; |
||||
listen-on { any; }; |
||||
#listen-on-v6 { ::1; }; |
||||
allow-recursion { |
||||
none; |
||||
}; |
||||
allow-transfer { |
||||
none; |
||||
}; |
||||
allow-update { |
||||
none; |
||||
}; |
||||
dnssec-validation no; |
||||
recursion no; |
||||
allow-query-cache { none; }; |
||||
#minimal-any yes; // Closer but not compliant to RFC8482 |
||||
}; |
||||
|
||||
zone "." { |
||||
type primary; |
||||
file "/etc/bind/root.zone"; |
||||
}; |
@ -0,0 +1,16 @@ |
||||
@ IN SOA a.root-servers.local. root.root-servers.local. ( |
||||
2 ; Serial |
||||
1800 ; Refresh after 30 min |
||||
900 ; Retry after 15 min |
||||
604800 ; Expire after 1 week |
||||
86400 ) ; Minimum TTL of 1 day |
||||
; |
||||
. 518400 IN NS a.root-servers.local. |
||||
a.root-servers.local. 518400 IN A 10.5.0.5 |
||||
lan. 172800 IN NS a0.dns.nic.lan. |
||||
a0.dns.nic.lan. 518400 IN A 10.5.0.6 |
||||
|
||||
|
||||
;arpa. 172800 IN NS a.root-servers.local. |
||||
;local. 172800 IN NS a0.dns.nic.local. |
||||
;a0.dns.nic.local. 518400 IN A 192.168.2.19 |
Loading…
Reference in new issue