RootShell-coder
diff --git a/‎.github/workflows/docker_build.yml‎
Lines changed: 37 additions & 0 deletions b/‎.github/workflows/docker_build.yml‎
Lines changed: 37 additions & 0 deletions
diff --git a/‎.gitignore‎
Lines changed: 0 additions & 1 deletion b/‎.gitignore‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎Dockerfile‎
Lines changed: 17 additions & 15 deletions b/‎Dockerfile‎
Lines changed: 17 additions & 15 deletions
diff --git a/‎README.md‎
Lines changed: 110 additions & 0 deletions b/‎README.md‎
Lines changed: 110 additions & 0 deletions
diff --git a/‎bind/bind.keys‎
Lines changed: 0 additions & 39 deletions b/‎bind/bind.keys‎
Lines changed: 0 additions & 39 deletions
diff --git a/‎bind/dump/.gitkeep‎ b/‎bind/dump/.gitkeep‎
diff --git a/‎bind/master/external/example.com‎
Lines changed: 11 additions & 0 deletions b/‎bind/master/external/example.com‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎bind/master/internal/example.com‎
Lines changed: 11 additions & 0 deletions b/‎bind/master/internal/example.com‎
Lines changed: 11 additions & 0 deletions
@@ -0,0 +1,37 @@
+name: bind9
+
+on:
+  push:
+    branches:
+    -
+      "master"
+
+env:
+  IMAGE_NAME: "bind9"
+  VERSION: "latest"
+jobs:
+  push:
+    name: Build and push to Docker Hub
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout repository
+        uses: actions/checkout@v3
+      -
+        name: Build image
+        run: DOCKER_BUILDKIT=1 docker build . --file Dockerfile -t ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }}
+      -
+        name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Push Image to Docker Hub
+        run: docker push ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }}
+      -
+        name: Tag image
+        run: docker tag ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }} ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:$(date +%Y%m%d)
+      -
+        name: Push tag Image to Docker Hub
+        run: docker push ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:$(date +%Y%m%d)
@@ -1 +0,0 @@
-tmp
@@ -8,26 +8,28 @@ ENV LC_ALL ru_RU.UTF-8
 ENV MUSL_LOCPATH /usr/share/i18n/locales/musl
 
 RUN set -eux; \
-	apk add --no-cache \
-	pwgen \
-	supervisor \
-	bind bind-libs bind-tools bind-dnssec-tools \
-	\
-	musl musl-utils musl-locales \
-	\
-	tzdata patch; \
-	rm -f /var/cache/apk/*; \
-	rm -rf /etc/bind/*
+  apk add --no-cache \
+  pwgen \
+  supervisor \
+  bind bind-libs bind-tools bind-dnssec-tools \
+  \
+  musl musl-utils musl-locales \
+  \
+  tzdata patch; \
+  rm -f /var/cache/apk/*; \
+  rm -rf /etc/bind/*
 
 COPY bind /etc/bind
 COPY supervisor /etc/supervisor
 COPY entrypoint /usr/sbin/entrypoint
 
 RUN set -eux; \
-	mkdir /var/log/named; \
-	chown -R named:named /var/log/named/ /etc/bind/*; \
-	chmod +x /usr/sbin/entrypoint
+  mkdir /var/log/named; \
+  chown -R named:named /var/log/named/ /etc/bind/*; \
+  chmod +x /usr/sbin/entrypoint; \
+  find /etc/bind -name ".gitkeep" -type f -delete
 
-EXPOSE 53 953
+
+VOLUME [ "/etc/bind" ]
+EXPOSE 53 953 8080
 ENTRYPOINT [ "entrypoint" ]
-CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisor/supervisord.conf"]
 
@@ -0,0 +1,110 @@
+# docker bind9
+
+[![bind9](https://github.com/RootShell-coder/docker-bind9/actions/workflows/docker_build.yml/badge.svg?branch=master)](https://github.com/RootShell-coder/docker-bind9/actions/workflows/docker_build.yml)
+
+
+_Split horizon DNS with bind9 and auto update named.root_
+
+`wget https://raw.githubusercontent.com/RootShell-coder/docker-bind9/master/docker-compose.yml`
+
+```yml
+version: '3.9'
+
+networks:
+  named:
+    name: named
+    driver: bridge
+    ipam:
+      driver: default
+      config:
+        - subnet: 172.18.0.0/24
+          gateway: 172.18.0.1
+
+volumes:
+  bind_conf:
+    name: bind_conf
+
+services:
+  bind:
+    image: rootshellcoder/bind9
+    networks:
+      - named
+    volumes:
+      - bind_conf:/etc/bind
+    environment:
+      - TZ=Europe/Moscow
+      - LOCALE=ru_RU
+      - CRON_HINT_FILE='https://www.internic.net/domain/named.root'
+      - CRON_HINT_TIME='0 1 1 * * *'
+    ports:
+      - 8080:8080/tcp
+      - 953:953/tcp
+      - 172.18.0.1:53:53/tcp
+      - 172.18.0.1:53:53/udp
+```
+
+`docker compose up -d`
+
+## external
+
+
+`dig @172.18.0.2 A www.example.com`
+
+```
+; <<>> DiG 9.16.33-RH <<>> @172.18.0.2 A www.example.com
+; (1 server found)
+;; global options: +cmd
+;; Got answer:
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62115
+;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
+;; WARNING: recursion requested but not available
+
+;; OPT PSEUDOSECTION:
+; EDNS: version: 0, flags:; udp: 1232
+; COOKIE: 952b3f0fc7790d800100000063e2e88b5d94b21e949f3fa0 (good)
+;; QUESTION SECTION:
+;www.example.com.               IN      A
+
+;; ANSWER SECTION:
+www.example.com.        600     IN      A       172.18.0.2
+
+;; Query time: 1 msec
+;; SERVER: 172.18.0.2#53(172.18.0.2)
+;; WHEN: Wed Feb 08 03:10:51 MSK 2023
+;; MSG SIZE  rcvd: 88
+
+```
+
+## internal
+
+`docker ps`
+
+```
+CONTAINER ID   IMAGE     COMMAND        CREATED         STATUS         PORTS                                                                                                                            NAMES
+5e3ac0fffef2   bind      "entrypoint"   8 seconds ago   Up 7 seconds   0.0.0.0:953->953/tcp, :::953->953/tcp, 172.18.0.1:53->53/tcp, 172.18.0.1:53->53/udp, 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp   bind-bind-1
+```
+`docker exec -ti 5e sh`
+
+`dig @127.0.0.1 A www.example.com`
+```
+; <<>> DiG 9.18.11 <<>> @127.0.0.1 A www.example.com
+; (1 server found)
+;; global options: +cmd
+;; Got answer:
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18309
+;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
+
+;; OPT PSEUDOSECTION:
+; EDNS: version: 0, flags:; udp: 1232
+; COOKIE: 4d85bbef62daa5060100000063e2e77396f1603a0441514d (good)
+;; QUESTION SECTION:
+;www.example.com.               IN      A
+
+;; ANSWER SECTION:
+www.example.com.        600     IN      A       127.0.0.1
+
+;; Query time: 0 msec
+;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
+;; WHEN: Wed Feb 08 03:06:11 MSK 2023
+;; MSG SIZE  rcvd: 88
+```
@@ -1,42 +1,3 @@
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# SPDX-License-Identifier: MPL-2.0
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-# The bind.keys file is used to override the built-in DNSSEC trust anchors
-# which are included as part of BIND 9.  The only trust anchors it contains
-# are for the DNS root zone (".").  Trust anchors for any other zones MUST
-# be configured elsewhere; if they are configured here, they will not be
-# recognized or used by named.
-#
-# To use the built-in root key, set "dnssec-validation auto;" in the
-# named.conf options, or else leave "dnssec-validation" unset.  If
-# "dnssec-validation" is set to "yes", then the keys in this file are
-# ignored; keys will need to be explicitly configured in named.conf for
-# validation to work.  "auto" is the default setting, unless named is
-# built with "configure --disable-auto-validation", in which case the
-# default is "yes".
-#
-# This file is NOT expected to be user-configured.
-#
-# Servers being set up for the first time can use the contents of this file
-# as initializing keys; thereafter, the keys in the managed key database
-# will be trusted and maintained automatically.
-#
-# These keys are current as of Mar 2019.  If any key fails to initialize
-# correctly, it may have expired.  In that event you should replace this
-# file with a current version.  The latest version of bind.keys can always
-# be obtained from ISC at https://www.isc.org/bind-keys.
-#
-# See https://data.iana.org/root-anchors/root-anchors.xml for current trust
-# anchor information for the root zone.
-
 trust-anchors {
         # This key (20326) was published in the root zone in 2017.
         . initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
 
@@ -0,0 +1,11 @@
+$ORIGIN example.com.
+$TTL  600
+@         IN  SOA ns.example.com. noc.example.com. (
+                        1       ; serial
+                        10800   ; refresh (3 hours)
+                        600     ; retry (10 minutes)
+                        1209600 ; expire (2 weeks)
+                        3600 )  ; minimum (1 hour)
+@         IN      NS      ns.example.com.
+ns        IN      A       172.18.0.2
+www       IN      A       172.18.0.2
@@ -0,0 +1,11 @@
+$ORIGIN example.com.
+$TTL  600
+@         IN  SOA ns.example.com. noc.example.com. (
+                        1       ; serial
+                        10800   ; refresh (3 hours)
+                        600     ; retry (10 minutes)
+                        1209600 ; expire (2 weeks)
+                        3600 )  ; minimum (1 hour)
+@         IN      NS      ns.example.com.
+ns        IN      A       127.0.0.1
+www       IN      A       127.0.0.1