Release v0.12

[cytopia]

Allow for multiple wildcards, extra hosts as well as fix DNSSEC #7

Available Docker image for this PR

docker pull cytopia/bind:release-0.12

Additional features

• Decreased Docker layers down to 8
• Decreased Image size down to 56 MB

Optional environmental variables

Variable	Type	Default	Description
DEBUG_ENTRYPOINT	bool	0	Show shell commands executed during start. Values: 0, 1 or 2
DOCKER_LOGS	bool	0	Set to 1 to log info and queries to Docker logs.
WILDCARD_DNS	string		Add one or more tld's, domains or subdomains as catch-all for a specific IP address or CNAME. Reverse DNS is optional and can also be specified.
EXTRA_HOSTS	string		Add one or more hosts (CNAME: tld's, domains, subdomains) to map to a specific IP address or CNAME. Reverse DNS is optional and can also be specified.
DNSSEC_VALIDATE	string	no	Control the behaviour of DNSSEC validation. The default is to not validate: no. Other possible values are: yes and auto.
DNS_FORWARDER	string		Specify a comma separated list of IP addresses as custom DNS resolver. This is useful if your LAN already has a DNS server which adds custom/internal domains and you still want to keep them in this DNS server Example: DNS_FORWARDER=8.8.8.8,8.8.4.4
TTL_TIME	int	3600	(Time in seconds) See BIND TTL and BIND SOA
REFRESH_TIME	int	1200	(Time in seconds) See BIND SOA
RETRY_TIME	int	180	(Time in seconds) See BIND SOA
EXPIRY_TIME	int	1209600	(Time in seconds) See BIND SOA
MAX_CACHE_TIME	int	10800	(Time in seconds) See BIND SOA

DEBUG_ENTRYPOINT

• If set to 0, only warnings and errors are shown
• If set to 1, info, warnings and errors are shown
• If set to 2, info, warnings and errors are shown, as well as commands executed during startup

DOCKER_LOGS

• If set to 0, no additional logging is done during run-time
• If set to 1, BIND is more verbose during run-time and shows asked queries as well as general information

WILDCARD_DNS

The WILDCARD_DNS option allows you to specify one or more multiple catch-all DNS zones which can either
be a full TLD, a domain or any kind of subdomain. It allows you to map your catch-all to a specific
IP address or even a CNAME (if it is resolvable by public DNS servers). Optionally you can also assign
the reverse DNS name (PTR record).

The general format is as follows, whereas the string in square brackets it optional and responsible
for the reverse DNS (PTR records):

# Structure
WILDCARD_DNS='tld1=1.1.1.1[=tld],tld2=2.2.2.2[=tld2]'
WILDCARD_DNS='tld1=CNAME1[=tld],tld2=CNAME2[=tld2]'

Some examples:

# 1. One entry:
# The following catches all queries to *.tld and redirects them to 192.168.0.1
WILDCARD_DNS='tld=192.168.0.1'

# 2. Two entries:
# The following catches all queries to *.tld and redirects them to 192.168.0.1
# As well as all queries from *.example.org and redirects them to 192.168.0.2
WILDCARD_DNS='tld=192.168.0.1,example.org=192.168.0.2'

# 3. Using CNAME's for resolving:
# The following catches all queries to *.tld and redirects them to whatever
# IP example.org resolved to
WILDCARD_DNS='tld=example.org'

# 4. Adding reverse DNS:
# The following catches all queries to *.tld and redirects them to 192.168.0.1
# As well as adding reverse DNS from 192.168.0.1 to resolve to tld
WILDCARD_DNS='tld=192.168.0.1=tld'

# 5. Complex example
# The following catches all queries to *.tld and redirects them to whatever
# IP example.org resolved to. Additionally it adds a reverse DNS record from example.org's
# IP to resolve to tld (PTR record)
# It also adds another catch-all for the subdomain of *.cytopia.tld which will point to 192.168.0.1
# Including a reverse DNS record back to cytopia.tld
WILDCARD_DNS='tld=example.org=tld,cytopia.tld=192.168.0.1=cytopia.tld'

EXTRA_HOSTS

The EXTRA_HOSTS option almost works like the WILDCARD_DNS option, except that no wildcard is added,
but rather exactly the host you have specified.

This is useful if you want to add extra hosts to your setup just like the Docker Compose option
extra_hosts

# Structure
EXTRA_HOSTS='host1=1.1.1.1[=host1],host2=2.2.2.2[=host2]'
EXTRA_HOSTS='host1=CNAME1[=host1],host2=CNAME2[=host2]'

Some examples:

# 1. One entry:
# The following extra host 'tld' is added and will always point to 192.168.0.1.
# When reverse resolving '192.168.0.1' it will answer with 'tld'.
EXTRA_HOSTS='tld=192.168.0.1'

# 2. One entry:
# The following extra host 'my.host' is added and will always point to 192.168.0.1.
# When reverse resolving '192.168.0.1' it will answer with 'my.host'.
EXTRA_HOSTS='my.host=192.168.0.1'

# 3. Two entries:
# The following extra host 'tld' is added and will always point to 192.168.0.1.
# When reverse resolving '192.168.0.1' it will answer with 'tld'.
# A second extra host 'example.org' is added and always redirects to 192.168.0.2
# When reverse resolving '192.168.0.2' it will answer with 'example.org'.
EXTRA_HOSTS='tld=192.168.0.1,example.org=192.168.0.2'

# 4. Using CNAME's for resolving:
# The following extra host 'my.host' is added and will always point to whatever
# IP example.org resolves to.
# When reverse resolving '192.168.0.1' it will answer with 'my.host'.
EXTRA_HOSTS='my.host=example.org'

# 5. Adding reverse DNS:
# The following extra host 'my.host' is added and will always point to whatever
# IP example.org resolves to.
# As well as adding reverse DNS from 192.168.0.1 to resolve to tld
EXTRA_HOSTS='tld=192.168.0.1=tld'

DNSSEC_VALIDATE

The DNSSEC_VALIDATE variable defines the DNSSEC validation. Default is to not validate (no).
Possible values are:

• yes - DNSSEC validation is enabled, but a trust anchor must be manually configured. No validation will actually take place.
• no - DNSSEC validation is disabled, and recursive server will behave in the "old fashioned" way of performing insecure DNS lookups, until you have manually configured at least one trusted key.
• auto - DNSSEC validation is enabled, and a default trust anchor (included as part of BIND) for the DNS root zone is used.

DNS_FORWARDER

By default this dockerized BIND is not acting as a DNS forwarder, so it will not have any external
DNS available. In order to apply external DNS forwarding, you will have to specify one or more external
DNS server. This could be the one's from google for example (8.8.8.8 and 8.8.4.4) or any others
you prefer. In case your LAN has its own DNS server with already defined custom DNS records that you
need to make available, you should use them.

# Structure (comma separated list of IP addresses)
DNS_FORWARDER='8.8.8.8,8.8.4.4'

Some examples

DNS_FORWARDER='8.8.8.8'
DNS_FORWARDER='8.8.8.8,192.168.0.10'

TTL_TIME

Specify time in seconds.
For more information regarding this setting, see BIND TTL and BIND SOA

REFRESH_TIME

Specify time in seconds.
For more information regarding this setting, see BIND SOA

RETRY_TIME

Specify time in seconds.
For more information regarding this setting, see BIND SOA

EXPIRY_TIME

Specify time in seconds.
For more information regarding this setting, see BIND SOA

MAX_CACHE_TIME

Specify time in seconds.
For more information regarding this setting, see BIND SOA