Skip to content
Permalink
Browse files

dns-server: Submission of named DNS server working configuration

* Basic, working, easily modifiable LAN DNS server
* Example LAN, .private, and localhost zones
* A, PTR, and CNAME (alias) records
* MX, SPF, DKIM, and DMARC records for email servers
* URI, TXT, and SRV records for Kerberos servers
* Semi-automated initial configuration using LAN setup
  • Loading branch information
essandess authored and mf2k committed Jul 1, 2019
1 parent 5cd5f52 commit 35819b1fb0af7011c7838bab5d37e5f9cee6fa02
@@ -0,0 +1,194 @@
# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4

PortSystem 1.0

name dns-server
# use port:bind9's version as the version number
version 9.14.3
categories net
platforms darwin freebsd sunos
supported_archs noarch
maintainers {ieee.org:s.t.smith @essandess} openmaintainer
license BSD
distfiles

description Domain Name System server configuration
long_description ${description} \
DNS server working configuration for named that provides a basic, \
working, easily modifiable LAN DNS server. The configuration includes \
example LAN, .private, and localhost zones, with example A, PTR, \
and CNAME (alias) records, MX, SPF, DKIM, and DMARC records for email \
servers, and URI, TXT, and SRV records for Kerberos servers. This \
configuration is based upon macOS Server.app's VPN server prior to \
its deprecation in Server.app version 5.8. See `man named`.

homepage https://www.isc.org/

depends_run-append port:bind9

use_configure no

# Network configuration
set named_fullhost [exec /bin/hostname -f]
set named_host [exec /bin/sh -c "echo ${named_fullhost} | /usr/bin/sed -E -e 's|^(\[\[:alnum:\]_-\]+\\.)*((\[\[:alnum:\]_-\]+\\.)\[a-zA-Z0-9-\]{2,24})\\.?|\\1|' | /usr/bin/sed -E -e 's|^(\[\[:alnum:\]_-\]+)\\.?$|\\1|'"]
set named_domaintld [exec /bin/sh -c "echo ${named_fullhost} | /usr/bin/sed -E -e 's|^(\[\[:alnum:\]_-\]+\\.)*((\[\[:alnum:\]_-\]+\\.)\[a-zA-Z0-9-\]{2,24})\\.?|\\2|'"]
set named_domain [exec /bin/sh -c "echo ${named_domaintld} | /usr/bin/sed -E -e 's|^(\[\[:alnum:\]_-\]+)\\.\[a-zA-Z0-9-\]{2,24}\\.?|\\1|'"]
set named_tld [exec /bin/sh -c "echo ${named_domaintld} | /usr/bin/sed -E -e 's|^\[\[:alnum:\]_-\]+\\.(\[a-zA-Z0-9-\]{2,24})\\.?|\\1|'"]
set host_lan_ip_address [exec /bin/sh -c "/sbin/ifconfig `/usr/sbin/netstat -nr | /usr/bin/awk '{ if (\$1 ~/default/) { print \$6} }' | /usr/bin/head -1` | /usr/bin/awk '{ if (\$1 ~/inet\$/) { print \$2} }'"]
set lan_reverse_ip_subnet [exec /bin/sh -c "echo ${host_lan_ip_address} | /usr/bin/sed -E -e 's|(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\$|\\3.\\2.\\1|'"]
set host_lan_reverse_ip_address [exec /bin/sh -c "echo ${host_lan_ip_address} | /usr/bin/sed -E -e 's|(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\$|\\4.\\3.\\2.\\1|'"]
# aribitrary example for client IP address
set client_lan_ip_address [exec /bin/sh -c "echo ${host_lan_ip_address} | /usr/bin/sed -E -e 's|(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\$|\\1.\\2.\\3.201|'"]
set client_lan_reverse_ip_address [exec /bin/sh -c "echo ${client_lan_ip_address} | /usr/bin/sed -E -e 's|(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\\.(\[\[:digit:\]\]{1,3})\$|\\4.\\3.\\2.\\1|'"]

build {}

destroot {
# Ensure needed directories
xinstall -o named -g named -m 755 -d \
${destroot}${prefix}/etc \
${destroot}${prefix}/var/named \
${destroot}${prefix}/var/log/named

# Install and configure the conf file
xinstall -o root -m 644 ${filespath}/named.conf \
${destroot}${prefix}/etc/named.conf.macports
reinplace "s|@PREFIX@|${prefix}|g" \
${destroot}${prefix}/etc/named.conf.macports
reinplace "s|@LAN_REVERSE_IP_SUBNET@|${lan_reverse_ip_subnet}|g" \
${destroot}${prefix}/etc/named.conf.macports
reinplace "s|@domain@|${named_domain}|g" \
${destroot}${prefix}/etc/named.conf.macports
reinplace "s|@tld@|${named_tld}|g" \
${destroot}${prefix}/etc/named.conf.macports

# Install and configure the db files
foreach f "\
db.@LAN_REVERSE_IP_SUBNET@.in-addr.arpa \
db.@domain@.@tld@ \
db.@domain@.private \
localhost.zone \
named.ca \
named.local \
" {
xinstall -o named -g named -m 644 ${filespath}/${f} \
${destroot}${prefix}/var/named/${f}.macports
reinplace "s|@PREFIX@|${prefix}|g" \
${destroot}${prefix}/var/named/${f}.macports
reinplace "s|@host@|${named_host}|g" \
${destroot}${prefix}/var/named/${f}.macports
reinplace "s|@domain@|${named_domain}|g" \
${destroot}${prefix}/var/named/${f}.macports
reinplace "s|@tld@|${named_tld}|g" \
${destroot}${prefix}/var/named/${f}.macports
# case sensitive for Kerberos REALMs
reinplace "s|@HOST@|[string toupper ${named_host}]|g" \
${destroot}${prefix}/var/named/${f}.macports
reinplace "s|@DOMAIN@|[string toupper ${named_domain}]|g" \
${destroot}${prefix}/var/named/${f}.macports
reinplace "s|@TLD@|[string toupper ${named_tld}]|g" \
${destroot}${prefix}/var/named/${f}.macports
reinplace "s|@HOST_LAN_IP_ADDRESS@|${host_lan_ip_address}|g" \
${destroot}${prefix}/var/named/${f}.macports
reinplace "s|@LAN_REVERSE_IP_SUBNET@|${lan_reverse_ip_subnet}|g" \
${destroot}${prefix}/var/named/${f}.macports
reinplace "s|@HOST_LAN_REVERSE_IP_ADDRESS@|${host_lan_reverse_ip_address}|g" \
${destroot}${prefix}/var/named/${f}.macports
reinplace "s|@CLIENT_LAN_IP_ADDRESS@|${client_lan_ip_address}|g" \
${destroot}${prefix}/var/named/${f}.macports
reinplace "s|@CLIENT_LAN_REVERSE_IP_ADDRESS@|${client_lan_reverse_ip_address}|g" \
${destroot}${prefix}/var/named/${f}.macports
}
move ${destroot}${prefix}/var/named/db.@LAN_REVERSE_IP_SUBNET@.in-addr.arpa.macports \
${destroot}${prefix}/var/named/db.${lan_reverse_ip_subnet}.in-addr.arpa.macports
move ${destroot}${prefix}/var/named/db.@domain@.@tld@.macports \
${destroot}${prefix}/var/named/db.${named_domain}.${named_tld}.macports
move ${destroot}${prefix}/var/named/db.@domain@.private.macports \
${destroot}${prefix}/var/named/db.${named_domain}.private.macports

ui_msg "Configuring DNS Server with:
Host ${named_host}
Domain ${named_domain}
TLD ${named_tld}
Host IP Address ${host_lan_ip_address}
Reverse IP Subnet ${lan_reverse_ip_subnet}
This configuration can be changed in the directory\:
${prefix}/var/named
See `man named` for details.
"
}

destroot.keepdirs ${destroot}${prefix}/var/log/named

post-activate {
# copy to actual config files if they don't already exist
if ![file exists ${prefix}/etc/named.conf] {
xinstall -o root -g named -m 644 ${prefix}/etc/named.conf.macports \
${prefix}/etc/named.conf
}
foreach f "\
db.${lan_reverse_ip_subnet}.in-addr.arpa \
db.${named_domain}.${named_tld} \
db.${named_domain}.private \
localhost.zone \
named.ca \
named.local \
" {
if ![file exists ${prefix}/var/named/${f}] {
xinstall -o named -g named -m 644 ${prefix}/var/named/${f}.macports \
${prefix}/var/named/${f}
}
}
if ![file exists ${prefix}/var/named/rndc.key] {
system "${prefix}/sbin/rndc-confgen -A hmac-sha512 -a -c ${prefix}/var/named/rndc.key -u named"
}
}


notes "
DNS Server is configured with\:
Host ${named_host}
Domain ${named_domain}
TLD ${named_tld}
Host IP Address ${host_lan_ip_address}
Reverse IP Subnet ${lan_reverse_ip_subnet}
This configuration can be changed in the directory\:
${prefix}/var/named
See `man named` for details.
Post Installation\:
1. Edit files in the directory ${prefix}/var/named to specify correct DNS
and reverse DNS entries. Example: These two commands should point to
each other\:
host ${named_host} ${host_lan_ip_address}
host ${host_lan_ip_address} ${host_lan_ip_address}
A rndc.key fil is automatically created with the command\:
rndc-confgen -A hmac-sha512 -a -c ${prefix}/var/named/rndc.key -u named
2. It is necessary to launch named with\:
sudo port load bind9
3. DNS cache on macOS is flushed with the commands:
dscacheutil -flushcache ; sudo killall -HUP mDNSResponder ; \\
sudo port reload bind9
4. The DNS server is configured by default to accept requests on port 53
over the LAN. Make sure that this port is not exposed to the open
internet.
"

livecheck.type none
@@ -0,0 +1,10 @@
@LAN_REVERSE_IP_SUBNET@.in-addr.arpa. 10800 IN SOA @LAN_REVERSE_IP_SUBNET@.in-addr.arpa. admin.@LAN_REVERSE_IP_SUBNET@.in-addr.arpa. (
2019033101
3600
900
1209600
86400)
10800 IN NS @host@.@domain@.@tld@.
@HOST_LAN_REVERSE_IP_ADDRESS@.in-addr.arpa. 10800 IN PTR @host@.@domain@.@tld@.
@CLIENT_LAN_REVERSE_IP_ADDRESS@.in-addr.arpa. 10800 IN PTR client1.@domain@.@tld@.
@CLIENT_LAN_REVERSE_IP_ADDRESS@.in-addr.arpa. 10800 IN PTR client2.@domain@.@tld@.
@@ -0,0 +1,46 @@
@domain@.@tld@. 10800 IN SOA @domain@.@tld@. admin.@domain@.@tld@. (
2019033101
3600
900
1209600
86400)
10800 IN NS @host@.@domain@.@tld@.
10800 IN A @HOST_LAN_IP_ADDRESS@
10800 IN MX 10 @domain@.@tld@.
10800 IN MX 20 mail.@domain@.@tld@.

; SPF, DKIM, and DMARC records. The public DNS records must match these.
; 10800 IN TXT "v=spf1 a mx +include:comcast.net -all"
;dkim_rsa2048._domainkey 10800 IN TXT ( "v=DKIM1; k=rsa; "
; "p=public hash line 1"
; "public hash line 2" )
;dkim_ed25519._domainkey 10800 IN TXT "v=DKIM1; k=ed25519; p=public hash"
;_dmarc 10800 IN TXT "v=DMARC1; p=reject; adkim=r; aspf=r; sp=reject; pct=100; rua=mailto:dmarcreports@@domain@.@tld@"

@host@.@domain@.@tld@. 10800 IN A @HOST_LAN_IP_ADDRESS@

; MX records *must* point to A records, not CNAME aliases
mail.@domain@.@tld@. 10800 IN A @HOST_LAN_IP_ADDRESS@
lists.@domain@.@tld@. 10800 IN A @HOST_LAN_IP_ADDRESS@
server.@domain@.@tld@. 10800 IN CNAME @host@.@domain@.@tld@.
www.@domain@.@tld@. 10800 IN CNAME @host@.@domain@.@tld@.
smtp.@domain@.@tld@. 10800 IN CNAME @host@.@domain@.@tld@.

; Kerberos configuration with URI, TXT, and SRV records
;_kerberos.@HOST@.@DOMAIN@.@TLD@. IN URI 10 1 "udp://@host@.@domain@.@tld@"
;_kerberos.@HOST@.@DOMAIN@.@TLD@. IN URI 20 1 "tcp://@host@.@domain@.@tld@"
;_kerberos-master.@HOST@.@DOMAIN@.@TLD@. IN URI 10 1 "udp://@host@.@domain@.@tld@"
;_kerberos-master.@HOST@.@DOMAIN@.@TLD@. IN URI 20 1 "tcp://@host@.@domain@.@tld@"
;_kerberos.@host@.@domain@.@tld@. IN TXT "@HOST@.@DOMAIN@.@TLD@"
;_kerberos-master.@host@.@domain@.@tld@. IN TXT "@HOST@.@DOMAIN@.@TLD@"
;_kerberos._udp.@HOST@.@DOMAIN@.@TLD@. IN SRV 10 1 88 @host@.@domain@.@tld@.
;_kerberos._tcp.@HOST@.@DOMAIN@.@TLD@. IN SRV 10 1 88 @host@.@domain@.@tld@.
;_kerberos._tls._tcp.@HOST@.@DOMAIN@.@TLD@. IN SRV 10 1 88 @host@.@domain@.@tld@.
;_kerberos-master._udp.@HOST@.@DOMAIN@.@TLD@. IN SRV 10 1 749 @host@.@domain@.@tld@.
;_kerberos-master._tcp.@HOST@.@DOMAIN@.@TLD@. IN SRV 10 1 749 @host@.@domain@.@tld@.
;_kerberos-master._tls._tcp.@HOST@.@DOMAIN@.@TLD@. IN SRV 10 1 749 @host@.@domain@.@tld@.

; LAN clients
client1.@domain@.@tld@. 10800 IN A @CLIENT_LAN_IP_ADDRESS@
client2.@domain@.@tld@. 10800 IN A @CLIENT_LAN_IP_ADDRESS@
client2-alias.@domain@.@tld@. 10800 IN CNAME client2.@domain@.@tld@.
@@ -0,0 +1,9 @@
@domain@.private. 10800 IN SOA @domain@.private. admin.@domain@.private. (
2019033101
3600
900
1209600
86400)
10800 IN NS @domain@.private.
10800 IN A @HOST_LAN_IP_ADDRESS@
proxy.@domain@.private. 10800 IN CNAME @domain@.private.
@@ -0,0 +1,11 @@
$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum

1D IN NS @
1D IN A 127.0.0.1
@@ -0,0 +1,88 @@
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.cache
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: Jan 3, 2013
; related version of root zone: 2013010300
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30
;
; FORMERLY NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
;
; FORMERLY C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; FORMERLY TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D
;
; FORMERLY NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; FORMERLY NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F
;
; FORMERLY NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; FORMERLY AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235
;
; FORMERLY NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FE::53
;
; OPERATED BY VERISIGN, INC.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30
;
; OPERATED BY RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1
;
; OPERATED BY ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42
;
; OPERATED BY WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35
; End of File

0 comments on commit 35819b1

Please sign in to comment.
You can’t perform that action at this time.