Permalink
Browse files

added content. Local integrated config and self-contained service config

  • Loading branch information...
1 parent 8c763c6 commit 94431bab521c86088eef9cf78aeafd17d0a09f33 @markllama committed Mar 23, 2012
View
@@ -1,6 +1,6 @@
BIND Local service
-Copyright 2011, Mark Lamourine <markllama@gmail.com>
+Copyright 2012, Mark Lamourine <markllama@gmail.com>
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
View
2 README
@@ -13,7 +13,7 @@ This software was written and tested on Fedora 16, but is adaptable to any
Linux system which can run ISC BIND 9 and which uses dhclient and SELinux.
------------------------------------------------------------------------
-Copyright 2011, Mark Lamourine <markllama@gmail.com>
+Copyright 2012, Mark Lamourine <markllama@gmail.com>
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
View
@@ -0,0 +1,55 @@
+#!/bin/sh
+#
+# Copyright 2012, Mark Lamourine <markllama@gmail.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# -------------------------------------------------------------------------
+#
+# This file is sourced using (.) by /sbin/dhclient-script after the eth0
+# interface is brought up.
+#
+# The code here creates a file named /var/named/forwarders.conf containing
+# the nameservers listed in the DHCP response.
+# This allows the local named to properly respond to queries for both local
+# and remote zones.
+
+# The environment is inherited from the context in the dhclient-script at the
+# time when this file is sourced.
+
+# The file operations here require the dhcpnamedforward SELinux module to
+# succeed. If the file write fails, check that the policy is loaded.
+#
+
+FORWARD_CONF=${FORWARD_CONF:="/var/named/forwarders.conf"}
+
+if [ -n "$new_domain_name_servers" ]
+then
+ # remove the localhost reference if it's provided
+ NAME_SERVER_LIST=`echo ${new_domain_name_servers} | sed -e 's/127.0.0.1 *// ; s/ / ; /g'`
+
+ cat > ${FORWARD_CONF} <<EOF
+// created by /etc/dhcp/dhclient-up-hooks
+// set named forwarders from the DHCP supplied name server list
+forwarders { ${NAME_SERVER_LIST} ; } ;
+EOF
+
+ logmessage "set forwarders: ${NAME_SERVER_LIST}"
+
+ # reload the named configuration if needed
+ if service named status 2>&1 >/dev/null
+ then
+ service named reload
+ fi
+else
+ logmessage "no new name servers provided by DHCP"
+fi
View
@@ -0,0 +1,3 @@
+# prepend localhost for DNS lookup in dev and test
+# still bypassing local DNS - MAL 20120302
+prepend domain-name-servers 127.0.0.1;
View
@@ -0,0 +1,197 @@
+#!/bin/sh
+#
+# Copyright 2012, Mark Lamourine <markllama@gmail.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# -------------------------------------------------------------------------
+#
+
+# named-local init
+# named-local start
+# named-local status
+# named-local stop
+# named-local clean
+# named-local reset
+
+# options: -l: where to find init file copies
+# options: -r: where to put the running copies
+
+# Where to get the init files from
+NAMED_LOCAL_LIB=${NAMED_LOCAL_LIB:="/usr/share/bind-local"}
+# Where to put them to work
+NAMED_LOCAL_DIR=.
+
+# The requirements to run a local named are:
+# named.conf
+# example.com.key
+# example.com.db
+#
+
+
+#
+# Prepare a to run a named
+#
+function init() {
+ echo "init"
+ # copy named.conf
+ cp ${NAMED_LOCAL_LIB}/named.conf ${NAMED_LOCAL_DIR}
+ # copy example.com.db
+ cp ${NAMED_LOCAL_LIB}/example.com.db.init ${NAMED_LOCAL_DIR}/example.com.db
+}
+
+function start() {
+ echo "start"
+ if [ ! -f ${NAMED_LOCAL_DIR}/named.pid ]
+ then
+ OPWD=`pwd`
+ cd ${NAMED_LOCAL_DIR}
+ /usr/sbin/named -4 -c ${NAMED_LOCAL_DIR}/named.conf
+ cd $OPWD
+ else
+ echo "${NAMED_LOCAL_DIR}/named.pid found: is there a named running?"
+ exit 1
+ fi
+}
+
+function stop() {
+ echo "stop"
+ if [ -f ${NAMED_LOCAL_DIR}/named.pid ]
+ then
+ PID=`cat ${NAMED_LOCAL_DIR}/named.pid`
+ kill $PID
+ else
+ echo "${NAMED_LOCAL_DIR}/named.pid is not found. Is there a named running?"
+ fi
+}
+
+function status() {
+ echo "status"
+ if [ -f ${NAMED_LOCAL_DIR}/named.pid ]
+ then
+ PID=`cat ${NAMED_LOCAL_DIR}/named.pid`
+ ps --no-heading -p $PID
+ else
+ echo no named.pid found
+ exit 1
+ fi
+}
+
+function clean() {
+ echo "clean"
+ if [ ! -f ${NAMED_LOCAL_DIR}/named.pid ]
+ then
+ rm -f ${NAMED_LOCAL_DIR}/named.conf
+ rm -f ${NAMED_LOCAL_DIR}/example.com.db
+ rm -f ${NAMED_LOCAL_DIR}/example.com.db.jnl
+ rm -f ${NAMED_LOCAL_DIR}/named.log
+ rm -f ${NAMED_LOCAL_DIR}/named.session.key
+ else
+ echo "$NAMED_LOCAL_DIR/named.pid exists: Is there a named running?"
+ fi
+}
+
+function reset() {
+ echo "reset"
+ stop
+ clean
+ init
+}
+
+function usage() {
+ echo "
+usage $0 [options] [command]
+
+options:
+
+ -r <dir>: where to put the config and log files for the daemon
+ defaults to CWD
+
+ -l <dir>: where to get the initial config files
+ defaults to /usr/share/bind-local
+
+commands:
+
+ start: start the local named
+
+ stop: stop the local named
+
+ status: get the PID and process information for a running named
+
+ init: copy initial config files to the daemon "root"
+
+ clean: remove config files and logs
+
+ reset: clean and re-initialize the local daemon
+"
+
+}
+
+
+while getopts l:r: OPT
+do
+ case "$OPT" in
+ l)
+ NAMED_LOCAL_LIB="$OPTARG"
+ ;;
+
+ r)
+ NAMED_LOCAL_DIR="$OPTARG"
+ ;;
+
+ *)
+ echo "Invalid argument: $OPT"
+ usage
+ exit 1
+ ;;
+ esac
+done
+if [ $OPTIND -gt 1 ]
+then
+ shift $(($OPTIND-1))
+fi
+
+ACTION=$1
+
+case $ACTION in
+
+ "start")
+ start
+ ;;
+
+ "stop")
+ stop
+ ;;
+
+ "status")
+ status
+ ;;
+
+ "init")
+ init
+ ;;
+
+ "clean")
+ clean
+ ;;
+
+ "reset")
+ reset
+ ;;
+
+ *)
+ echo "invalid command $ACTION"
+ usage
+ exit 1
+ ;;
+esac
+
@@ -0,0 +1 @@
+example.com. IN KEY 0 3 157 H6NDDnTbNpcBrUM5c4BJtohyK2uuZ5Oi6jxg3ME+RJsNl5Wl2B87oL12 YxWUR3Gp7FdZQojTKBSfs5ZjghYxGw==
@@ -0,0 +1,7 @@
+Private-key-format: v1.3
+Algorithm: 157 (HMAC_MD5)
+Key: H6NDDnTbNpcBrUM5c4BJtohyK2uuZ5Oi6jxg3ME+RJsNl5Wl2B87oL12YxWUR3Gp7FdZQojTKBSfs5ZjghYxGw==
+Bits: AAA=
+Created: 20120208182548
+Publish: 20120208182548
+Activate: 20120208182548
@@ -0,0 +1,52 @@
+// named.conf
+//
+// See /usr/share/doc/bind*/sample/ for example named configuration files.
+//
+// This file configures a local named to allow dynamic updates of the
+// example.com zone while passing through all other queries.
+//
+// It is derived from the /etc/named.conf provided as part of the bind RPM
+//
+options {
+ listen-on port 53 { 127.0.0.1; };
+ listen-on port 953 { 127.0.0.1; };
+ listen-on-v6 port 53 { ::1; };
+ directory "/var/named";
+ dump-file "/var/named/data/cache_dump.db";
+ statistics-file "/var/named/data/named_stats.txt";
+ memstatistics-file "/var/named/data/named_mem_stats.txt";
+ allow-query { localhost; };
+ recursion yes;
+
+ /* Path to ISC DLV key */
+ bindkeys-file "/etc/named.iscdlv.key";
+
+ // set forwarding to the next nearest server (from DHCP response
+ forward only;
+ include "forwarders.conf";
+};
+
+logging {
+ channel default_debug {
+ file "data/named.run";
+ severity dynamic;
+ };
+};
+
+// use the default rndc key
+include "/etc/rndc.key";
+
+controls {
+ inet 127.0.0.1 port 953
+ allow { 127.0.0.1; } keys { "rndc-key"; };
+};
+
+include "/etc/named.rfc1912.zones";
+
+include "example.com.key";
+
+zone "example.com" IN {
+ type master;
+ file "dynamic/example.com.db";
+ allow-update { key example.com ; } ;
+};
@@ -0,0 +1,15 @@
+;
+; A sample empty zone file for example.com as indicated by RFC 2606
+;
+$ORIGIN .
+$TTL 1 ; 1 seconds (for testing only)
+example.com IN SOA ns1.example.com. hostmaster.example.com. (
+ 2011112904 ; serial
+ 60 ; refresh (1 minute)
+ 15 ; retry (15 seconds)
+ 1800 ; expire (30 minutes)
+ 10 ; minimum (10 seconds)
+ )
+ NS ns1.example.com.
+$ORIGIN example.com.
+ns1 A 127.0.0.1
@@ -0,0 +1,5 @@
+// DO NOT USE THIS IN A REAL SITE
+key example.com {
+ algorithm HMAC-MD5;
+ secret "H6NDDnTbNpcBrUM5c4BJtohyK2uuZ5Oi6jxg3ME+RJsNl5Wl2B87oL12YxWUR3Gp7FdZQojTKBSfs5ZjghYxGw==";
+};
Oops, something went wrong.

0 comments on commit 94431ba

Please sign in to comment.