RedXen/dns-docker
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add local DNS resolver and ratelimit to open to UDP

Browse Source
This commit is contained in:
caskd 2020-03-02 01:10:50 +01:00
parent 533a005e94
commit 3bab0427fe
No known key found for this signature in database
GPG Key ID: 79DB21404E300A27
4 changed files with 46 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
build/Dockerfile
View File

@ -4,5 +4,6 @@ RUN apk add --no-cache --update unbound ca-certificates
COPY certs/ /usr/local/share/ca-certificates/
RUN update-ca-certificates
ADD unbound.conf /etc/unbound/unbound.conf
ADD redxen-dns.conf /etc/unbound/redxen-dns.conf
ENTRYPOINT ["unbound", "-c", "/etc/unbound/unbound.conf"]
EXPOSE 5353/udp 5353/tcp

42
build/redxen-dns.conf Normal file
View File

@ -0,0 +1,42 @@
server:
local-zone: "redxen.eu." static
local-data: "redxen.eu. 10800 IN NS ns1.redxen.eu"
local-data: "redxen.eu. 10800 IN NS ns2.redxen.eu"
local-data: "redxen.eu. 10800 IN NS ns3.redxen.eu"
local-data: "redxen.eu. 10800 IN NS ns4.redxen.eu"
local-data: "redxen.eu. 10800 IN NS ns5.redxen.eu"
local-data: "redxen.eu. A 88.198.95.52"
local-data: "stats.redxen.eu. A 88.198.95.52"
local-data: "git.redxen.eu. A 88.198.95.52"
local-data: "seed.redxen.eu. A 88.198.95.52"
local-data: "sd.redxen.eu. A 88.198.95.52"
local-data: "ns1.redxen.eu. A 88.198.95.52"
local-data: "redxen.eu. A 88.198.95.107"
local-data: "stats.redxen.eu. A 88.198.95.107"
local-data: "git.redxen.eu. A 88.198.95.107"
local-data: "seed.redxen.eu. A 88.198.95.107"
local-data: "sd.redxen.eu. A 88.198.95.107"
local-data: "ns2.redxen.eu. A 88.198.95.107"
local-data: "redxen.eu. A 88.198.95.106"
local-data: "stats.redxen.eu. A 88.198.95.106"
local-data: "git.redxen.eu. A 88.198.95.106"
local-data: "seed.redxen.eu. A 88.198.95.106"
local-data: "sd.redxen.eu. A 88.198.95.106"
local-data: "ns3.redxen.eu. A 88.198.95.106"
local-data: "redxen.eu. A 88.198.95.100"
local-data: "stats.redxen.eu. A 88.198.95.100"
local-data: "git.redxen.eu. A 88.198.95.100"
local-data: "seed.redxen.eu. A 88.198.95.100"
local-data: "sd.redxen.eu. A 88.198.95.100"
local-data: "ns4.redxen.eu. A 88.198.95.100"
local-data: "redxen.eu. A 88.198.95.63"
local-data: "stats.redxen.eu. A 88.198.95.63"
local-data: "git.redxen.eu. A 88.198.95.63"
local-data: "seed.redxen.eu. A 88.198.95.63"
local-data: "sd.redxen.eu. A 88.198.95.63"
local-data: "ns5.redxen.eu. A 88.198.95.63"

3
build/unbound.conf
View File

@ -1,14 +1,15 @@
include: "/etc/unbound/redxen-dns.conf"
server:
directory: "/etc/unbound"
username: unbound
interface: 0.0.0.0
interface: ::0
do-udp: no
access-control: 0.0.0.0/0 allow
root-hints: root.hints
trust-anchor-file: /usr/share/dnssec-root/trusted-key.key
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
port: 5353
ratelimit: 20
prefetch: yes
prefetch-key: yes
do-daemonize: no

2
dns.yml
View File

@ -30,6 +30,6 @@ services:
- "/etc/hosts:/etc/hosts:ro"
ports:
- "53:5353/tcp"
- "53:5353/udp" # LOCAL NETWORK ONLY, see https://www.us-cert.gov/ncas/alerts/TA14-017A
- "53:5353/udp" # Potentially vulnerable without any ratelimits, see https://www.us-cert.gov/ncas/alerts/TA14-017A
networks:
- backend