Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support bind zone transfer / notify - hidden master #36

Open
DerDanilo opened this issue Feb 11, 2023 · 0 comments
Open

Support bind zone transfer / notify - hidden master #36

DerDanilo opened this issue Feb 11, 2023 · 0 comments

Comments

@DerDanilo
Copy link

DerDanilo commented Feb 11, 2023
edited
Loading

Thanks for the tool. It basically works fine. But we don't want to run a public DNS server for various reasons. It's quiet easy to run it as "hidden master" though if ones domain provider supports this. But this needs to be supported by your implementation.

Usually one only has map the named.conf.local file in the docker-compose.yml but this doesn't seem to work as the application throws always an error:

dnserr - The APP not sinc bind

Docker container seems to run fine and name resolution also seems to work. But for some reason your app refused to push updated to the zone.

    volumes:
       - ./data/bind-data:/var/cache/bind
       - ./data/named.conf.local:/etc/bind/named.conf.local

root@ddns01:/opt/PyDDNS/data# cat named.conf.local 
//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "ddns.domain.com" IN {
    type master;
    file "/var/cache/bind/ddns.domain.com.zone";
    journal "/var/cache/bind/ddns.domain.com.zone.jnl";
    update-policy local;
    notify yes;
    also-notify { 1.2.3.4; };
    allow-transfer { 1.2.3.4; };
};

What am I missing?

Update:

        type master;
        file "ddns.domain.com.zone";
        journal "ddns.domain.com.zone.jnl";
        notify yes;
        allow-query { any; };
        also-notify { 1.2.3.4;; };
        allow-transfer { 1.2.3.4;; };
        allow-update { localhost; };

The following seems to work. But for this to work fine I've had to reconfigure all container to network_mode: host.

I also have had to change the hardcoded hostname ddns in

PyDDNS/appdata/pyddns/pyddns/views.py

Line 371 in c4c8c7d

resolver.nameservers=[socket.gethostbyname('ddns')]
to 'localhost'.

Using port 8000 for the nginx container and also for the pythin container was quiet confusing as well.

Maybe we can figure out a way that doesn't require to expose all ports to the host itself while supporting hidden master setups.

Would it be enough to set allow-query { any; }; to allow-query { localhost; }; ? Does pyddns need to query strings?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@DerDanilo