https://github.com/labbsr0x/bindman-dns-bind9

This project defines a Bindman DNS Manager responsible for receiving DNS updates from clients and updating DNS Server rules with nsupdate commands
https://github.com/labbsr0x/bindman-dns-bind9

bind9 bindman dns hacktoberfest nameserver

Last synced: 3 days ago
JSON representation

This project defines a Bindman DNS Manager responsible for receiving DNS updates from clients and updating DNS Server rules with nsupdate commands

• Host: GitHub
• URL: https://github.com/labbsr0x/bindman-dns-bind9
• Owner: labbsr0x
• License: mit
• Created: 2018-10-26T14:36:33.000Z (about 6 years ago)
• Default Branch: master
• Last Pushed: 2020-04-27T19:50:27.000Z (over 4 years ago)
• Last Synced: 2024-08-01T13:29:34.905Z (3 months ago)
• Topics: bind9, bindman, dns, hacktoberfest, nameserver
• Language: Go
• Homepage:
• Size: 10.5 MB
• Stars: 23
• Watchers: 18
• Forks: 11
• Open Issues: 4
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md

Awesome Lists containing this project

README

        
# Bindman DNS

[![Docker Pulls](https://img.shields.io/docker/pulls/labbsr0x/bindman-dns-bind9.svg)](https://hub.docker.com/r/labbsr0x/bindman-dns-bind9)

![Build Status](https://travis-ci.com/labbsr0x/bindman-dns-bind9.svg?branch=master)

[![Go Report Card](https://goreportcard.com/badge/github.com/labbsr0x/bindman-dns-bind9)](https://goreportcard.com/report/github.com/labbsr0x/bindman-dns-bind9)

This repository defines the component that manages Bind9 DNS Server instances.

NSUpdate commands get dispatched from REST API calls defined in the bindman webhook project [Bindman DNS Webhook](https://github.com/labbsr0x/bindman-dns-webhook).

## Configuration

The bindman is setup with the help of environment variables and volume mapping in the following way: 

### Volume Mapping

A store of records being managed is needed. Hence, a `/data` volume must be mapped to the host. There, we also expect to find the `.private` and `.key` files for secure communication with the actual `nameserver`

### Environment variables

1. `mandatory` **BINDMAN_NAMESERVER_ADDRESS**: address of the nameserver that an instance of a Bindman will manage

2. `mandatory` **BINDMAN_NAMESERVER_KEY_FILE**: the zone keyfile name that will be used to authenticate with the nameserver. **MUST** be inside the `/data` volume

3. `mandatory` **BINDMAN_NAMESERVER_ZONE**: the name of the zone a bindman-dns-bind9 instance is able to manage;

4. `optional` **BINDMAN_NAMESERVER_PORT**: custom port for communication with the nameserver; defaults to `53`

5. `optional` **BINDMAN_DNS_TTL**: the dns recording rule expiration time (or time-to-live). By default, the TTL is **3600 seconds**.

6. `optional` **BINDMAN_DNS_REMOVAL_DELAY**: the delay in minutes to be applied to the removal of an DNS entry. The default is 10 minutes. This is to guarantee that in fact the removal should be processed.

7. `optional` **BINDMAN_DEBUG**: let the runtime know if the DEBUG mode is activated; useful for debugging the intermediary files created for sending `nsupdate` commands. Possible values: `false|true`. Empty defaults to `false`.

## Secure communication

On the `/keys` folder of the `bind` service, you will find the keys that enable secure communication between the manager and the Bind9 Server for the `test.com` zone.

For now, we support only `dnssec-keygen` generated keys. We used the following commands for the `test.com` zone:

```

dnssec-keygen -a HMAC-MD5 -b 512 -n HOST test.com

```

[Go here](http://www.firewall.cx/linux-knowledgebase-tutorials/system-and-network-services/831-linux-bind-ipadd-data-file.html) to understand a bit more about how to properly configure your BIND DNS server.

## How to Run locally

This repository also comes with an example. Just go to your terminal and type:

```shell script

$ docker-compose up

```

This will launch two services:

1. a bind9 DNS;

2. a bindman-dns-bind9;

With these two services running, you can make a request to the Bindman manager endpoints using [Postman](https://www.postman.com) (you can import the collection with the `bindman-dns-bind9.postman_collection.json` file) or by [cURL](https://curl.haxx.se) commands with the examples below.

1. **Records All**

```shell script

$ curl --location --request GET \

    'http://localhost:7070/records'

```

2. **Record By Query**

```shell script

$ curl --location --request GET \

    'http://localhost:7070/records/hello.test.com/A'

```

3. **Add Record**

```shell script

$ curl --location --request POST \

    'http://localhost:7070/records' \

    --header 'Accept-Encoding: application/json' \

    --header 'Content-Type: text/plain' \

    --data-raw '{

        "name": "hello.test.com",

        "value": "127.0.0.1",

        "type": "A"

    }'

```

4. **Update Record**

```shell script

$ curl --location --request PUT \

    'http://localhost:7070/records' \

    --header 'Accept-Encoding: application/json' \

    --header 'Content-Type: text/plain' \

    --data-raw '{

        "name": "hello.test.com", 

        "value": "192.168.0.1", 

        "type": "A"

    }'

```

5. **Remove Record**

```shell script

$ curl --location --request DELETE \

    'http://localhost:7070/records/hello.test.com/A'

```