cmsj · October 5, 2023 23:02
diff --git a/config.yaml b/config.yaml
 ---
 providers:
  config:
    class: octodns.provider.yaml.YamlProvider
    directory: /config/
    default_ttl: 3600
    enforce_order: True
  route53:
    class: octodns_route53.Route53Provider
    access_key_id: env/AWS_ACCESS_KEY_ID
    secret_access_key: env/AWS_SECRET_ACCESS_KEY
  bind:
    class: octodns_bind.Rfc2136Provider
    host: bind
    port: 53
    ipv6: False
    timeout: 15
    key_name: env/AXFR_KEY_NAME
    key_secret: env/AXFR_KEY_SECRET
    key_algorithm: hmac-sha256

 zones:
  tenshu.net.:
    sources:
      - route53
    targets:
      - config
      - bind
diff --git a/dns.yaml b/dns.yaml
 networks:
  dns:
    external: false
    driver: bridge
    name: dns

 services:
  ofelia:
    hostname: dns-ofelia
    image: mcuadros/ofelia
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    command: daemon --docker
    labels:
      com.centurylinklabs.watchtower.enable: "true"
      ofelia.job-run.octodns.schedule: "@every 10m"
      ofelia.job-run.octodns.container: "dns-octodns-1" # Run octodns container every 10m so it syncs from Route53
      ofelia.job-exec.bindsync.schedule: "@every 1m"
      ofelia.job-exec.bindsync.command: "rndc sync -clean" # Flush bind journal files to zone files every minute
      ofelia.job-exec.bindsync.container: "dns-bind-1"

  bind:
    hostname: bind
    image: ubuntu/bind9:9.18-22.04_beta # This tag needs to be manually updated
    restart: unless-stopped
    networks:
      - dns
    ports:
      - "10.0.88.10:53:53/udp"
      - "10.0.88.10:53:53/tcp"
    volumes:
      - /srv/ssdtank/docker/bind/config/named.conf:/etc/bind/named.conf
      - /srv/ssdtank/docker/bind/data:/var/cache/bind
      - /srv/ssdtank/docker/bind/records:/var/lib/bind
    environment:
      TZ: "Europe/London"
    labels:
      com.centurylinklabs.watchtower.enable: "true"

  octodns:
    hostname: octodns
    image: octodns/octodns:2023.10 # This tag needs to be manually updated
    command: octodns-sync --config-file /config/config.yaml --doit
    networks:
      - dns
    volumes:
      - /srv/ssdtank/docker/octodns/config:/config
    environment:
      AWS_ACCESS_KEY_ID: "blah"
      AWS_SECRET_ACCESS_KEY: "hunter2"
      AXFR_KEY_NAME: 'octodns.tenshu.net.'
      AXFR_KEY_SECRET: 'hunter3'
    labels:
      com.centurylinklabs.watchtower.enable: "true"
diff --git a/named.conf b/named.conf
 key octodns.tenshu.net. {
        algorithm hmac-sha256;
        secret "hunter3";
 };

 options {
        directory "/var/cache/bind";
        listen-on { any; };
        allow-recursion {
                any;
        };
        allow-transfer {
                none;
        };
        allow-update {
                none;
        };
 };

 zone "tenshu.net." {
        type master;
        notify no;
        file "/var/lib/bind/db.tenshu.net";
        allow-transfer { key octodns.tenshu.net.; };
        allow-update { key octodns.tenshu.net.; };
 };
	---
	providers:
	config:
	class: octodns.provider.yaml.YamlProvider
	directory: /config/
	default_ttl: 3600
	enforce_order: True
	route53:
	class: octodns_route53.Route53Provider
	access_key_id: env/AWS_ACCESS_KEY_ID
	secret_access_key: env/AWS_SECRET_ACCESS_KEY
	bind:
	class: octodns_bind.Rfc2136Provider
	host: bind
	port: 53
	ipv6: False
	timeout: 15
	key_name: env/AXFR_KEY_NAME
	key_secret: env/AXFR_KEY_SECRET
	key_algorithm: hmac-sha256

	zones:
	tenshu.net.:
	sources:
	- route53
	targets:
	- config
	- bind
	networks:
	dns:
	external: false
	driver: bridge
	name: dns

	services:
	ofelia:
	hostname: dns-ofelia
	image: mcuadros/ofelia
	restart: unless-stopped
	volumes:
	- /var/run/docker.sock:/var/run/docker.sock
	command: daemon --docker
	labels:
	com.centurylinklabs.watchtower.enable: "true"
	ofelia.job-run.octodns.schedule: "@every 10m"
	ofelia.job-run.octodns.container: "dns-octodns-1" # Run octodns container every 10m so it syncs from Route53
	ofelia.job-exec.bindsync.schedule: "@every 1m"
	ofelia.job-exec.bindsync.command: "rndc sync -clean" # Flush bind journal files to zone files every minute
	ofelia.job-exec.bindsync.container: "dns-bind-1"

	bind:
	hostname: bind
	image: ubuntu/bind9:9.18-22.04_beta # This tag needs to be manually updated
	restart: unless-stopped
	networks:
	- dns
	ports:
	- "10.0.88.10:53:53/udp"
	- "10.0.88.10:53:53/tcp"
	volumes:
	- /srv/ssdtank/docker/bind/config/named.conf:/etc/bind/named.conf
	- /srv/ssdtank/docker/bind/data:/var/cache/bind
	- /srv/ssdtank/docker/bind/records:/var/lib/bind
	environment:
	TZ: "Europe/London"
	labels:
	com.centurylinklabs.watchtower.enable: "true"

	octodns:
	hostname: octodns
	image: octodns/octodns:2023.10 # This tag needs to be manually updated
	command: octodns-sync --config-file /config/config.yaml --doit
	networks:
	- dns
	volumes:
	- /srv/ssdtank/docker/octodns/config:/config
	environment:
	AWS_ACCESS_KEY_ID: "blah"
	AWS_SECRET_ACCESS_KEY: "hunter2"
	AXFR_KEY_NAME: 'octodns.tenshu.net.'
	AXFR_KEY_SECRET: 'hunter3'
	labels:
	com.centurylinklabs.watchtower.enable: "true"
	key octodns.tenshu.net. {
	algorithm hmac-sha256;
	secret "hunter3";
	};

	options {
	directory "/var/cache/bind";
	listen-on { any; };
	allow-recursion {
	any;
	};
	allow-transfer {
	none;
	};
	allow-update {
	none;
	};
	};

	zone "tenshu.net." {
	type master;
	notify no;
	file "/var/lib/bind/db.tenshu.net";
	allow-transfer { key octodns.tenshu.net.; };
	allow-update { key octodns.tenshu.net.; };
	};