Kõrgkäigeldav pädev nimeserveri lahendus - NSD

Allikas: Imre kasutab arvutit
Redaktsioon seisuga 23. oktoober 2025, kell 11:13 kasutajalt Imre (arutelu | kaastöö) (→‎Kasulikud lisamatejalid)
Mine navigeerimisribaleMine otsikasti

Sissejuhatus

TODO

Tööpõhimõte

Võrgujoonis

TODO

kus

  • TODO

Fortigate tulemüüri seadistus

TODO

ans-node-01 seadistus

TOSO

ans-node-02 seadistus

TODO

Lahenduse opereerimine

Tsoonide sisu kontrollimine

TODO

Misc

# sysctl -w net.ipv4.conf.ens18.arp_ignore=1
# sysctl -w net.ipv4.conf.ens18.arp_announce=2

# cat /etc/netplan/01-netcfg.yaml 
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
  version: 2
  renderer: networkd
  ethernets:
    ens18:
      dhcp4: no
      dhcp6: no
      accept-ra: no
      addresses:
        - 10.90.16.247/28
        - 2001:cc8::247/64
      nameservers:
          search: [ auul.pri.ee ]
          addresses: [ 10.90.16.245, 10.90.0.12 ]

      routes:
      - to: 0.0.0.0/0
        via: 10.90.16.241
      - to: ::/0
        via: 2001:cc8::241

    ens19:
      dhcp4: no
      dhcp6: no
      accept-ra: no
      addresses:
        - 10.208.16.247/24


  dummy-devices:
    dummy0:
      addresses:
        - 10.90.16.242/32
      link-local: []

Konteiner-põhine lahendus

ChatGPT abiga saavutatud tulemus. Filesysten layout 

nsd/
├── docker-compose.yml
├── Dockerfile
├── nsd.conf
└── zones/
    └── example.test.zone

Dockerfile 

# Base OS
FROM ubuntu:24.04

# Install nsd + tini
RUN apt-get update && \
    apt-get install -y nsd tini && \
    rm -rf /var/lib/apt/lists/*

# Copy configuration and zones
COPY nsd.conf /etc/nsd/nsd.conf
COPY zones /etc/nsd/zones

# Expose DNS ports
EXPOSE 53/tcp 53/udp

# Use tini as init for clean signal handling
ENTRYPOINT ["/usr/bin/tini", "--"]

# Run NSD in the foreground
CMD ["nsd", "-d", "-c", "/etc/nsd/nsd.conf"]

docker-compose.yml 

services:
  nsd:
    build: .
    container_name: nsd
    restart: unless-stopped
    ports:
      - "53:53/tcp"
      - "53:53/udp"
    volumes:
      - ./nsd.conf:/etc/nsd/nsd.conf:ro
      - ./zones:/etc/nsd/zones:ro
    cap_add:
      - NET_BIND_SERVICE     # allow binding to port 53 if non-root
    user: "nsd"              # run as nsd user inside container
    init: true               # enable tini (redundant but safe)

nsd.conf 

server:
    username: nsd
    database: "/var/db/nsd/nsd.db"
    logfile: "/var/log/nsd.log"
    pidfile: "/var/run/nsd.pid"
    port: 53
    verbosity: 2
    zonesdir: "/etc/nsd/zones"

zone:
    name: "example.test"
    zonefile: "example.test.zone"

zones/example.test.zone 

$ORIGIN example.test.
@   3600 IN SOA ns1.example.test. admin.example.test. (
        1       ; serial
        3600    ; refresh
        600     ; retry
        604800  ; expire
        3600 )  ; minimum
    IN NS ns1.example.test.
ns1 IN A 127.0.0.1

Kasulikud lisamatejalid

  • TODO
Pärit leheküljelt "https://www.auul.pri.ee/wiki/index.php?title=Kõrgkäigeldav_pädev_nimeserveri_lahendus_-_NSD&oldid=2638"