add nsd service

2025-01-20 19:24:44 +01:00 · 2025-01-20 19:24:44 +01:00 · 7ab7a6e958
commit 7ab7a6e958
parent 9ecbd6f59d
3 changed files with 67 additions and 6 deletions
--- a/compose.yaml
+++ b/compose.yaml
@ -48,9 +48,9 @@ services:
    build:
      dockerfile: knot.Containerfile
    ports:
-      - "[::1]:42053:53/udp"
-      - "[::1]:42053:53/tcp"
-      - "[::1]:42853:853/udp"
+      - "[::1]:42053:42053/udp"
+      - "[::1]:42053:42053/tcp"
+      - "[::1]:42853:42853/udp"
    volumes:
      - ./data/reg/:/srv/servnest/reg/:rw
      - ./data/ns/:/srv/servnest/ns/:rw
@ -68,13 +68,15 @@ services:
    build:
      dockerfile: knot.Containerfile
    ports:
-      - "[::1]:42054:53/udp"
-      - "[::1]:42054:53/tcp"
-      - "[::1]:42854:853/udp"
+      - "[::1]:42054:42053/udp"
+      - "[::1]:42054:42053/tcp"
+      - "[::1]:42854:42853/udp"
    volumes:
      - ./data/knot-secondary/:/var/lib/knot/:rw
      - ./logs/knot-secondary/:/var/log/knot/:rw
      - ./sock/knot-secondary/:/run/knot/:rw
+    profiles:
+      - secondary
    networks:
      snet:
        ipv4_address: 10.5.0.52
@ -183,6 +185,29 @@ services:
    networks:
      snet:
        ipv4_address: 10.5.0.56
+  nsd:
+    image: a.invalid/servnest/nsd
+    extends:
+      file: base.yaml
+      service: base
+    build:
+      dockerfile: nsd.Containerfile
+    depends_on:
+      - knot
+    ports:
+      - "[::1]:42055:42053/udp"
+      - "[::1]:42055:42053/tcp"
+    volumes:
+      - ./conf/nsd.conf:/etc/nsd/nsd.conf:ro
+      - ./data/nsd/:/var/lib/nsd/:rw
+      - ./tmp/nsd-run/:/run/:rw
+      - ./tmp/nsd/:/var/db/nsd/:rw
+    mem_limit: 48mb
+    profiles:
+      - secondary
+    networks:
+      snet:
+        ipv4_address: 10.5.0.53
 networks:
  snet:
    driver: bridge
--- a/conf/nsd.conf
+++ b/conf/nsd.conf
@ -0,0 +1,31 @@
+server:
+	ip-address: ::@42053
+	ip-address: 0.0.0.0@42053
+	zonesdir: "/var/lib/nsd"
+	hide-identity: yes
+	version: ""
+	username: ""
+	pidfile: ""
+	verbosity: 9
+
+remote-control:
+	control-enable: yes
+	control-interface: /run/nsd/nsd.control.sock
+
+pattern:
+	name: "member-zone-config"
+	request-xfr: 10.5.0.51 primary-to-secondary.
+	allow-notify: 10.5.0.51 primary-to-secondary.
+
+key:
+	name: "primary-to-secondary."
+	algorithm: "hmac-sha256"
+	secret: "9bgNHmA4DwDnuxbvEicCx432UZafPVEIKbv3XUAbPZQ="
+
+zone:
+	name: "servnest.test.invalid"
+	catalog: consumer
+	catalog-member-pattern: "member-zone-config"
+	request-xfr: 10.5.0.51 primary-to-secondary.
+	allow-notify: 10.5.0.51 primary-to-secondary.
+	#allow-query: BLOCKED
--- a/nsd.Containerfile
+++ b/nsd.Containerfile
@ -0,0 +1,5 @@
+FROM a.invalid/servnest/alpine
+RUN apk add nsd knot-utils strace tini
+RUN mkdir /var/lib/nsd
+USER nsd
+CMD ["tini", "--", "nsd", "-d"]