Skip to content

Commit 23a42e4

Browse files
cytopiacytopia
committedMar 16, 2022
Update Docker entrypoint
·
0.350.27
1 parent 250d867 commit 23a42e4

File tree

1 file changed

+292
-230
lines changed

1 file changed

+292
-230
lines changed
 

‎data/docker-entrypoint.sh

+292-230
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ fi
1212

1313
####################################################################################################
1414
###
15-
### (1/5) VARIABLES
15+
### (1/6) VARIABLES
1616
###
1717
####################################################################################################
1818

@@ -24,6 +24,28 @@ NAMED_DIR="/etc/bind"
2424
NAMED_CONF="${NAMED_DIR}/named.conf"
2525
NAMED_OPT_CONF="${NAMED_DIR}/named.conf.options"
2626
NAMED_LOG_CONF="${NAMED_DIR}/named.conf.logging"
27+
NAMED_CUST_CONF="${NAMED_DIR}/custom/conf"
28+
NAMED_CUST_ZONE="${NAMED_DIR}/custom/zone"
29+
30+
mkdir -p "${NAMED_CUST_CONF}"
31+
mkdir -p "${NAMED_CUST_ZONE}"
32+
33+
34+
###
35+
### FQDN of primary nameserver.
36+
### Defaults to current hostname if not otherwise specified.
37+
### When overwriting, use an FQDN by which this container is reachable.
38+
### http://rscott.org/dns/soa.html
39+
###
40+
DEFAULT_MNAME="$( hostname -A | sed 's/\s$//g' | xargs -0 )"
41+
42+
43+
###
44+
### Contact Email
45+
### All dot characters '.' must be escaped with an backslash '\'
46+
### The actual @ character must be an unescaped dot character '.'
47+
###
48+
DEFAULT_RNAME="admin.${DEFAULT_MNAME}"
2749

2850

2951
###
@@ -46,7 +68,7 @@ DEFAULT_MAX_CACHE_TIME=10800
4668

4769
####################################################################################################
4870
###
49-
### (2/5) HELPER FUNCTIONS
71+
### (2/6) HELPER FUNCTIONS
5072
###
5173
####################################################################################################
5274

@@ -88,10 +110,12 @@ log() {
88110
log_file() {
89111
local filename="${1}"
90112

113+
echo
91114
printf "%0.s-" {1..80}; echo
92115
echo "${filename}"
93116
printf "%0.s-" {1..80}; echo
94117
cat "${filename}"
118+
printf "%0.s^" {1..80}; echo
95119
}
96120

97121

@@ -230,7 +254,7 @@ is_address_match_list() {
230254

231255
####################################################################################################
232256
###
233-
### (3/5) ACTION FUNCTIONS
257+
### (3/6) ACTION FUNCTIONS
234258
###
235259
####################################################################################################
236260

@@ -247,13 +271,17 @@ add_options() {
247271
local forwarders="${3}"
248272
local allow_query="${4}"
249273
local allow_recursion="${5}"
274+
local response_policy="${6}"
250275

251276
{
252277
echo "options {"
253278
echo " directory \"/var/cache/bind\";"
254279
echo " dnssec-validation ${dnssec_validate};"
255280
echo " auth-nxdomain no; # conform to RFC1035"
256281
echo " listen-on-v6 { any; };"
282+
if [ -n "${response_policy}" ]; then
283+
echo " response-policy { zone \"${response_policy}\"; };"
284+
fi
257285
if [ -n "${forwarders}" ]; then
258286
echo " forwarders {"
259287
printf "%s" "${forwarders}"
@@ -278,150 +306,180 @@ add_options() {
278306
}
279307

280308

281-
# Add wildcard DNS zone.
282-
#
283-
# @param domain Domain name to create zone for.
284-
# @param address IP address to point all records to.
285-
# @param config_file Configuration file path.
286-
# @param wildcard 1: Enable wildcard, 0: Normal host
287-
# @param reverse String of reverse DNS name or empty for no reverse DNS
288-
# @param debug_level
289-
add_wildcard_zone() {
290-
# DNS setting variables
291-
local domain="${1}"
292-
local address="${2}"
293-
local conf_file="${3}"
294-
local wildcard="${4}"
295-
local reverse="${5}"
296-
# DNS time variables
297-
local ttl_time="${6}"
298-
local refresh_time="${7}"
299-
local retry_time="${8}"
300-
local expiry_time="${9}"
301-
local max_cache_time="${10}"
302-
# Debug level for log function
303-
local debug_level="${11}"
304-
305-
306-
local reverse_addr
307-
local reverse_octet
308-
local conf_path
309-
local zone_file
310-
local zone_rev_file
311-
local serial
312-
313-
# IP address octets
314-
local o1
315-
local o2
316-
local o3
317-
local o4
309+
###
310+
### Add Reverse zone
311+
###
312+
add_rev_zone() {
313+
# Zone variables
314+
local addr="${1}" # A.B.C.D
315+
local name="${2}" # Domain / FQDN
316+
local zone="${3}" # C.B.A.in-addr.arpa
317+
local ptr="${4}" # D.C.B.A.in-addr.arpa
318318

319-
# Extract IP address octets
320-
o1="$( echo "${address}" | awk -F '.' '{print $1}' )"
321-
o2="$( echo "${address}" | awk -F '.' '{print $2}' )"
322-
o3="$( echo "${address}" | awk -F '.' '{print $3}' )"
323-
o4="$( echo "${address}" | awk -F '.' '{print $4}' )"
324-
325-
reverse_addr="${o3}.${o2}.${o1}"
326-
reverse_octet="${o4}"
327-
conf_path="$( dirname "${conf_file}" )"
328-
zone_file="${conf_file}.zone"
329-
zone_rev_file="${conf_file}.zone.reverse"
319+
# DNS timing variables
320+
local ttl_time="${5}"
321+
local refresh_time="${6}"
322+
local retry_time="${7}"
323+
local expiry_time="${8}"
324+
local max_cache_time="${9}"
325+
local serial
330326
serial="$( date +'%s' )"
331327

332-
# Create config directory if it does not yet exist
333-
if [ ! -d "${conf_path}" ]; then
334-
mkdir -p "${conf_path}"
335-
fi
328+
local debug_level="${10}"
336329

337-
# Config
338-
{
339-
echo "zone \"${domain}\" IN {"
340-
echo " type master;"
341-
echo " allow-transfer { any; };"
342-
echo " allow-update { any; };"
343-
echo " file \"${zone_file}\";"
344-
echo "};"
345-
if [ -n "${reverse}" ]; then
346-
echo "zone \"${reverse_addr}.in-addr.arpa\" {"
330+
# Config file
331+
if [ ! -f "${NAMED_CUST_CONF}/${zone}.conf" ]; then
332+
{
333+
echo "zone \"${zone}\" {"
347334
echo " type master;"
348335
echo " allow-transfer { any; };"
349336
echo " allow-update { any; };"
350-
echo " file \"${zone_rev_file}\";"
337+
echo " file \"${NAMED_CUST_ZONE}/${zone}\";"
351338
echo "};"
352-
fi
353-
} > "${conf_file}"
339+
} > "${NAMED_CUST_CONF}/${zone}.conf"
354340

355-
# Output configuration file
356-
log_file "${conf_file}"
341+
# Append config to bind
342+
echo "include \"${NAMED_CUST_CONF}/${zone}.conf\";" >> "${NAMED_CONF}"
343+
fi
357344

358-
# Forward Zone
359-
{
360-
echo "\$TTL ${ttl_time}"
361-
echo "@ IN SOA ${domain}. root.${domain}. ("
362-
echo " ${serial} ; Serial number of zone file"
363-
echo " ${refresh_time} ; Refresh time"
364-
echo " ${retry_time} ; Retry time in case of problem"
365-
echo " ${expiry_time} ; Expiry time"
366-
echo " ${max_cache_time} ) ; Maximum caching time in case of failed lookups"
367-
echo ";"
368-
echo " IN NS ns1.${domain}."
369-
echo " IN NS ns2.${domain}."
370-
echo " IN A ${address}"
371-
echo ";"
372-
echo "ns1 IN A ${address}"
373-
echo "ns2 IN A ${address}"
374-
if [ "${wildcard}" -eq "1" ]; then
375-
echo "* IN A ${address}"
345+
# Reverse zone file
346+
if [ ! -f "${NAMED_CUST_ZONE}/${zone}" ]; then
347+
{
348+
printf "\$TTL %s\n" "${ttl_time}"
349+
printf "%-29s IN SOA %s %s (\n" "@" "${DEFAULT_MNAME}." "${DEFAULT_RNAME}."
350+
printf "%-44s %-15s; Serial number\n" "" "${serial}"
351+
printf "%-44s %-15s; Refresh time\n" "" "${refresh_time}"
352+
printf "%-44s %-15s; Retry time\n" "" "${retry_time}"
353+
printf "%-44s %-15s; Expiry time\n" "" "${expiry_time}"
354+
printf "%-44s %-15s; Negative Cache TTL\n" "" "${max_cache_time}"
355+
echo ")"
356+
echo
357+
echo "; NS Records"
358+
printf "%-29s IN NS %-20s\n" "${zone}." "${DEFAULT_MNAME}."
359+
echo
360+
echo "; PTR Records"
361+
printf "%-29s IN PTR %-20s %s\n" "${ptr}." "${name}." "; ${addr}"
362+
363+
} > "${NAMED_CUST_ZONE}/${zone}"
364+
else
365+
{
366+
printf "%-29s IN PTR %-20s %s\n" "${ptr}." "${name}." "; ${addr}"
367+
} >> "${NAMED_CUST_ZONE}/${zone}"
368+
fi
369+
370+
# Validate .conf file
371+
if ! output="$( named-checkconf "${NAMED_CUST_CONF}/${zone}.conf" 2>&1 )"; then
372+
log "err" "Configuration failed." "${debug_level}"
373+
if [ -n "${output}" ]; then
374+
echo "${output}"
375+
fi
376+
log_file "${NAMED_CUST_CONF}/${zone}.conf"
377+
exit 1
378+
elif [ "${debug_level}" -gt "1" ]; then
379+
if [ -n "${output}" ]; then
380+
echo "${output}"
381+
fi
382+
fi
383+
# Validate reverze zone file
384+
if ! output="$( named-checkzone "${zone}" "${NAMED_CUST_ZONE}/${zone}" 2>&1 )"; then
385+
log "err" "Configuration failed." "${debug_level}"
386+
if [ -n "${output}" ]; then
387+
echo "${output}"
376388
fi
377-
} > "${zone_file}"
389+
log_file "${NAMED_CUST_ZONE}/${zone}"
390+
exit 1
391+
elif [ "${debug_level}" -gt "1" ]; then
392+
if [ -n "${output}" ]; then
393+
echo "${output}"
394+
fi
395+
fi
396+
}
378397

379-
# Output configuration file
380-
log_file "${zone_file}"
381398

382-
# Reverse Zone
383-
if [ -n "${reverse}" ]; then
399+
###
400+
### Add Forward zone (response policy zone)
401+
###
402+
add_fwd_zone() {
403+
# Zone variables
404+
local domain="${1}" # The domain to translate
405+
local record="${2}" # The record type (A, CNAME, etc)
406+
local target="${3}" # The target to translate domain to
407+
408+
# DNS timing variables
409+
local ttl_time="${4}"
410+
local refresh_time="${5}"
411+
local retry_time="${6}"
412+
local expiry_time="${7}"
413+
local max_cache_time="${8}"
414+
local serial
415+
serial="$( date +'%s' )"
416+
417+
local debug_level="${9}"
418+
419+
# Config file
420+
if [ ! -f "${NAMED_CUST_CONF}/rpz.conf" ]; then
384421
{
385-
echo "\$TTL ${ttl_time}"
386-
echo "${reverse_addr}.in-addr.arpa. IN SOA ${domain}. root.${domain}. ("
387-
echo " ${serial} ; Serial number of zone file (yyyymmdd##)"
388-
echo " ${refresh_time} ; Refresh time"
389-
echo " ${retry_time} ; Retry time in case of problem"
390-
echo " ${expiry_time} ; Expiry time"
391-
echo " ${max_cache_time} ) ; Maximum caching time in case of failed lookups"
392-
echo ";"
393-
echo "${reverse_addr}.in-addr.arpa. IN NS ns1.${domain}."
394-
echo "${reverse_addr}.in-addr.arpa. IN NS ns2.${domain}."
395-
echo "${reverse_octet}.${reverse_addr}.in-addr.arpa. IN PTR ${reverse}."
396-
} > "${zone_rev_file}"
422+
echo "zone \"rpz\" IN {"
423+
echo " type master;"
424+
echo " allow-transfer { any; };"
425+
echo " allow-update { any; };"
426+
echo " file \"${NAMED_CUST_ZONE}/rpz\";"
427+
echo "};"
428+
} > "${NAMED_CUST_CONF}/rpz.conf"
397429

398-
# Output configuration file
399-
log_file "${zone_rev_file}"
430+
# Append config to bind
431+
echo "include \"${NAMED_CUST_CONF}/rpz.conf\";" >> "${NAMED_CONF}"
400432
fi
401433

402-
# named.conf
403-
if ! output="$( named-checkconf "${conf_file}" 2>&1 )"; then
404-
log "err" "Configuration failed." "${debug_level}"
405-
echo "${output}"
406-
exit
407-
elif [ "${debug_level}" -gt "1" ]; then
408-
echo "${output}"
434+
# forward zone file
435+
if [ ! -f "${NAMED_CUST_ZONE}/rpz" ]; then
436+
{
437+
#printf "\$ORIGIN %s\n" "${DEFAULT_MNAME}"
438+
printf "\$TTL %s\n" "${ttl_time}"
439+
printf "%-29s IN SOA %s %s (\n" "@" "${DEFAULT_MNAME}." "${DEFAULT_RNAME}."
440+
printf "%-44s %-15s; Serial number\n" "" "${serial}"
441+
printf "%-44s %-15s; Refresh time\n" "" "${refresh_time}"
442+
printf "%-44s %-15s; Retry time\n" "" "${retry_time}"
443+
printf "%-44s %-15s; Expiry time\n" "" "${expiry_time}"
444+
printf "%-44s %-15s; Negative Cache TTL\n" "" "${max_cache_time}"
445+
echo ")"
446+
echo
447+
echo "; NS Records"
448+
printf "%-29s IN %-7s %s\n" "" "NS" "${DEFAULT_MNAME}."
449+
echo
450+
echo "; Custom Records"
451+
printf "%-29s IN %-7s %s\n" "${domain}" "${record}" "${target}"
452+
} > "${NAMED_CUST_ZONE}/rpz"
453+
else
454+
{
455+
printf "%-29s IN %-7s %s\n" "${domain}" "${record}" "${target}"
456+
} >> "${NAMED_CUST_ZONE}/rpz"
409457
fi
410-
# Zone file
411-
if ! output="$( named-checkzone "${domain}" "${zone_file}" 2>&1 )"; then
458+
459+
# Validate .conf file
460+
if ! output="$( named-checkconf "${NAMED_CUST_CONF}/rpz.conf" 2>&1 )"; then
412461
log "err" "Configuration failed." "${debug_level}"
413-
echo "${output}"
414-
exit
462+
if [ -n "${output}" ]; then
463+
echo "${output}"
464+
fi
465+
log_file "${NAMED_CUST_CONF}/rpz.conf"
466+
exit 1
415467
elif [ "${debug_level}" -gt "1" ]; then
416-
echo "${output}"
468+
if [ -n "${output}" ]; then
469+
echo "${output}"
470+
fi
417471
fi
418-
# Reverse DNS
419-
if [ -n "${reverse}" ]; then
420-
if ! output="$( named-checkzone "${reverse_addr}.in-addr.arpa" "${zone_rev_file}" 2>&1 )"; then
421-
log "err" "Configuration failed." "${debug_level}"
472+
# Validate zone file
473+
if ! output="$( named-checkzone "rpz" "${NAMED_CUST_ZONE}/rpz" 2>&1 )"; then
474+
log "err" "Configuration failed." "${debug_level}"
475+
if [ -n "${output}" ]; then
422476
echo "${output}"
423-
exit
424-
elif [ "${debug_level}" -gt "1" ]; then
477+
fi
478+
log_file "${NAMED_CUST_CONF}/rpz.conf"
479+
log_file "${NAMED_CUST_ZONE}/rpz"
480+
exit 1
481+
elif [ "${debug_level}" -gt "1" ]; then
482+
if [ -n "${output}" ]; then
425483
echo "${output}"
426484
fi
427485
fi
@@ -431,7 +489,7 @@ add_wildcard_zone() {
431489

432490
####################################################################################################
433491
###
434-
### (4/5) BOOTSTRAP
492+
### (4/6) BOOTSTRAP
435493
###
436494
####################################################################################################
437495

@@ -461,7 +519,7 @@ log "info" "Debug level: ${DEBUG_ENTRYPOINT}" "${DEBUG_ENTRYPOINT}"
461519

462520
####################################################################################################
463521
###
464-
### (5/5) ENTRYPOINT
522+
### (5/6) ENTRYPOINT (DEFAULTS)
465523
###
466524
####################################################################################################
467525

@@ -573,127 +631,118 @@ else
573631
fi
574632

575633

634+
635+
####################################################################################################
576636
###
577-
### Add wildcard DNS
578-
###
579-
if printenv WILDCARD_DNS >/dev/null 2>&1; then
580-
581-
# Convert 'com=1.2.3.4[=com],de=2.3.4.5' into newline separated string:
582-
# com=1.2.3.4[=com]
583-
# de=2.3.4.5
584-
echo "${WILDCARD_DNS}" | sed 's/,/\n/g' | while read -r line ; do
585-
my_dom="$( echo "${line}" | awk -F '=' '{print $1}' | xargs -0 )" # domain
586-
my_add="$( echo "${line}" | awk -F '=' '{print $2}' | xargs -0 )" # IP address
587-
my_rev="$( echo "${line}" | awk -F '=' '{print $3}' | xargs -0 )" # Reverse DNS record
588-
my_cfg="${NAMED_DIR}/devilbox-wildcard_dns.${my_dom}.conf"
589-
590-
# If a CNAME was provided, try to resolve it to an IP address, otherwhise skip it
591-
if is_cname "${my_add}"; then
592-
# Try ping command first
593-
if ! tmp="$( ping -c1 "${my_add}" 2>&1 | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | head -1 )"; then
594-
tmp="${my_add}"
595-
fi
596-
if ! is_ip4_addr "${tmp}"; then
597-
# Try dig command second
598-
tmp="$( dig @8.8.8.8 +short "${my_add}" A | head -1 )"
599-
if ! is_ip4_addr "${tmp}"; then
600-
log "warn" "CNAME '${my_add}' could not be resolved. Skipping to add wildcard" "${DEBUG_ENTRYPOINT}"
601-
continue;
602-
fi
603-
fi
604-
log "info" "CNAME '${my_add}' resolved to: ${tmp}" "${DEBUG_ENTRYPOINT}"
605-
my_add="${tmp}"
606-
fi
637+
### (6/6) ENTRYPOINT (ZONES)
638+
###
639+
####################################################################################################
607640

608-
# If specified address is not a valid IPv4 address, skip it
609-
if ! is_ip4_addr "${my_add}"; then
610-
log "warn" "Invalid IP address '${my_add}': for *.${my_dom} -> ${my_add}. Skipping to add wildcard" "${DEBUG_ENTRYPOINT}"
611-
continue;
612-
fi
641+
REV_ZONES=""
642+
FWD_ZONES=""
613643

614-
if [ -n "${my_rev}" ]; then
615-
log "info" "Adding wildcard DNS: *.${my_dom} -> ${my_add} (PTR: ${my_rev})" "${DEBUG_ENTRYPOINT}"
616-
else
617-
log "info" "Adding wildcard DNS: *.${my_dom} -> ${my_add}" "${DEBUG_ENTRYPOINT}"
644+
###
645+
### Add Reverse DNS
646+
###
647+
if printenv DNS_PTR >/dev/null 2>&1; then
648+
while read -r line; do
649+
line="$( echo "${line}" | xargs -0 )"
650+
if [ -z "${line}" ]; then
651+
continue # For leading or trailing comma in DNS_PTR variable
618652
fi
619-
620-
echo "include \"${my_cfg}\";" >> "${NAMED_CONF}"
621-
add_wildcard_zone \
622-
"${my_dom}" \
623-
"${my_add}" \
624-
"${my_cfg}" \
625-
"1" \
626-
"${my_rev}" \
653+
addr="$( echo "${line}" | awk -F '=' '{print $1}' | xargs -0 )"
654+
name="$( echo "${line}" | awk -F '=' '{print $2}' | xargs -0 )"
655+
656+
# Extract IP address octets
657+
o1="$( echo "${addr}" | awk -F '.' '{print $1}' )"
658+
o2="$( echo "${addr}" | awk -F '.' '{print $2}' )"
659+
o3="$( echo "${addr}" | awk -F '.' '{print $3}' )"
660+
o4="$( echo "${addr}" | awk -F '.' '{print $4}' )"
661+
zone="${o3}.${o2}.${o1}.in-addr.arpa"
662+
ptr="${o4}.${o3}.${o2}.${o1}.in-addr.arpa"
663+
664+
# Append zones and get unique ones by newline separated
665+
REV_ZONES="$( echo "${REV_ZONES}"$'\n'"${zone}" | grep -vE '^$' | sort -u )"
666+
667+
log "info" "Adding PTR Record: ${addr} -> ${name}" "${DEBUG_ENTRYPOINT}"
668+
add_rev_zone \
669+
"${addr}" \
670+
"${name}" \
671+
"${zone}" \
672+
"${ptr}" \
627673
"${TTL_TIME}" \
628674
"${REFRESH_TIME}" \
629675
"${RETRY_TIME}" \
630676
"${EXPIRY_TIME}" \
631677
"${MAX_CACHE_TIME}" \
632678
"${DEBUG_ENTRYPOINT}"
633-
done
679+
done <<< "${DNS_PTR//,/$'\n'}"
680+
else
681+
log "info" "Not adding any PTR records" "${DEBUG_ENTRYPOINT}"
634682
fi
635683

636684

637685
###
638-
### Add extra hosts
639-
###
640-
if printenv EXTRA_HOSTS >/dev/null 2>&1 && [ -n "$( printenv EXTRA_HOSTS )" ]; then
641-
642-
# Convert 'com=1.2.3.4[=com],de=2.3.4.5' into newline separated string:
643-
# com=1.2.3.4
644-
# de=2.3.4.5
645-
echo "${EXTRA_HOSTS}" | sed 's/,/\n/g' | while read -r line ; do
646-
my_dom="$( echo "${line}" | awk -F '=' '{print $1}' | xargs -0 )" # domain
647-
my_add="$( echo "${line}" | awk -F '=' '{print $2}' | xargs -0 )" # IP address
648-
my_rev="$( echo "${line}" | awk -F '=' '{print $3}' | xargs -0 )" # Reverse DNS record
649-
my_cfg="${NAMED_DIR}/devilbox-extra_hosts.${my_dom}.conf"
650-
651-
# If a CNAME was provided, try to resolve it to an IP address, otherwhise skip it
652-
if is_cname "${my_add}"; then
653-
# Try ping command first
654-
if ! tmp="$( ping -c1 "${my_add}" 2>&1 | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | head -1 )"; then
655-
tmp="${my_add}"
656-
fi
657-
if ! is_ip4_addr "${tmp}"; then
658-
# Try dig command second
659-
tmp="$( dig @8.8.8.8 +short "${my_add}" A | head -1 )"
660-
if ! is_ip4_addr "${tmp}"; then
661-
log "warn" "CNAME '${my_add}' could not be resolved. Skipping to add extra host" "${DEBUG_ENTRYPOINT}"
662-
continue;
663-
fi
664-
fi
665-
log "info" "CNAME '${my_add}' resolved to: ${tmp}" "${DEBUG_ENTRYPOINT}"
666-
my_add="${tmp}"
686+
### Build forward zones (A Record)
687+
###
688+
if printenv DNS_A >/dev/null 2>&1; then
689+
while read -r line; do
690+
line="$( echo "${line}" | xargs -0 )"
691+
if [ -z "${line}" ]; then
692+
continue # For leading or trailing comma in DNS_A variable
667693
fi
694+
name="$( echo "${line}" | awk -F '=' '{print $1}' | xargs -0 )"
695+
addr="$( echo "${line}" | awk -F '=' '{print $2}' | xargs -0 )"
668696

669-
# If specified address is not a valid IPv4 address, skip it
670-
if ! is_ip4_addr "${my_add}"; then
671-
log "warn" "Invalid IP address '${my_add}': for ${my_dom} -> ${my_add}. Skipping to add extra host" "${DEBUG_ENTRYPOINT}"
672-
continue;
673-
fi
697+
# Only a single zone used for forward zones (response policy zone)
698+
FWD_ZONES="rpz"
674699

675-
if [ -n "${my_rev}" ]; then
676-
log "info" "Adding extra host: ${my_dom} -> ${my_add} (PTR: ${my_rev})" "${DEBUG_ENTRYPOINT}"
677-
else
678-
log "info" "Adding extra host: ${my_dom} -> ${my_add}" "${DEBUG_ENTRYPOINT}"
700+
log "info" "Adding A Record: ${name} -> ${addr}" "${DEBUG_ENTRYPOINT}"
701+
add_fwd_zone \
702+
"${name}" \
703+
"A" \
704+
"${addr}" \
705+
"${TTL_TIME}" \
706+
"${REFRESH_TIME}" \
707+
"${RETRY_TIME}" \
708+
"${EXPIRY_TIME}" \
709+
"${MAX_CACHE_TIME}" \
710+
"${DEBUG_ENTRYPOINT}"
711+
done <<< "${DNS_A//,/$'\n'}"
712+
else
713+
log "info" "Not adding any A records" "${DEBUG_ENTRYPOINT}"
714+
fi
715+
716+
717+
###
718+
### Build forward zones (CNAME Record)
719+
###
720+
if printenv DNS_CNAME >/dev/null 2>&1; then
721+
while read -r line; do
722+
line="$( echo "${line}" | xargs -0 )"
723+
if [ -z "${line}" ]; then
724+
continue # For leading or trailing comma in DNS_CNAME variable
679725
fi
726+
name="$( echo "${line}" | awk -F '=' '{print $1}' | xargs -0 )"
727+
addr="$( echo "${line}" | awk -F '=' '{print $2}' | xargs -0 )"
728+
729+
# Only a single zone used for forward zones (response policy zone)
730+
FWD_ZONES="rpz"
680731

681-
echo "include \"${my_cfg}\";" >> "${NAMED_CONF}"
682-
add_wildcard_zone \
683-
"${my_dom}" \
684-
"${my_add}" \
685-
"${my_cfg}" \
686-
"0" \
687-
"${my_rev}" \
732+
log "info" "Adding CNAME Record: ${name} -> ${addr}" "${DEBUG_ENTRYPOINT}"
733+
add_fwd_zone \
734+
"${name}" \
735+
"CNAME" \
736+
"${addr}." \
688737
"${TTL_TIME}" \
689738
"${REFRESH_TIME}" \
690739
"${RETRY_TIME}" \
691740
"${EXPIRY_TIME}" \
692741
"${MAX_CACHE_TIME}" \
693742
"${DEBUG_ENTRYPOINT}"
694-
done
743+
done <<< "${DNS_CNAME//,/$'\n'}"
695744
else
696-
log "info" "Not adding any extra hosts" "${DEBUG_ENTRYPOINT}"
745+
log "info" "Not adding any CNAME records" "${DEBUG_ENTRYPOINT}"
697746
fi
698747

699748

@@ -728,11 +777,8 @@ else
728777
log "err" "ALLOW_QUERY error: variable specified, but no IP addresses found." "${DEBUG_ENTRYPOINT}"
729778
exit 1
730779
fi
731-
732780
# shellcheck disable=SC2153
733781
log "info" "Adding custom allow-query options: ${ALLOW_QUERY}" "${DEBUG_ENTRYPOINT}"
734-
# Add quotes here
735-
#_allow_query_block="${_allow_query_block}"
736782
fi
737783

738784

@@ -767,11 +813,8 @@ else
767813
log "err" "ALLOW_RECURSION error: variable specified, but no IP addresses found." "${DEBUG_ENTRYPOINT}"
768814
exit 1
769815
fi
770-
771816
# shellcheck disable=SC2153
772817
log "info" "Adding custom allow-recursion options: ${ALLOW_RECURSION}" "${DEBUG_ENTRYPOINT}"
773-
# Add quotes here
774-
#_allow_recursion_block="${_allow_recursion_block}"
775818
fi
776819

777820

@@ -808,7 +851,8 @@ if ! printenv DNS_FORWARDER >/dev/null 2>&1; then
808851
"${DNSSEC_VALIDATE}" \
809852
"" \
810853
"${_allow_query_block}" \
811-
"${_allow_recursion_block}"
854+
"${_allow_recursion_block}" \
855+
"${FWD_ZONES}"
812856
else
813857

814858
# To be pupulated
@@ -843,10 +887,28 @@ else
843887
"${DNSSEC_VALIDATE}" \
844888
"${_forwarders_block}" \
845889
"${_allow_query_block}" \
846-
"${_allow_recursion_block}"
890+
"${_allow_recursion_block}" \
891+
"${FWD_ZONES}"
847892
fi
848893

849894

895+
###
896+
### Log configured zones
897+
###
898+
while IFS= read -r line; do
899+
if [ -n "${line}" ]; then
900+
log_file "${NAMED_CUST_CONF}/${line}.conf"
901+
log_file "${NAMED_CUST_ZONE}/${line}"
902+
fi
903+
done <<< "${REV_ZONES}"
904+
while IFS= read -r line; do
905+
if [ -n "${line}" ]; then
906+
log_file "${NAMED_CUST_CONF}/${line}.conf"
907+
log_file "${NAMED_CUST_ZONE}/${line}"
908+
fi
909+
done <<< "${FWD_ZONES}"
910+
911+
850912
###
851913
### Start
852914
###

0 commit comments

Comments
 (0)
Please sign in to comment.