Support bind zone transfer / notify - hidden master
Opened this issue · 0 comments
Thanks for the tool. It basically works fine. But we don't want to run a public DNS server for various reasons. It's quiet easy to run it as "hidden master" though if ones domain provider supports this. But this needs to be supported by your implementation.
Usually one only has map the named.conf.local file in the docker-compose.yml but this doesn't seem to work as the application throws always an error:
dnserr - The APP not sinc bind
Docker container seems to run fine and name resolution also seems to work. But for some reason your app refused to push updated to the zone.
volumes:
- ./data/bind-data:/var/cache/bind
- ./data/named.conf.local:/etc/bind/named.conf.local
root@ddns01:/opt/PyDDNS/data# cat named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "ddns.domain.com" IN {
type master;
file "/var/cache/bind/ddns.domain.com.zone";
journal "/var/cache/bind/ddns.domain.com.zone.jnl";
update-policy local;
notify yes;
also-notify { 1.2.3.4; };
allow-transfer { 1.2.3.4; };
};
What am I missing?
Update:
type master;
file "ddns.domain.com.zone";
journal "ddns.domain.com.zone.jnl";
notify yes;
allow-query { any; };
also-notify { 1.2.3.4;; };
allow-transfer { 1.2.3.4;; };
allow-update { localhost; };
The following seems to work. But for this to work fine I've had to reconfigure all container to network_mode: host.
I also have had to change the hardcoded hostname ddns in
PyDDNS/appdata/pyddns/pyddns/views.py
Line 371 in c4c8c7d
Using port 8000 for the nginx container and also for the pythin container was quiet confusing as well.
Maybe we can figure out a way that doesn't require to expose all ports to the host itself while supporting hidden master setups.
Would it be enough to set allow-query { any; }; to allow-query { localhost; }; ? Does pyddns need to query strings?