build(version): bump version 0.0.1 → 0.1.0rc0

fix(supervisor): named was not set to start correctly

See merge request nofusscomputing/projects/docker-bind!2

.cz.yaml

@@ -0,0 +1,7 @@
+commitizen:
+  bump_message: "build(version): bump version $current_version \u2192 $new_version"
+  changelog_incremental: false
+  name: cz_conventional_commits
+  tag_format: $major.$minor.$patch$prerelease
+  update_changelog_on_bump: true
+  version: 0.1.0rc0

.gitlab-ci.yml

@@ -0,0 +1,17 @@
+---
+
+include:
+  - project: nofusscomputing/projects/gitlab-ci
+    ref: development
+    file:
+      - .gitlab-ci_common.yaml
+      - template/automagic.gitlab-ci.yaml
+
+variables:
+  GIT_SYNC_URL: "https://$GITHUB_USERNAME_ROBOT:$GITHUB_TOKEN_ROBOT@github.com/NoFussComputing/docker-bind.git"
+  
+  DOCKER_IMAGE_BUILD_TARGET_PLATFORMS: "linux/amd64,linux/arm64,linux/arm/v7"
+  DOCKER_IMAGE_PUBLISH_NAME: 'bind'
+  DOCKER_IMAGE_PUBLISH_REGISTRY: docker.io/nofusscomputing
+  DOCKER_IMAGE_PUBLISH_URL: https://hub.docker.com/r/nofusscomputing/$DOCKER_IMAGE_PUBLISH_NAME
+  PAGES_ENVIRONMENT_PATH: projects/docker/bind/

.gitmodules

@@ -0,0 +1,7 @@
+[submodule "gitlab-ci"]
+	path = gitlab-ci
+	url = https://gitlab.com/nofusscomputing/projects/gitlab-ci.git
+	branch = development
+[submodule "website-template"]
+	path = website-template
+	url = https://gitlab.com/nofusscomputing/infrastructure/website-template.git

.nfc_automation.yaml

@@ -0,0 +1,8 @@
+---
+
+role_git_conf:
+  gitlab:
+    submodule_branch: "development"
+    default_branch: development
+    mr_labels: ~"type::automation" ~"impact::0" ~"priority::0"
+    auto_merge: true

.vscode/extensions.json

@@ -0,0 +1,10 @@
+{
+    "recommendations": [
+        "samuelcolvin.jinjahtml",
+        "ms-azuretools.vscode-docker",
+        "gitlab.gitlab-workflow",
+        "ms-kubernetes-tools.vscode-kubernetes-tools",
+        "redhat.vscode-yaml",
+        "jebbs.markdown-extended"
+    ]
+}

CHANGELOG.md

@@ -0,0 +1,23 @@
+## 0.1.0rc0 (2023-11-13)
+
+### Bug Fixes
+
+- **supervisor**: [3c458c0c](https://gitlab.com/nofusscomputing/projects/docker-bind/-/commit/3c458c0c7b0c264c3cca03c2148b1263e2230e4d) - named was not set to start correctly [ [!2](https://gitlab.com/nofusscomputing/projects/docker-bind/-/merge_requests/2) ]
+- **health_check**: [b4516697](https://gitlab.com/nofusscomputing/projects/docker-bind/-/commit/b451669705dd63ec1e1c7c14c990a47f9e1cef83) - use the default socket name for supervisord [ [!1](https://gitlab.com/nofusscomputing/projects/docker-bind/-/merge_requests/1) ]
+- [054c64d3](https://gitlab.com/nofusscomputing/projects/docker-bind/-/commit/054c64d3a64bf52646ccde47ad0e52985e8a5da7) - ensure correct permissions for bind config files [ [!1](https://gitlab.com/nofusscomputing/projects/docker-bind/-/merge_requests/1) ]
+- **ci**: [9b70ff63](https://gitlab.com/nofusscomputing/projects/docker-bind/-/commit/9b70ff637bf380017ac5257614a181a0c7213779) - remove setting of arg as this is done via cli [ [!1](https://gitlab.com/nofusscomputing/projects/docker-bind/-/merge_requests/1) ]
+
+### Documentaton / Guides
+
+- [d92aa7b5](https://gitlab.com/nofusscomputing/projects/docker-bind/-/commit/d92aa7b5a1c13c9f267c21fe7c0cd6075e380da2) - fix navigation [ [!1](https://gitlab.com/nofusscomputing/projects/docker-bind/-/merge_requests/1) ]
+- [fa3c50f9](https://gitlab.com/nofusscomputing/projects/docker-bind/-/commit/fa3c50f9f82628dfacfd266fceb9cad2540ad643) - add image location fur pulling. [ [!1](https://gitlab.com/nofusscomputing/projects/docker-bind/-/merge_requests/1) ]
+- [5a139f37](https://gitlab.com/nofusscomputing/projects/docker-bind/-/commit/5a139f3707221db5922e2420fc6b3ca60a40dbab) - added initial doc page and add template repo ready for deployment [ [!1](https://gitlab.com/nofusscomputing/projects/docker-bind/-/merge_requests/1) [!38](https://gitlab.com/nofusscomputing/projects/docker-bind/-/merge_requests/38) ]
+
+### Features
+
+- [fb9c0916](https://gitlab.com/nofusscomputing/projects/docker-bind/-/commit/fb9c09161a5fadbeae32a915698a1e40ece3ae3c) - Logging configured for bind [ [!1](https://gitlab.com/nofusscomputing/projects/docker-bind/-/merge_requests/1) ]
+- [b158f228](https://gitlab.com/nofusscomputing/projects/docker-bind/-/commit/b158f228e19dd87a8bbb56d415c3922d9d050ef3) - dynamic config loading [ [!1](https://gitlab.com/nofusscomputing/projects/docker-bind/-/merge_requests/1) ]
+- **container**: [a6db6645](https://gitlab.com/nofusscomputing/projects/docker-bind/-/commit/a6db66452779144dd8c6427504f32f15284e11f4) - initial dockerfile and settings [ [!1](https://gitlab.com/nofusscomputing/projects/docker-bind/-/merge_requests/1) ]
+- **ci**: [46428d18](https://gitlab.com/nofusscomputing/projects/docker-bind/-/commit/46428d18b8cfc1eb9bb862fe61a735900017cb44) - add repo gitlab-ci for ci jobs [ [!1](https://gitlab.com/nofusscomputing/projects/docker-bind/-/merge_requests/1) ]
+
+## 0.0.1 (2023-11-12)

dockerfile

@@ -0,0 +1,35 @@
+
+ARG VERSION_BIND="9.18.19-r0"
+
+FROM --platform=$TARGETPLATFORM alpine:3.18.4
+
+
+ARG VERSION_BIND
+
+
+RUN \
+  apk upgrade --no-cache; \
+  apk add --no-cache \
+    bind==${VERSION_BIND} \
+    supervisor;
+
+
+EXPOSE \
+  53/tcp \
+  53/udp
+  # Others required? dnssec, secure updates, sone transfers DOT etc
+
+
+HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD \
+  supervisorctl status || exit 1
+
+
+COPY includes/ /
+
+
+RUN \
+  chown named:named -R /etc/bind; \
+  chmod 5771 /etc/bind;
+
+
+CMD [ "/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf" ]

docs/projects/docker/bind/index.md

@@ -0,0 +1,59 @@
+---
+title: Dockerized Bind DNS Server
+description: How to use No Fuss Computings docker container bind.
+date: 2023-11-12
+template: project.html
+about: https://gitlab.com/nofusscomputing/projects/docker-bind
+---
+
+This docker container is for running the BIND9 DNS Server from within a container environment. Usage of the Alpine Linux image for the base was chosen to limit container size. Inclusive of bind9, `supervisord` is the entry point which starts bind9. As supervisor daemon is used, a health check has been setup and automagically runs and if any service fails, the health check will adjust accordingly.
+
+!!! info "TL;DR"
+    `docker pull nofusscomputing/bind:latest` for stable branch or `docker pull nofusscomputing/bind:dev` for head branch.
+
+
+## Configuration
+
+All Configuration for Bind is located in directory `/etc/bind/conf.d` when launching this container it's recommended that this path be a volume and you place your own config files there. Without doing so the container will start a DNS server that will be of no use.
+
+!!! info
+    Bind9 Documentation can be found at <https://bind9.readthedocs.io/en/v9.18.19/reference.html>
+
+
+## Running the container
+
+To quickly setup a container the following `docker-compose.yaml` file could be used.
+
+``` yaml title="docker-compose.yaml" linenums="1"
+
+services:
+
+  bind:
+    image: nofusscomputing/docker-bind:dev
+    container_name : bind
+    hostname: bind
+    ports:
+      - "53:53"
+    volumes:
+      - data_bind9:/etc/bind/conf.d
+      - logs_bind9:/var/logs
+    environment:
+      - TIMEZONE=UTC
+    restart: always
+    networks:
+      - default
+      - ingress
+
+
+volumes:
+  data_bind9:
+  logs_bind9:
+
+
+networks:
+  default:
+    external: no
+  ingress:
+    external: yes
+
+```

docs/task-doc-template.md

@@ -0,0 +1,87 @@
+
+
+short summary of the task file
+
+## {Task Name}
+
+- **Name**: 
+
+- **Description**: 
+
+- **Module**: 
+
+- **Arguments**:
+
+  - 
+
+- **Conditional**: 
+
+- **Tags**: 
+
+  - 
+
+## {Task Name}
+
+- **Name**: 
+
+- **Description**: 
+
+- **Module**: 
+
+- **Arguments**:
+
+  - 
+
+- **Registers**: 
+
+- **Conditional**: 
+
+- **Tags**: 
+
+  - 
+
+
+## Variables
+
+The following variables can be customized in this task file:
+
+```yaml
+variable_name: "default_value"
+```
+
+- `variable_name`: Description of the variable.
+
+## Tags
+
+The tasks in this task file are tagged with the following tags:
+
+- 
+
+## Usage
+
+To use this Ansible task file, you can include it in your playbook or role and provide values for the required variables. Here's an example of how you can use this task file:
+
+1. Create a playbook (e.g., `your_playbook.yaml`) and define the necessary variables:
+
+```yaml
+---
+
+- hosts: your_hosts
+  vars:
+    variable_name: "value"
+  
+  tasks:
+    - include_tasks: path/to/task_file.yaml
+```
+
+2. Create a separate file for the task file (e.g., `task_file.yaml`) and copy the content of the task file into it.
+
+3. Run the playbook:
+
+```shell
+ansible-playbook your_playbook.yaml
+```
+
+Make sure to replace the placeholder values (`variable_name`, `value`) with the appropriate values for your setup.
+
+Note: You may need to adjust the playbook structure and additional tasks based on your specific requirements and the tasks you want to execute.

includes/etc/bind/conf.d/logging.conf

@@ -0,0 +1,201 @@
+logging {
+     channel default_log {
+          file "/var/log/default" versions 3 size 20m;
+          print-time yes;
+          print-category yes;
+          print-severity yes;
+          severity info;
+     };
+     channel auth_servers_log {
+          file "/var/log/auth_servers" versions 100 size 20m;
+          print-time yes;
+          print-category yes;
+          print-severity yes;
+          severity info;
+     };
+     channel dnssec_log {
+          file "/var/log/dnssec" versions 3 size 20m;
+          print-time yes;
+          print-category yes;
+          print-severity yes;
+          severity info;
+     };
+     channel zone_transfers_log {
+          file "/var/log/zone_transfers" versions 3 size 20m;
+          print-time yes;
+          print-category yes;
+          print-severity yes;
+          severity info;
+     };
+     channel ddns_log {
+          file "/var/log/ddns" versions 3 size 20m;
+          print-time yes;
+          print-category yes;
+          print-severity yes;
+          severity info;
+     };
+     channel client_security_log {
+          file "/var/log/client_security" versions 3 size 20m;
+          print-time yes;
+          print-category yes;
+          print-severity yes;
+          severity info;
+     };
+     channel rate_limiting_log {
+          file "/var/log/rate_limiting" versions 3 size 20m;
+          print-time yes;
+          print-category yes;
+          print-severity yes;
+          severity info;
+     };
+     channel rpz_log {
+          file "/var/log/rpz" versions 3 size 20m;
+          print-time yes;
+          print-category yes;
+          print-severity yes;
+          severity info;
+     };
+     channel dnstap_log {
+          file "/var/log/dnstap" versions 3 size 20m;
+          print-time yes;
+          print-category yes;
+          print-severity yes;
+          severity info;
+     };
+//
+// If you have the category ‘queries’ defined, and you don’t want query logging
+// by default, make sure you add option ‘querylog no;’ - then you can toggle
+// query logging on (and off again) using command ‘rndc querylog’
+//
+     channel queries_log {
+          file "/var/log/queries" versions 600 size 20m;
+          print-time yes;
+          print-category yes;
+          print-severity yes;
+          severity info;
+     };
+//
+// This channel is dynamic so that when the debug level is increased using
+// rndc while the server is running, extra information will be logged about
+// failing queries.  Other debug information for other categories will be
+// sent to the channel default_debug (which is also dynamic), but without
+// affecting the regular logging.
+//
+     channel query-errors_log {
+          file "/var/log/query-errors" versions 5 size 20m;
+          print-time yes;
+          print-category yes;
+          print-severity yes;
+          severity dynamic;
+     };
+
+//
+// This is the default debug output channel, defined here for clarity.  You
+// might want to redefine the output destination if it doesn’t fit with your
+// local system administration plans for logging.  It is also a special
+// channel that only produces output if the debug level is non-zero.
+//
+     channel default_debug {
+          print-time yes;
+          print-category yes;
+          print-severity yes;
+          file "named.run";
+          severity dynamic;
+     };
+//
+// Log routine stuff to syslog and default log:
+//
+     category default { default_syslog; default_debug; default_log; };
+     category config { default_syslog; default_debug; default_log; };
+     category dispatch { default_syslog; default_debug; default_log; };
+     category network { default_syslog; default_debug; default_log; };
+     category general { default_syslog; default_debug; default_log; };
+//
+// From BIND 9.12 and newer, you can direct zone load logging to another
+// channel with the new zoneload logging category.  If this would be useful
+// then firstly, configure the new channel, and then edit the line below
+// to direct the category there instead of to syslog and default log:
+//
+     category zoneload { default_syslog; default_debug; default_log; };
+//
+// Log messages relating to what we got back from authoritative servers during
+// recursion (if lame-servers and edns-disabled are obscuring other messages
+// they can be sent to their own channel or to null).  Sometimes these log
+// messages will be useful to research why some domains don’t resolve or
+// don’t resolve reliably
+//
+     category resolver { auth_servers_log; default_debug; };
+     category cname { auth_servers_log; default_debug; };
+     category delegation-only { auth_servers_log; default_debug; };
+     category lame-servers { auth_servers_log; default_debug; };
+     category edns-disabled { auth_servers_log; default_debug; };
+//
+// Log problems with DNSSEC:
+//
+     category dnssec { dnssec_log; default_debug; };
+//
+// Log together all messages relating to authoritative zone propagation
+//
+     category notify { zone_transfers_log; default_debug; };
+     category xfer-in { zone_transfers_log; default_debug; };
+     category xfer-out { zone_transfers_log; default_debug; };
+//
+// Log together all messages relating to dynamic updates to DNS zone data:
+//
+     category update{ ddns_log; default_debug; };
+     category update-security { ddns_log; default_debug; };
+//
+// Log together all messages relating to client access and security.
+// (There is an additional category ‘unmatched’ that is by default sent to
+// null but which can be added here if you want more than the one-line
+// summary that is logged for failures to match a view).
+//
+     category client{ client_security_log; default_debug; };
+     category security { client_security_log; default_debug; };
+//
+// Log together all messages that are likely to be related to rate-limiting.
+// This includes RRL (Response Rate Limiting) - usually deployed on authoritative
+// servers and fetches-per-server|zone.  Note that it does not include
+// logging of changes for clients-per-query (which are logged in category
+// resolver).  Also note that there may on occasions be other log messages
+// emitted by the database category that don’t relate to rate-limiting
+// behaviour by named.
+//
+     category rate-limit { rate_limiting_log; default_debug; };
+     category spill { rate_limiting_log; default_debug; };
+     category database { rate_limiting_log; default_debug; };
+//
+// Log DNS-RPZ (Response Policy Zone) messages (if you are not using DNS-RPZ
+// then you may want to comment out this category and associated channel)
+//
+     category rpz { rpz_log; default_debug; };
+//
+// Log messages relating to the "dnstap" DNS traffic capture system  (if you
+// are not using dnstap, then you may want to comment out this category and
+// associated channel).
+//
+     category dnstap { dnstap_log; default_debug; };
+//
+// If you are running a server (for example one of the Internet root
+// nameservers) that is providing RFC 5011 trust anchor updates, then you
+// may be interested in logging trust anchor telemetry reports that your
+// server receives to analyze anchor propagation rates during a key rollover.
+// If this would be useful then firstly, configure the new channel, and then
+// un-comment and the line below to direct the category there instead of to
+// syslog and default log:
+//
+//
+     category trust-anchor-telemetry { default_syslog; default_debug; default_log; };
+//
+// If you have the category ‘queries’ defined, and you don’t want query logging
+// by default, make sure you add option ‘querylog no;’ - then you can toggle
+// query logging on (and off again) using command ‘rndc querylog’
+//
+     category queries { queries_log; };
+//
+// This logging category will only emit messages at debug levels of 1 or
+// higher - it can be useful to troubleshoot problems where queries are
+// resulting in a SERVFAIL response.
+//
+     category query-errors {query-errors_log; };
+};

includes/etc/bind/conf.d/options.conf

@@ -0,0 +1,19 @@
+
+options {
+    directory "/var/bind";
+
+
+    listen-on { 127.0.0.1; };
+    listen-on-v6 { none; };
+
+    allow-transfer {
+        none;
+    };
+
+
+    pid-file "/var/run/named/named.pid";
+
+
+    allow-recursion { none; };
+    recursion no;
+};

includes/etc/bind/named.conf

@@ -0,0 +1,3 @@
+// Docs: https://bind9.readthedocs.io/en/v9.18.19/reference.html
+
+include "/etc/bind/conf.d/*.conf";

includes/etc/supervisor/conf.d/named.conf

@@ -0,0 +1,9 @@
+[program:bind]
+startsecs=0
+stopwaitsecs=55
+command=/usr/sbin/named -f
+autorestart=true
+autostart=true
+stdout_logfile=/var/log/supervisor_%(program_name)s.log
+stderr_logfile=/var/log/supervisor_%(program_name)s.log
+retry=3

includes/etc/supervisor/supervisord.conf

@@ -0,0 +1,34 @@
+
+[unix_http_server]
+file=/var/run/supervisord.sock   ; (the path to the socket file)
+chmod=0700                       ; sockef file mode (default 0700)
+
+;[inet_http_server]
+;port = :9001
+; username = user
+; password = 123
+
+[supervisord]
+logfile=/var/log/supervisord.log ; (main log file;default $CWD/supervisord.log)
+pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
+childlogdir=/var/log            ; ('AUTO' child log dir, default $TEMP)
+nodaemon = true
+user=root
+
+; the below section must remain in the config file for RPC
+; (supervisorctl/web interface) to work, additional interfaces may be
+; added by defining them in separate rpcinterface: sections
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///var/run/supervisord.sock ; use a unix:// URL  for a unix socket
+
+; The [include] section can just contain the "files" setting.  This
+; setting can list multiple files (separated by whitespace or
+; newlines).  It can also contain wildcards.  The filenames are
+; interpreted as relative to this file.  Included files *cannot*
+; include files themselves.
+
+[include]
+files = /etc/supervisor/conf.d/*.conf

mkdocs.yml

@@ -0,0 +1,34 @@
+INHERIT: website-template/mkdocs.yml
+
+docs_dir: 'docs'
+
+repo_name: Docker Bind
+repo_url: https://gitlab.com/nofusscomputing/projects/docker-bind
+edit_uri: '/-/ide/project/nofusscomputing/projects/docker-bind/edit/development/-/docs/'
+
+nav:
+- Home: index.md
+
+- Articles: 
+
+  - articles/index.md
+
+- Projects: 
+
+  - projects/index.md
+
+  - Docker: 
+  
+    - projects/docker/index.md
+
+    - Bind DNS Server:
+
+      - projects/docker/bind/index.md
+
+
+- Operations: 
+
+  - operations/index.md
+
+- Contact Us: contact.md
+