Get yourself working docker.io installation.
Make doker file (its called Dockerfile)
#builddns image
#VERSION 0.1
FROM ubuntu:14.04
MAINTAINER Peach Lover <some@email.com>
RUN apt-get -qq update
Build image out of it
#docker build -t peach/builddns .
Start the docker container
#docker run -i -t -p 53:53/udp peach/builddns /bin/bash
Attach there and build some code
apt-get update
apt-get upgrade
apt-get install bind9 bind9utils build-essential debhelper hardening-wrapper libcap2-dev libdb-dev libdb-dev libkrb5-dev libldap2-dev libmysqlclient-dev libpq-dev libssl-dev libtool libxml2-dev mysql-client mysql-server openssl unixodbc unixodbc-dev
apt-get remove bind9
apt-get build-dep bind9
mkdir /root/bind9
cd /root/bind9
apt-get source bind9
cd bind9-9.9.5.dfsg
vi debian/rules
add the following
--with-dlz-mysql=yes
dpkg-buildpackage -rfakeroot -b
dpkg -i *.deb
vi /etc/default/bind9
OPTIONS="-u bind -n 1"
vi /etc/bind/named.conf.options
forwarders {
8.8.8.8;
8.8.4.4;
};
vi /etc/bind/named.conf.local
dlz "Mysql zone" {
database "mysql
{host=127.0.0.1 dbname=db_name user=db_user pass=db_pass}
{select zone from dns_records where zone = '$zone$'}
{select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum) else data end from dns_records where zone = '$zone$' and host = '$record$'}";
};
mysql -p
create database db_name;
grant all privileges on db_name.* to db_user@localhost identified by 'db_pass';
CREATE TABLE `dns_records` ( `id` int(11) NOT NULL auto_increment, `zone` varchar(64) default NULL, `host` varchar(64) default NULL, `type` varchar(8) default NULL, `data` varchar(64) default NULL, `ttl` int(11) NOT NULL default '3600', `mx_priority` int(11) default NULL, `refresh` int(11) NOT NULL default '3600', `retry` int(11) NOT NULL default '3600', `expire` int(11) NOT NULL default '86400', `minimum` int(11) NOT NULL default '3600', `serial` bigint(20) NOT NULL default '2008082700', `resp_person` varchar(64) NOT NULL default 'resp.person.email', `primary_ns` varchar(64) NOT NULL default 'ns1.yourdns.here', `data_count` int(11) NOT NULL default '0', PRIMARY KEY (`id`), KEY `host` (`host`), KEY `zone` (`zone`), KEY `type` (`type`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1;
// for www.testie.local to resolve to 1.2.3.4
insert into dns_records (zone, host, type, data, mx_priority) values ('testie.local', 'www', 'A', '1.2.3.4', null);
// for testie.local to resolve to 1.2.3.4
insert into dns_records (zone, host, type, data, mx_priority) values ('testie.local', '@', 'A', '1.2.3.4', null);
// for www2.testie.local to alias to www.testie.local
// note the trailing period in the data field
insert into dns_records (zone, host, type, data, mx_priority) values ('testie.local', 'www2', 'CNAME', 'www.testie.local.', null);
// for mail for testie.local to go to testie.local
// note the trailing period in the data field
insert into dns_records (zone, host, type, data, mx_priority) values ('testie.local', '@', 'MX', 'testie.local.', '0');
# extra precaution to make sure packages dont update
for package in bind9 bind9-doc bind9-host bind9utils dnsutils ; do \
echo $package hold | dpkg --set-selections ; done
Test from your host (local on both container and hypervisor will work too since we forwarded port 53)
# dig @localhost testie.local
; <<>> DiG 9.9.5-3-Ubuntu <<>> @localhost testie.local
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15312
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;testie.local. IN A
;; ANSWER SECTION:
testie.local. 3600 IN A 1.2.3.4
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat May 10 14:23:51 EEST 2014
;; MSG SIZE rcvd: 57
BANG!
Two ways from now:
1. Clean up this container as much as possible.
Stop it. Commit and use it like that.
2. Get your debs. Get your configs. Place on the same folder as your Dockerfile and edit the Dockerfile (for config files you dont need RUN just add them to the correct places).
ADD somefile.deb /somewhere/somefile.deb
RUN dpkg -i /somewhere/somefile.deb
This will 1st copy the file then install it in the instance.
Also add
CMD ["/usr/sbin/named","-4","-u","bind","-n","1","-c","/etc/bind/named.conf","-f"]
at the end. This will be your run command when you start the container.
A nice little "-g" at the end will let you see all the logs that bind spits out when you just attach ... beware if you attach and then ^C you will stop your container instance.
build container
run it
congrats you have a brand new bind9 on a container with dlz-mysql.
Notice: since i am not planning to set mysql on the same container as bind i am not getting in depth of setting the mysql and records in the last Docker setup.
Make this yourself you lazy nerds!
Показват се публикациите с етикет debian. Показване на всички публикации
Показват се публикациите с етикет debian. Показване на всички публикации
събота, 10 май 2014 г.
четвъртък, 21 април 2011 г.
iptables l7 в debian
Това е туториъл който намерих оригинално на
http://ogordo.com/instalacao-do-layer7-no-debian/
Там е на някакъв език който аз определям като испански но не мога да съм сигурен. Прекарах го през google translate и не съм много сигурен колко успешен е превода но аз лично тествах командите които е изпълнявал автора и мога да кажа че довеждат до работеща система с layer 7 подръжка. Като бонус получаваме дебиански пакет :)
Забележка: Авторите на iptables предупреждават че той съвсем не е направен за такъв тип филтрирания. Така че ... знаете си всичко е на ваша отговорност :)
Implementing layer7 Linux Debian Lenny with kernel 2.6.28 and iptables 1.4.2. After several attempts to recompile the kernel on Debian Lenny layer7 to implement and suffer a lot with the famous message "kernel panic, I managed to recompile it in accordance with the commands below.
Installing needed packages:
# aptitude install libncurses5-dev
# aptitude install kernel-package
# aptitude install zlib1g-dev
Enter the source directory and download files.
# cd / usr / src
# wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.28.tar.bz2
# wget http://www.netfilter.org/projects/iptables/files/iptables-1.4.2.tar.bz2
# wget http://downloads.sourceforge.net/l7-filter/netfilter-layer7-v2.21.tar.gz
# wget http://downloads.sourceforge.net/l7-filter/l7-protocols-2008-04-23.tar.gz
# wget http://merkel.debian.org/~jurij/2.6.28-1/i386/config-2.6.28-1-686.gz
Removing iptables:
# aptitude purge iptables
Unpacking the packages:
# tar jxvf linux-2.6.28.tar.bz2
# tar jxvf iptables-1.4.2.tar.bz2
# tar zxvf netfilter-layer7-v2.21.tar.gz
# tar zxvf l7-protocols-2008-04-23.tar.gz
# uncompress config-2.6.28-1-686.gz
Creating a link to the kernel directory:
# ln -s /usr/src/linux-2.6.28 /usr/src/linux
Copying the boot settings and applying patches to the kernel layer7:
# cd /usr/src/linux
# cp ../config-2.6.28-1-686 .config
# patch -p1 < ../netfilter-layer7-v2.21/kernel-2.6.25-2.6.28-layer7-2.21.patch
Compiling and installing kernel
# make oldconfig
(Enter for all questions)
# Make menuconfig
Enter the directory Networking -> Networking Options -> Network Packet Filtering framework (netfilter) -> Core Netfilter Configuration
Select the modules (M) layer7 match and support (M) string match support
(M) layer7 match support #MARK AS MODULE
(M) string match support #MARK AS MODULE
Exit through the exit, the last screen, choose save to the. Config, ie, the last exit you will be prompted to save. Now it's simple, just compile.
# make-kpkg -initrd kernel_image
It was created a linux-image-file-2.6.28_2.6.28 10.00.Custom_i386.deb in / usr / src directory and install again.
# cd /usr/src
# dpkg -i linux-image-2.6.28_2.6.28-10.00.Custom_i386.deb
Pronto, the new kernel is already installed.
Applying the patches and installing iptables
Type:
# cd /usr/src/iptables-1.4.2
Copy the files to the directory libxt_layer7.c libxt_layer7.man iptables:
# cp ../netfilter-layer7-v2.21/iptables-1.4.1.1-for-kernel-2.6.20forward/* extensions/
Installing iptables:
# ./configure –with-ksource=/usr/src/linux
# make
# make install
# cd /usr/src/l7-protocols-2008-04-23
# make install
Okay, just reboot and use!
# reboot
If by chance Debian does not automatically load the module, run the following command:
# modprobe ipt_layer7
Some rules:
iptables-A FORWARD-m-layer7 l7proto MSNMessenger-j DROP
iptables-A FORWARD-m-layer7 l7proto bittorrent-j DROP
http://ogordo.com/instalacao-do-layer7-no-debian/
Там е на някакъв език който аз определям като испански но не мога да съм сигурен. Прекарах го през google translate и не съм много сигурен колко успешен е превода но аз лично тествах командите които е изпълнявал автора и мога да кажа че довеждат до работеща система с layer 7 подръжка. Като бонус получаваме дебиански пакет :)
Забележка: Авторите на iptables предупреждават че той съвсем не е направен за такъв тип филтрирания. Така че ... знаете си всичко е на ваша отговорност :)
Implementing layer7 Linux Debian Lenny with kernel 2.6.28 and iptables 1.4.2. After several attempts to recompile the kernel on Debian Lenny layer7 to implement and suffer a lot with the famous message "kernel panic, I managed to recompile it in accordance with the commands below.
Installing needed packages:
# aptitude install libncurses5-dev
# aptitude install kernel-package
# aptitude install zlib1g-dev
Enter the source directory and download files.
# cd / usr / src
# wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.28.tar.bz2
# wget http://www.netfilter.org/projects/iptables/files/iptables-1.4.2.tar.bz2
# wget http://downloads.sourceforge.net/l7-filter/netfilter-layer7-v2.21.tar.gz
# wget http://downloads.sourceforge.net/l7-filter/l7-protocols-2008-04-23.tar.gz
# wget http://merkel.debian.org/~jurij/2.6.28-1/i386/config-2.6.28-1-686.gz
Removing iptables:
# aptitude purge iptables
Unpacking the packages:
# tar jxvf linux-2.6.28.tar.bz2
# tar jxvf iptables-1.4.2.tar.bz2
# tar zxvf netfilter-layer7-v2.21.tar.gz
# tar zxvf l7-protocols-2008-04-23.tar.gz
# uncompress config-2.6.28-1-686.gz
Creating a link to the kernel directory:
# ln -s /usr/src/linux-2.6.28 /usr/src/linux
Copying the boot settings and applying patches to the kernel layer7:
# cd /usr/src/linux
# cp ../config-2.6.28-1-686 .config
# patch -p1 < ../netfilter-layer7-v2.21/kernel-2.6.25-2.6.28-layer7-2.21.patch
Compiling and installing kernel
# make oldconfig
(Enter for all questions)
# Make menuconfig
Enter the directory Networking -> Networking Options -> Network Packet Filtering framework (netfilter) -> Core Netfilter Configuration
Select the modules (M) layer7 match and support (M) string match support
(M) layer7 match support #MARK AS MODULE
(M) string match support #MARK AS MODULE
Exit through the exit, the last screen, choose save to the. Config, ie, the last exit you will be prompted to save. Now it's simple, just compile.
# make-kpkg -initrd kernel_image
It was created a linux-image-file-2.6.28_2.6.28 10.00.Custom_i386.deb in / usr / src directory and install again.
# cd /usr/src
# dpkg -i linux-image-2.6.28_2.6.28-10.00.Custom_i386.deb
Pronto, the new kernel is already installed.
Applying the patches and installing iptables
Type:
# cd /usr/src/iptables-1.4.2
Copy the files to the directory libxt_layer7.c libxt_layer7.man iptables:
# cp ../netfilter-layer7-v2.21/iptables-1.4.1.1-for-kernel-2.6.20forward/* extensions/
Installing iptables:
# ./configure –with-ksource=/usr/src/linux
# make
# make install
# cd /usr/src/l7-protocols-2008-04-23
# make install
Okay, just reboot and use!
# reboot
If by chance Debian does not automatically load the module, run the following command:
# modprobe ipt_layer7
Some rules:
iptables-A FORWARD-m-layer7 l7proto MSNMessenger-j DROP
iptables-A FORWARD-m-layer7 l7proto bittorrent-j DROP
Абонамент за:
Публикации (Atom)