feat(nsmaster): initial commit. Automatically receives AXFRs from nslord.

db/00-init.sql

@@ -6,6 +6,9 @@ CREATE DATABASE pdnslord;
 CREATE USER pdnslord IDENTIFIED BY '123test';
 GRANT SELECT, INSERT, UPDATE, DELETE ON pdnslord.* TO pdnslord;
 
+CREATE DATABASE pdnsmaster;
+CREATE USER pdnsmaster IDENTIFIED BY '456test';
+GRANT SELECT, INSERT, UPDATE, DELETE ON pdnsmaster.* TO pdnsmaster;
+
 CREATE USER poweradmin IDENTIFIED BY '123passphrase';
 GRANT SELECT, INSERT, UPDATE, DELETE ON pdnslord.* TO poweradmin;
-

db/10-pdns-master.sql

@@ -0,0 +1,93 @@
+USE pdnsmaster;
+
+CREATE TABLE domains (
+  id                    INT AUTO_INCREMENT,
+  name                  VARCHAR(255) NOT NULL,
+  master                VARCHAR(128) DEFAULT NULL,
+  last_check            INT DEFAULT NULL,
+  type                  VARCHAR(6) NOT NULL,
+  notified_serial       INT DEFAULT NULL,
+  account               VARCHAR(40) DEFAULT NULL,
+  PRIMARY KEY (id)
+) Engine=InnoDB DEFAULT CHARSET=latin1;
+
+CREATE UNIQUE INDEX name_index ON domains(name);
+
+
+CREATE TABLE records (
+  id                    INT AUTO_INCREMENT,
+  domain_id             INT DEFAULT NULL,
+  name                  VARCHAR(255) DEFAULT NULL,
+  type                  VARCHAR(10) DEFAULT NULL,
+  content               VARCHAR(64000) DEFAULT NULL,
+  ttl                   INT DEFAULT NULL,
+  prio                  INT DEFAULT NULL,
+  change_date           INT DEFAULT NULL,
+  disabled              TINYINT(1) DEFAULT 0,
+  ordername             VARCHAR(255) BINARY DEFAULT NULL,
+  auth                  TINYINT(1) DEFAULT 1,
+  PRIMARY KEY (id)
+) Engine=InnoDB DEFAULT CHARSET=latin1;
+
+CREATE INDEX nametype_index ON records(name,type);
+CREATE INDEX domain_id ON records(domain_id);
+CREATE INDEX recordorder ON records (domain_id, ordername);
+
+
+CREATE TABLE supermasters (
+  ip                    VARCHAR(64) NOT NULL,
+  nameserver            VARCHAR(255) NOT NULL,
+  account               VARCHAR(40) NOT NULL,
+  PRIMARY KEY (ip, nameserver)
+) Engine=InnoDB DEFAULT CHARSET=latin1;
+
+
+CREATE TABLE comments (
+  id                    INT AUTO_INCREMENT,
+  domain_id             INT NOT NULL,
+  name                  VARCHAR(255) NOT NULL,
+  type                  VARCHAR(10) NOT NULL,
+  modified_at           INT NOT NULL,
+  account               VARCHAR(40) NOT NULL,
+  comment               VARCHAR(64000) NOT NULL,
+  PRIMARY KEY (id)
+) Engine=InnoDB DEFAULT CHARSET=latin1;
+
+CREATE INDEX comments_domain_id_idx ON comments (domain_id);
+CREATE INDEX comments_name_type_idx ON comments (name, type);
+CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);
+
+
+CREATE TABLE domainmetadata (
+  id                    INT AUTO_INCREMENT,
+  domain_id             INT NOT NULL,
+  kind                  VARCHAR(32),
+  content               TEXT,
+  PRIMARY KEY (id)
+) Engine=InnoDB DEFAULT CHARSET=latin1;
+
+CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind);
+
+
+CREATE TABLE cryptokeys (
+  id                    INT AUTO_INCREMENT,
+  domain_id             INT NOT NULL,
+  flags                 INT NOT NULL,
+  active                BOOL,
+  content               TEXT,
+  PRIMARY KEY(id)
+) Engine=InnoDB DEFAULT CHARSET=latin1;
+
+CREATE INDEX domainidindex ON cryptokeys(domain_id);
+
+
+CREATE TABLE tsigkeys (
+  id                    INT AUTO_INCREMENT,
+  name                  VARCHAR(255),
+  algorithm             VARCHAR(50),
+  secret                VARCHAR(255),
+  PRIMARY KEY (id)
+) Engine=InnoDB DEFAULT CHARSET=latin1;
+
+CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);
+

db/11-pdns-master-REFERENCES.sql

@@ -0,0 +1,5 @@
+USE pdnsmaster;
+
+-- As recommended by https://doc.powerdns.com/md/authoritative/backend-generic-mysql/
+ALTER TABLE `records` ADD CONSTRAINT `records_ibfk_1` FOREIGN KEY (`domain_id`) REFERENCES `domains` (`id`) ON DELETE CASCADE;
+ALTER TABLE `domainmetadata` ADD CONSTRAINT `domainmetadata_ibfk_1` FOREIGN KEY (`domain_id`) REFERENCES `domains` (`id`) ON DELETE CASCADE;

db/11-pdns-master-supermasters.sql

@@ -0,0 +1,3 @@
+USE pdnsmaster;
+
+INSERT INTO supermasters SET ip="172.16.1.1", nameserver="ns1.desec.io";

docker-compose.yml

@@ -45,7 +45,18 @@ services:
     depends_on:
     - db
     networks:
-    - back
+      back:
+        ipv4_address: 172.16.1.1
+
+  nsmaster:
+    build: nsmaster
+    volumes:
+    - ./nsmaster/conf:/etc/powerdns
+    depends_on:
+    - db
+    networks:
+      back:
+        ipv4_address: 172.16.1.2
 
 networks:
   back:
@@ -53,12 +64,12 @@ networks:
     ipam:
       driver: default
       config:
-      - subnet: 172.16.0.0/24
+      - subnet: 172.16.0.0/16
         gateway: 172.16.0.1
   front:
     driver: bridge
     ipam:
       driver: default
       config:
-      - subnet: 172.16.1.0/24
-        gateway: 172.16.1.1
+      - subnet: 172.15.0.0/16
+        gateway: 172.15.0.1

nslord/conf/pdns.conf

@@ -1,5 +1,5 @@
-allow-axfr-ips=172.16.0.0/24
-#also-notify=172.17.0.1
+allow-axfr-ips=172.16.0.0/16
+also-notify=172.16.1.2
 api=yes
 api-key=123password
 default-soa-edit=INCREMENT-WEEKS
@@ -15,4 +15,4 @@ setuid=pdns
 soa-minimum-ttl=60
 webserver=yes
 webserver-address=0.0.0.0
-webserver-allow-from=172.16.0.0/24
+webserver-allow-from=172.16.0.0/16

nsmaster/Dockerfile

@@ -0,0 +1,23 @@
+FROM debian:jessie
+
+RUN echo 'deb http://repo.powerdns.com/debian jessie-auth-40 main' \
+      >> /etc/apt/sources.list \
+ && echo 'Package: pdns-*' \
+      > /etc/apt/preferences.d/pdns \
+ && echo 'Pin: origin repo.powerdns.com' \
+      >> /etc/apt/preferences.d/pdns \
+ && echo 'Pin-Priority: 600' \
+      >> /etc/apt/preferences.d/pdns
+
+RUN set -ex \
+	&& apt-key adv --keyserver hkp://pool.sks-keyservers.net --recv 0x1B0C6205FD380FBB \
+	&& apt-get update \
+	&& apt-get install -y pdns-server pdns-backend-mysql \
+	&& apt-get clean \
+	&& rm -rf /var/lib/apt/lists/*
+
+VOLUME /etc/powerdns/
+
+COPY ./entrypoint.sh /root/
+
+CMD ["/root/entrypoint.sh"]

nsmaster/conf/pdns.conf

@@ -0,0 +1,6 @@
+disable-axfr=yes
+include-dir=/etc/powerdns/pdns.d
+launch=
+setgid=pdns
+setuid=pdns
+slave=yes

nsmaster/conf/pdns.d/pdns.local.gmysql.conf

@@ -0,0 +1,8 @@
+launch=gmysql
+
+gmysql-host=db
+gmysql-port=
+gmysql-dbname=pdnsmaster
+gmysql-user=pdnsmaster
+gmysql-password=456test
+gmysql-dnssec=yes

nsmaster/entrypoint.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+host=db; port=3306; n=120; i=0; while ! (echo > /dev/tcp/$host/$port) 2> /dev/null; do [[ $i -eq $n ]] && >&2 echo "$host:$port not up after $n seconds, exiting" && exit 1; echo "waiting for $host:$port to come up"; sleep 1; i=$((i+1)); done
+
+pdns_server --daemon=no