feat(nsmaster): trigger AXFR replication via multicast slave NOTIFY

nsmaster/conf/pdns.conf.var

@@ -1,9 +1,12 @@
 api=yes
 api-key=${DESECSTACK_NSMASTER_APIKEY}
 allow-axfr-ips=10.8.0.0/24
+also-notify=239.1.2.3
+only-notify=
 setgid=pdns
 setuid=pdns
 slave=yes
+slave-renotify=yes
 version-string=powerdns
 webserver=yes
 webserver-address=0.0.0.0

nsmaster/entrypoint.sh

@@ -2,6 +2,7 @@
 
 # Route required for communicating with slave NS through VPN
 /sbin/ip route add 10.8.0.0/24 via 172.16.7.2
+/sbin/ip route add 239.1.2.0/24 via 172.16.7.2
 
 host=dbmaster; port=3306; n=120; i=0; while ! (echo > /dev/tcp/$host/$port) 2> /dev/null; do [[ $i -eq $n ]] && >&2 echo "$host:$port not up after $n seconds, exiting" && exit 1; echo "waiting for $host:$port to come up"; sleep 1; i=$((i+1)); done
 

openvpn-server/Dockerfile

@@ -1,7 +1,9 @@
 FROM ubuntu:bionic
 
 RUN apt-get update && apt-get install -y \
+		iptables \
 		openvpn \
+		pimd \
 	--no-install-recommends && apt-get clean && rm -rf /var/lib/apt/lists/*
 
 COPY conf/ /etc/openvpn/

openvpn-server/conf/server.conf

@@ -166,3 +166,6 @@ verb 3
 # Notify the client that when the server restarts so it
 # can automatically reconnect.
 explicit-exit-notify 1
+
+script-security 2
+route-up "/usr/sbin/service pimd start"