nsupdate.info/scripts/docker/bind/named.conf.local

//
// Do any local configuration here
//

key "nsupdate.info." {
        algorithm hmac-sha512;
        secret "YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYQ==";
};

key "tests.nsupdate.info." {
        algorithm hmac-sha512;
        secret "YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYQ==";
};

zone "nsupdate.info" {
        type master;
        file "/var/lib/bind/pri/nsupdate.info";
        update-policy {
            // these "deny" entries are needed for the service domain,
            // if you add another domain, you may want to check the need
            // for other "deny" entries if the zone is not fully available.
            // we don't allow updates to the infrastructure hosts:
            deny  nsupdate.info.      name      nsupdate.info;
            deny  nsupdate.info.      name  www.nsupdate.info;
            deny  nsupdate.info.      name ipv4.nsupdate.info;
            deny  nsupdate.info.      name ipv6.nsupdate.info;
            // this host is for testing if the nameserver is configured correctly and reachable
            grant nsupdate.info.      name connectivity-test.nsupdate.info A;
            // but we allow updates to any other host:
            grant nsupdate.info. subdomain nsupdate.info;
        };
};

zone "tests.nsupdate.info" {
        type master;
        file "/var/lib/bind/pri/tests.nsupdate.info";
        update-policy {
            // these "deny" entries are needed for the service domain,
            // if you add another domain, you may want to check the need
            // for other "deny" entries if the zone is not fully available.
            // we don't allow updates to the infrastructure hosts:
            deny  tests.nsupdate.info.      name      tests.nsupdate.info;
            deny  tests.nsupdate.info.      name  www.tests.nsupdate.info;
            deny  tests.nsupdate.info.      name ipv4.tests.nsupdate.info;
            deny  tests.nsupdate.info.      name ipv6.tests.nsupdate.info;
            // but we allow updates to any other host:
            grant tests.nsupdate.info. subdomain tests.nsupdate.info;
        };
};
Add testing in docker I can't run tests in travis and due to the bind9 dependency it's difficult to run on the local machine. Docker is tricky due to changing the nameserver to 127.0.0.1 but with the right parameter it works. There are still a handful of tests failing. I couldn't figure out why yet. 2023-01-14 20:46:50 +01:00			`//`
			`// Do any local configuration here`
			`//`

			`key "nsupdate.info." {`
			`algorithm hmac-sha512;`
			`secret "YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYQ==";`
			`};`

			`key "tests.nsupdate.info." {`
			`algorithm hmac-sha512;`
			`secret "YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYQ==";`
			`};`

			`zone "nsupdate.info" {`
			`type master;`
			`file "/var/lib/bind/pri/nsupdate.info";`
			`update-policy {`
			`// these "deny" entries are needed for the service domain,`
			`// if you add another domain, you may want to check the need`
			`// for other "deny" entries if the zone is not fully available.`
			`// we don't allow updates to the infrastructure hosts:`
			`deny nsupdate.info. name nsupdate.info;`
			`deny nsupdate.info. name www.nsupdate.info;`
			`deny nsupdate.info. name ipv4.nsupdate.info;`
			`deny nsupdate.info. name ipv6.nsupdate.info;`
			`// this host is for testing if the nameserver is configured correctly and reachable`
			`grant nsupdate.info. name connectivity-test.nsupdate.info A;`
			`// but we allow updates to any other host:`
			`grant nsupdate.info. subdomain nsupdate.info;`
			`};`
			`};`

			`zone "tests.nsupdate.info" {`
			`type master;`
			`file "/var/lib/bind/pri/tests.nsupdate.info";`
			`update-policy {`
			`// these "deny" entries are needed for the service domain,`
			`// if you add another domain, you may want to check the need`
			`// for other "deny" entries if the zone is not fully available.`
			`// we don't allow updates to the infrastructure hosts:`
			`deny tests.nsupdate.info. name tests.nsupdate.info;`
			`deny tests.nsupdate.info. name www.tests.nsupdate.info;`
			`deny tests.nsupdate.info. name ipv4.tests.nsupdate.info;`
			`deny tests.nsupdate.info. name ipv6.tests.nsupdate.info;`
			`// but we allow updates to any other host:`
			`grant tests.nsupdate.info. subdomain tests.nsupdate.info;`
			`};`
			`};`