document DNS mods and make DNS options configurable per domain

This commit is contained in:
github@kiekerjan.isdronken.nl 2021-05-19 22:48:21 +02:00
parent 14394ef05b
commit 544f06b100
2 changed files with 32 additions and 13 deletions

View File

@ -16,10 +16,14 @@ Functionality changes and additions
* Add fail2ban filters for web scanners and badbots
* Add xapian full text searching to dovecot (from https://github.com/grosjo/fts-xapian)
* Add rkhunter and chkrootkit
* Configure domain names for which only www will be hosted. Edit /etc/miabwwwdomains.conf to configure.
* Configure domain names for which only www will be hosted. Edit /etc/miabwwwdomains.conf to configure. DNS entries are not handled by this box!
* Add some munin plugins
* Update nextcloud to 20.0.8
* Update roundcube carddav plugin to 4.1.1
* Use shorter TTL values in the DNS server.
To be used before moving e.g. DNS provider. Shortening TTL values will propagate changes faster. For reference, default TTL is 1 day, short TTL is 5 minutes. To use, edit file /etc/forceshortdnsttl and add a line for each domain for which shorter TTLs should be used. To use short TTLs for all known domains, add "forceshortdnsttl"
* Use the box as a Hidden Master in the DNS system
Thus only the secondary DNS servers are used as public DNS servers. To use, edit file /etc/usehiddenmasterdns and add a line for each domain for which Hidden Master should be used. To use Hidden Master for all known domains, add "usehiddenmasterdns". At least two secondary servers should be set in the Custom DNS administration page.
Bug fixes
* Munin routes are ignored for Multi Factor Authentication [see github issue](https://github.com/mail-in-a-box/mailinabox/issues/1865)

View File

@ -150,7 +150,13 @@ def build_zone(domain, all_domains, additional_records, www_redirect_domains, en
secondary_ns_list = get_secondary_dns(additional_records, mode="NS")
# Need at least two nameservers in the secondary dns list
useHiddenMaster = os.path.exists("/etc/usehiddenmasterdns") and len(secondary_ns_list) > 1
useHiddenMaster = false
if os.path.exists("/etc/usehiddenmasterdns") and len(secondary_ns_list) > 1:
with open("/etc/usehiddenmasterdns") as f:
for line in f:
if line == domain or line == "usehiddenmasterdns":
useHiddenMaster = true
break
if not useHiddenMaster:
# Obligatory definition of ns1.PRIMARY_HOSTNAME.
@ -162,7 +168,6 @@ def build_zone(domain, all_domains, additional_records, www_redirect_domains, en
for secondary_ns in secondary_ns_list:
records.append((None, "NS", secondary_ns+'.', False))
# In PRIMARY_HOSTNAME...
if domain == env["PRIMARY_HOSTNAME"]:
# Define ns1 and ns2.
@ -509,22 +514,32 @@ $TTL {defttl} ; default time to live
p_expire = "14d"
p_negttl = "12h"
primary_dns = "ns1." + env["PRIMARY_HOSTNAME"]
# Shorten dns ttl if file exists. Use before moving domains, changing secondary dns servers etc
if os.path.exists("/etc/forceshortdnsttl"):
p_defttl = "5m"
p_refresh = "30m"
p_retry = "5m"
p_expire = "1d"
p_negttl = "5m"
with open("/etc/forceshortdnsttl") as f:
for line in f:
if line == domain or line == "forceshortdnsttl":
# Override the ttl values
p_defttl = "5m"
p_refresh = "30m"
p_retry = "5m"
p_expire = "1d"
p_negttl = "5m"
break
primary_dns = "ns1." + env["PRIMARY_HOSTNAME"]
# Obtain the secondary nameserver list
additional_records = list(get_custom_dns_config(env))
secondary_ns_list = get_secondary_dns(additional_records, mode="NS")
useHiddenMaster = os.path.exists("/etc/usehiddenmasterdns") and len(secondary_ns_list) > 1
if useHiddenMaster:
primary_dns = secondary_ns_list[0]
# Using hidden master for a domain if it is configured
if os.path.exists("/etc/usehiddenmasterdns") and len(secondary_ns_list) > 1:
with open("/etc/usehiddenmasterdns") as f:
for line in f:
if line == domain or line == "usehiddenmasterdns":
primary_dns = secondary_ns_list[0]
break
# Replace replacement strings.
zone = zone.format(domain=domain, primary_dns=primary_dns, primary_domain=env["PRIMARY_HOSTNAME"], defttl=p_defttl,