mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2024-12-25 07:47:05 +00:00
document DNS mods and make DNS options configurable per domain
This commit is contained in:
parent
14394ef05b
commit
544f06b100
@ -16,10 +16,14 @@ Functionality changes and additions
|
|||||||
* Add fail2ban filters for web scanners and badbots
|
* Add fail2ban filters for web scanners and badbots
|
||||||
* Add xapian full text searching to dovecot (from https://github.com/grosjo/fts-xapian)
|
* Add xapian full text searching to dovecot (from https://github.com/grosjo/fts-xapian)
|
||||||
* Add rkhunter and chkrootkit
|
* Add rkhunter and chkrootkit
|
||||||
* Configure domain names for which only www will be hosted. Edit /etc/miabwwwdomains.conf to configure.
|
* Configure domain names for which only www will be hosted. Edit /etc/miabwwwdomains.conf to configure. DNS entries are not handled by this box!
|
||||||
* Add some munin plugins
|
* Add some munin plugins
|
||||||
* Update nextcloud to 20.0.8
|
* Update nextcloud to 20.0.8
|
||||||
* Update roundcube carddav plugin to 4.1.1
|
* Update roundcube carddav plugin to 4.1.1
|
||||||
|
* Use shorter TTL values in the DNS server.
|
||||||
|
To be used before moving e.g. DNS provider. Shortening TTL values will propagate changes faster. For reference, default TTL is 1 day, short TTL is 5 minutes. To use, edit file /etc/forceshortdnsttl and add a line for each domain for which shorter TTLs should be used. To use short TTLs for all known domains, add "forceshortdnsttl"
|
||||||
|
* Use the box as a Hidden Master in the DNS system
|
||||||
|
Thus only the secondary DNS servers are used as public DNS servers. To use, edit file /etc/usehiddenmasterdns and add a line for each domain for which Hidden Master should be used. To use Hidden Master for all known domains, add "usehiddenmasterdns". At least two secondary servers should be set in the Custom DNS administration page.
|
||||||
|
|
||||||
Bug fixes
|
Bug fixes
|
||||||
* Munin routes are ignored for Multi Factor Authentication [see github issue](https://github.com/mail-in-a-box/mailinabox/issues/1865)
|
* Munin routes are ignored for Multi Factor Authentication [see github issue](https://github.com/mail-in-a-box/mailinabox/issues/1865)
|
||||||
|
@ -150,7 +150,13 @@ def build_zone(domain, all_domains, additional_records, www_redirect_domains, en
|
|||||||
secondary_ns_list = get_secondary_dns(additional_records, mode="NS")
|
secondary_ns_list = get_secondary_dns(additional_records, mode="NS")
|
||||||
|
|
||||||
# Need at least two nameservers in the secondary dns list
|
# Need at least two nameservers in the secondary dns list
|
||||||
useHiddenMaster = os.path.exists("/etc/usehiddenmasterdns") and len(secondary_ns_list) > 1
|
useHiddenMaster = false
|
||||||
|
if os.path.exists("/etc/usehiddenmasterdns") and len(secondary_ns_list) > 1:
|
||||||
|
with open("/etc/usehiddenmasterdns") as f:
|
||||||
|
for line in f:
|
||||||
|
if line == domain or line == "usehiddenmasterdns":
|
||||||
|
useHiddenMaster = true
|
||||||
|
break
|
||||||
|
|
||||||
if not useHiddenMaster:
|
if not useHiddenMaster:
|
||||||
# Obligatory definition of ns1.PRIMARY_HOSTNAME.
|
# Obligatory definition of ns1.PRIMARY_HOSTNAME.
|
||||||
@ -162,7 +168,6 @@ def build_zone(domain, all_domains, additional_records, www_redirect_domains, en
|
|||||||
for secondary_ns in secondary_ns_list:
|
for secondary_ns in secondary_ns_list:
|
||||||
records.append((None, "NS", secondary_ns+'.', False))
|
records.append((None, "NS", secondary_ns+'.', False))
|
||||||
|
|
||||||
|
|
||||||
# In PRIMARY_HOSTNAME...
|
# In PRIMARY_HOSTNAME...
|
||||||
if domain == env["PRIMARY_HOSTNAME"]:
|
if domain == env["PRIMARY_HOSTNAME"]:
|
||||||
# Define ns1 and ns2.
|
# Define ns1 and ns2.
|
||||||
@ -509,22 +514,32 @@ $TTL {defttl} ; default time to live
|
|||||||
p_expire = "14d"
|
p_expire = "14d"
|
||||||
p_negttl = "12h"
|
p_negttl = "12h"
|
||||||
|
|
||||||
primary_dns = "ns1." + env["PRIMARY_HOSTNAME"]
|
|
||||||
|
|
||||||
# Shorten dns ttl if file exists. Use before moving domains, changing secondary dns servers etc
|
# Shorten dns ttl if file exists. Use before moving domains, changing secondary dns servers etc
|
||||||
if os.path.exists("/etc/forceshortdnsttl"):
|
if os.path.exists("/etc/forceshortdnsttl"):
|
||||||
p_defttl = "5m"
|
with open("/etc/forceshortdnsttl") as f:
|
||||||
p_refresh = "30m"
|
for line in f:
|
||||||
p_retry = "5m"
|
if line == domain or line == "forceshortdnsttl":
|
||||||
p_expire = "1d"
|
# Override the ttl values
|
||||||
p_negttl = "5m"
|
p_defttl = "5m"
|
||||||
|
p_refresh = "30m"
|
||||||
|
p_retry = "5m"
|
||||||
|
p_expire = "1d"
|
||||||
|
p_negttl = "5m"
|
||||||
|
break
|
||||||
|
|
||||||
|
primary_dns = "ns1." + env["PRIMARY_HOSTNAME"]
|
||||||
|
|
||||||
|
# Obtain the secondary nameserver list
|
||||||
additional_records = list(get_custom_dns_config(env))
|
additional_records = list(get_custom_dns_config(env))
|
||||||
secondary_ns_list = get_secondary_dns(additional_records, mode="NS")
|
secondary_ns_list = get_secondary_dns(additional_records, mode="NS")
|
||||||
useHiddenMaster = os.path.exists("/etc/usehiddenmasterdns") and len(secondary_ns_list) > 1
|
|
||||||
|
|
||||||
if useHiddenMaster:
|
# Using hidden master for a domain if it is configured
|
||||||
primary_dns = secondary_ns_list[0]
|
if os.path.exists("/etc/usehiddenmasterdns") and len(secondary_ns_list) > 1:
|
||||||
|
with open("/etc/usehiddenmasterdns") as f:
|
||||||
|
for line in f:
|
||||||
|
if line == domain or line == "usehiddenmasterdns":
|
||||||
|
primary_dns = secondary_ns_list[0]
|
||||||
|
break
|
||||||
|
|
||||||
# Replace replacement strings.
|
# Replace replacement strings.
|
||||||
zone = zone.format(domain=domain, primary_dns=primary_dns, primary_domain=env["PRIMARY_HOSTNAME"], defttl=p_defttl,
|
zone = zone.format(domain=domain, primary_dns=primary_dns, primary_domain=env["PRIMARY_HOSTNAME"], defttl=p_defttl,
|
||||||
|
Loading…
Reference in New Issue
Block a user