external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2026-03-05 15:57:23 +01:00
Code Issues Releases Wiki Activity

run bind9 on the loopback interface for ensuring we are using a DNSSEC-aware nameserver to resolve our own DNS queries (i.e. when sending mail) since we can't trust that the network configuration provided for us gives us a DNSSEC-aware DNS server

Browse Source 
see #71
This commit is contained in:
Joshua Tauberer
2014-06-18 19:41:35 -04:00
parent 761fac729b
commit afb6c26c8b
2 changed files with 43 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
management/dns_update.py
View File

@@ -271,6 +271,7 @@ $TTL 86400 ; default time to live
########################################################################
def write_nsd_conf(zonefiles):
# Basic header.
nsdconf = """
server:
hide-version: yes
@@ -280,10 +281,19 @@ server:
# The directory for zonefile: files.
zonesdir: "/etc/nsd/zones"
# ZONES
"""
# Since we have bind9 listening on localhost for locally-generated
# DNS queries that require a recursive nameserver, we must have
# nsd listen only on public network interfaces. Those interfaces
# may have addresses different from the public IP address that the
# Internet sees this machine on. Get those interface addresses
# from `hostname -i` (which omits all localhost addresses).
for ipaddr in shell("check_output", ["/bin/hostname", "-I"]).strip().split(" "):
nsdconf += "ip-address: %s\n" % ipaddr
# Append the zones.
for domain, zonefile in sorted(zonefiles):
nsdconf += """
zone: