Created
October 5, 2023 23:02
-
-
Save cmsj/f9600d1f47d05dea8a9d059e2605f807 to your computer and use it in GitHub Desktop.
docker compose stack for octodns and bind to sync a zone from Route53 to a local Bind
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| providers: | |
| config: | |
| class: octodns.provider.yaml.YamlProvider | |
| directory: /config/ | |
| default_ttl: 3600 | |
| enforce_order: True | |
| route53: | |
| class: octodns_route53.Route53Provider | |
| access_key_id: env/AWS_ACCESS_KEY_ID | |
| secret_access_key: env/AWS_SECRET_ACCESS_KEY | |
| bind: | |
| class: octodns_bind.Rfc2136Provider | |
| host: bind | |
| port: 53 | |
| ipv6: False | |
| timeout: 15 | |
| key_name: env/AXFR_KEY_NAME | |
| key_secret: env/AXFR_KEY_SECRET | |
| key_algorithm: hmac-sha256 | |
| zones: | |
| tenshu.net.: | |
| sources: | |
| - route53 | |
| targets: | |
| - config | |
| - bind |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| networks: | |
| dns: | |
| external: false | |
| driver: bridge | |
| name: dns | |
| services: | |
| ofelia: | |
| hostname: dns-ofelia | |
| image: mcuadros/ofelia | |
| restart: unless-stopped | |
| volumes: | |
| - /var/run/docker.sock:/var/run/docker.sock | |
| command: daemon --docker | |
| labels: | |
| com.centurylinklabs.watchtower.enable: "true" | |
| ofelia.job-run.octodns.schedule: "@every 10m" | |
| ofelia.job-run.octodns.container: "dns-octodns-1" # Run octodns container every 10m so it syncs from Route53 | |
| ofelia.job-exec.bindsync.schedule: "@every 1m" | |
| ofelia.job-exec.bindsync.command: "rndc sync -clean" # Flush bind journal files to zone files every minute | |
| ofelia.job-exec.bindsync.container: "dns-bind-1" | |
| bind: | |
| hostname: bind | |
| image: ubuntu/bind9:9.18-22.04_beta # This tag needs to be manually updated | |
| restart: unless-stopped | |
| networks: | |
| - dns | |
| ports: | |
| - "10.0.88.10:53:53/udp" | |
| - "10.0.88.10:53:53/tcp" | |
| volumes: | |
| - /srv/ssdtank/docker/bind/config/named.conf:/etc/bind/named.conf | |
| - /srv/ssdtank/docker/bind/data:/var/cache/bind | |
| - /srv/ssdtank/docker/bind/records:/var/lib/bind | |
| environment: | |
| TZ: "Europe/London" | |
| labels: | |
| com.centurylinklabs.watchtower.enable: "true" | |
| octodns: | |
| hostname: octodns | |
| image: octodns/octodns:2023.10 # This tag needs to be manually updated | |
| command: octodns-sync --config-file /config/config.yaml --doit | |
| networks: | |
| - dns | |
| volumes: | |
| - /srv/ssdtank/docker/octodns/config:/config | |
| environment: | |
| AWS_ACCESS_KEY_ID: "blah" | |
| AWS_SECRET_ACCESS_KEY: "hunter2" | |
| AXFR_KEY_NAME: 'octodns.tenshu.net.' | |
| AXFR_KEY_SECRET: 'hunter3' | |
| labels: | |
| com.centurylinklabs.watchtower.enable: "true" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| key octodns.tenshu.net. { | |
| algorithm hmac-sha256; | |
| secret "hunter3"; | |
| }; | |
| options { | |
| directory "/var/cache/bind"; | |
| listen-on { any; }; | |
| allow-recursion { | |
| any; | |
| }; | |
| allow-transfer { | |
| none; | |
| }; | |
| allow-update { | |
| none; | |
| }; | |
| }; | |
| zone "tenshu.net." { | |
| type master; | |
| notify no; | |
| file "/var/lib/bind/db.tenshu.net"; | |
| allow-transfer { key octodns.tenshu.net.; }; | |
| allow-update { key octodns.tenshu.net.; }; | |
| }; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment