Skip to content

refactor: DNS backend #876

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
iyashnov wants to merge 54 commits into
base: dev
Choose a base branch
from
Open

refactor: DNS backend #876

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
54 commits
Select commit Hold shift + click to select a range
c256de6
add: add PowerDNS authoritative and recursor services with Docker sup…
iyashnov Dec 24, 2025
a68dd79
refactor: update DNS service adapter and router for improved zone man…
iyashnov Dec 24, 2025
2b1ea2f
refactor: add PDNS_API_KEY to local environment configuration
iyashnov Dec 24, 2025
628b37f
refactor: restructure DNS module with PowerDNS integration and enhanc…
iyashnov Dec 24, 2025
4fb4e45
refactor: update DNS settings and add PowerDNS client support
iyashnov Dec 24, 2025
f06bc91
refactor: enhance DNS management with PowerDNS integration and DTO up…
iyashnov Dec 24, 2025
8d02f8c
refactor: remove SelfHostedDNSManager class and associated methods
iyashnov Dec 24, 2025
616ebb7
refactor: remove unused DNS entrypoint script and zone templates
iyashnov Dec 24, 2025
cfb2d31
refactor: remove obsolete bind9 Dockerfile
iyashnov Dec 24, 2025
0a10df5
refactor: remove SelfHostedDNSManager import and clean up exception h…
iyashnov Dec 24, 2025
29a44c8
refactor: update DNS adapter and use cases for improved zone manageme…
iyashnov Dec 24, 2025
abe8881
test: update DNS DTOs and improve test cases for DNS record and zone …
iyashnov Dec 24, 2025
89ff34d
refactor: implement get_zones method in StubDNSManager to return an e…
iyashnov Dec 24, 2025
7055719
refactor: add DEFAULT_NAMESERVER and PDNS_API_KEY to md-test service …
iyashnov Dec 24, 2025
81ea9b5
refactor: remove SelfHostedDNSManager from exports in DNS module
iyashnov Dec 24, 2025
cc18b0a
refactor: update DNS error handling to use DNSError for consistency
iyashnov Dec 24, 2025
96e24ef
refactor: fix codestyle and naming
iyashnov Dec 24, 2025
cc0a1fc
refactor: simplify client selection logic by introducing _get_client_…
iyashnov Dec 24, 2025
64042b3
refactor: simplify client selection logic in _get_client_by_zone_kind…
iyashnov Dec 24, 2025
1b86e67
refactor: improve code readability by simplifying select statement an…
iyashnov Dec 24, 2025
d41f35c
refactor: enhance DNS error handling by adding DNSRecordGetError and …
iyashnov Dec 24, 2025
f3b50cb
refactor: add missing line breaks for improved readability in DNS exc…
iyashnov Dec 24, 2025
3af34a1
refactor: rename bind9 to pdns_auth and update related configurations…
iyashnov Dec 24, 2025
66744f1
fix: codestyle
iyashnov Dec 24, 2025
1ab6dde
add: added docker network to set static IP on DNS containers
iyashnov Jan 16, 2026
302a639
add: added dnsdist-console lib
iyashnov Jan 16, 2026
0fce07e
add: added libsodium-dev package to multidirectory docker image
iyashnov Jan 16, 2026
f7c6d78
add: added pdnsdist config
iyashnov Jan 16, 2026
b45b491
add: added envs for pdnsdist
iyashnov Jan 16, 2026
557fea9
add: added unconditional forward DNS to recursor config
iyashnov Jan 16, 2026
0744b24
refactor: removed PDNS recursor from traefik
iyashnov Jan 16, 2026
fe23997
add: added dnsdist client to manage dnsdist
iyashnov Jan 16, 2026
a31402b
add: added dnsdist to prod docker-compose.yml
iyashnov Jan 16, 2026
2f1b6d6
refactor: added api key generation for PDNS
iyashnov Jan 16, 2026
869f13e
add: added windows script to generate DNS API keys
iyashnov Jan 19, 2026
516238d
fix: codestyle
iyashnov Jan 20, 2026
cd2494f
add: added libsodium package to test image
iyashnov Jan 20, 2026
134c1c6
fix: changed workflow to build pdns auth image instead of bind for dev
iyashnov Jan 20, 2026
cd6e81c
fix: fixed tests
iyashnov Jan 20, 2026
066e6f3
add: added env to remote docker-compose for tests
iyashnov Jan 20, 2026
32aa746
refactor: changed API key value to template value in config for prod
iyashnov Jan 23, 2026
ac2bb31
refactor: clarified variables
iyashnov Jan 23, 2026
213fe76
refactor: separated managers from clients and moved to individual pa…
iyashnov Feb 3, 2026
73fdc22
test: fixed tests
iyashnov Feb 3, 2026
a017638
refactor: changed method naming for consistency
iyashnov Feb 3, 2026
14e2fa6
refactor: changed module name for clarity
iyashnov Feb 3, 2026
d138c25
refactor: added individual methods for every action in HTTP clients f…
iyashnov Feb 3, 2026
ba7c920
refactor: unite all DNS record actions in one method
iyashnov Feb 3, 2026
b3e5600
refactor: added logging
iyashnov Feb 3, 2026
019d502
refactor: enhance dnsdist client with type hints and structured respo…
iyashnov Feb 4, 2026
58a79fe
refactor: separate DNS service with dedicated router and adapter
iyashnov Feb 4, 2026
f96ba64
refactor: update .gitignore to include resolve.conf and remove obsole…
iyashnov Feb 4, 2026
2c2afb5
refactor: improve error handling in zone deletion methods
iyashnov Feb 4, 2026
1f90a93
fix: update import paths for DNS adapter and abstract client
iyashnov Feb 4, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1,395 changes: 0 additions & 1,395 deletions .dns/dns_api.py
View file
Open in desktop

This file was deleted.

19 changes: 0 additions & 19 deletions .dns/entrypoint.sh
View file
Open in desktop

This file was deleted.

11 changes: 0 additions & 11 deletions .dns/templates/zone.template
View file
Open in desktop

This file was deleted.

10 changes: 0 additions & 10 deletions .dns/templates/zone_options.template
View file
Open in desktop

This file was deleted.

2 changes: 1 addition & 1 deletion .docker/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ ENV VIRTUAL_ENV=/venvs/.venv \
VERSION=${VERSION:-beta}


RUN set -eux; apk add --no-cache krb5-libs curl openssl netcat-openbsd
RUN set -eux; apk add --no-cache krb5-libs curl openssl netcat-openbsd libsodium-dev
COPY app /app
COPY pyproject.toml /

Expand Down
45 changes: 0 additions & 45 deletions .docker/bind9.Dockerfile
View file
Open in desktop

This file was deleted.

2 changes: 1 addition & 1 deletion .docker/dev.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ ENV VIRTUAL_ENV=/venvs/.venv \
PATH="/venvs/.venv/bin:$PATH" \
VERSION=${VERSION:-beta}

RUN set -eux; apk add --no-cache krb5-libs curl openssl netcat-openbsd
RUN set -eux; apk add --no-cache krb5-libs curl openssl netcat-openbsd libsodium-dev

COPY app /app
COPY pyproject.toml /
Expand Down
66 changes: 66 additions & 0 deletions .docker/pdns_auth.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
FROM alpine:3.20 AS builder

RUN apk add --no-cache --virtual .build-deps \
build-base \
lmdb-dev \
openssl-dev \
boost-dev \
autoconf automake libtool \
git ragel bison flex \
lua5.4-dev \
curl-dev

RUN apk add --no-cache \
lua \
lua-dev \
lmdb \
boost-libs \
openssl-libs-static \
curl \
libstdc++

RUN git clone https://github.com/PowerDNS/pdns.git /pdns
WORKDIR /pdns

RUN git submodule init &&\
git submodule update &&\
git checkout auth-5.0.1

RUN autoreconf -vi

RUN mkdir /build && \
./configure \
--sysconfdir=/etc/powerdns \
--enable-option-checking=fatal \
--with-dynmodules='lmdb' \
--with-modules='' \
--with-unixodbc-lib=/usr/lib/$(dpkg-architecture -q DEB_BUILD_GNU_TYPE) && \
make clean && \
make $MAKEFLAGS -C ext &&\
make $MAKEFLAGS -C modules &&\
make $MAKEFLAGS -C pdns && \
make -C pdns install DESTDIR=/build &&\
make -C modules install DESTDIR=/build &&\
Comment on lines +37 to +43
Copy link

Copilot AI Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The build stage uses $(dpkg-architecture -q DEB_BUILD_GNU_TYPE) inside an Alpine image; dpkg-architecture is not available on Alpine by default, so this Dockerfile will fail to build. Also, the lines &&\ (backslash followed by a space) will break shell line-continuation and can cause a syntax error. Remove the dpkg-architecture usage (or install the needed tool) and fix the trailing whitespace after \ in the RUN command.

Suggested change
--with-unixodbc-lib=/usr/lib/$(dpkg-architecture -q DEB_BUILD_GNU_TYPE) && \
make clean && \
make $MAKEFLAGS -C ext &&\
make $MAKEFLAGS -C modules &&\
make $MAKEFLAGS -C pdns && \
make -C pdns install DESTDIR=/build &&\
make -C modules install DESTDIR=/build &&\
--with-unixodbc-lib=/usr/lib && \
make clean && \
make $MAKEFLAGS -C ext &&\
make $MAKEFLAGS -C modules &&\
make $MAKEFLAGS -C pdns && \
make -C pdns install DESTDIR=/build &&\
make -C modules install DESTDIR=/build &&\

Copilot uses AI. Check for mistakes.
make clean && \
strip /build/usr/local/bin/* /build/usr/local/sbin/* /build/usr/local/lib/pdns/*.so

FROM alpine:3.20 AS runtime

COPY --from=builder /build /

RUN apk add --no-cache \
lua \
lua-dev \
lmdb \
boost-libs \
openssl-libs-static \
curl \
libstdc++

RUN mkdir -p /etc/powerdns/pdns.d /var/run/pdns /var/lib/powerdns /etc/powerdns/templates.d /var/lib/pdns-lmdb

COPY ./.package/pdns.conf /etc/powerdns/pdns.conf

EXPOSE 8082/tcp

CMD ["/usr/local/sbin/pdns_server"]
2 changes: 1 addition & 1 deletion .docker/test.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ RUN --mount=type=cache,target=/root/.cache/uv \
FROM python:3.13.7-alpine3.21 AS runtime

WORKDIR /app
RUN set -eux; apk add --no-cache openldap-clients openssl curl krb5-libs
RUN set -eux; apk add --no-cache openldap-clients openssl curl krb5-libs libsodium-dev

ENV VIRTUAL_ENV=/venvs/.venv \
PATH="/venvs/.venv/bin:$PATH" \
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/build-beta.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,7 @@ jobs:
--build-arg BUILDKIT_INLINE_CACHE=1 \
--build-arg VERSION=beta

build-bind9:
build-pdns_auth:
runs-on: ubuntu-latest
needs: [build-tests, run-ssh-test, run-tests]
steps:
Expand All @@ -173,14 +173,14 @@ jobs:

- name: Build docker image
env:
TAG: ghcr.io/${{ env.REPO }}_bind9:beta
TAG: ghcr.io/${{ env.REPO }}_pdns_auth:beta
DOCKER_BUILDKIT: '1'
run: |
echo $TAG
docker build \
--push \
--target=runtime \
-f .docker/bind9.Dockerfile . \
-f .docker/pdns_auth.Dockerfile . \
-t $TAG \
--cache-to type=gha,mode=max \
--cache-from $TAG \
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/build-dev.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -155,7 +155,7 @@ jobs:
--build-arg BUILDKIT_INLINE_CACHE=1 \
--build-arg VERSION=dev

build-bind9:
build-pdns_auth:
runs-on: ubuntu-latest
needs: [build-tests, run-ssh-test, run-tests]
steps:
Expand All @@ -172,14 +172,14 @@ jobs:

- name: Build docker image
env:
TAG: ghcr.io/${{ env.REPO }}_bind9:dev
TAG: ghcr.io/${{ env.REPO }}_pdns_auth:dev
DOCKER_BUILDKIT: '1'
run: |
echo $TAG
docker build \
--push \
--target=runtime \
-f .docker/bind9.Dockerfile . \
-f .docker/pdns_auth.Dockerfile . \
-t $TAG \
--cache-to type=gha,mode=max \
--cache-from $TAG \
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/build-docker-image.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -176,7 +176,7 @@ jobs:
--build-arg BUILDKIT_INLINE_CACHE=1 \
--build-arg VERSION=latest

build-bind9:
build-pdns_auth:
runs-on: ubuntu-latest
needs: [build-tests, run-ssh-test, run-tests]
steps:
Expand All @@ -193,14 +193,14 @@ jobs:

- name: Build docker image
env:
TAG: ghcr.io/${{ env.REPO }}_bind9:latest
TAG: ghcr.io/${{ env.REPO }}_pdns_auth:latest
DOCKER_BUILDKIT: '1'
run: |
echo $TAG
docker build \
--push \
--target=runtime \
-f .docker/bind9.Dockerfile . \
-f .docker/pdns_auth.Dockerfile . \
-t $TAG \
--cache-to type=gha,mode=max \
--cache-from $TAG \
Expand Down
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ share/python-wheels/
.installed.cfg
*.egg
MANIFEST
resolve.conf
Copy link
Collaborator

@milov-dmitriy milov-dmitriy Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

это нужно?


# PyInstaller
# Usually these files are written by a python script from a template
Expand Down
6 changes: 6 additions & 0 deletions .package/dnsdist.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
setLocal('0.0.0.0:53')
controlSocket('0.0.0.0:8084')
setKey('supersecretapikey')
addConsoleACL('172.20.0.0/24')
includeDirectory('/etc/dnsdist/conf.d/')
setACL('0.0.0.0/0')
77 changes: 57 additions & 20 deletions .package/docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -347,27 +347,52 @@ services:
- traefik.tcp.routers.kpasswd.service=kpasswd
- traefik.tcp.services.kpasswd.loadbalancer.server.port=464

bind_dns:
image: ghcr.io/multidirectorylab/multidirectory_bind9:${VERSION:-latest}
container_name: bind9
hostname: bind9
restart: unless-stopped
pdns_auth:
image: ghcr.io/multidirectorylab/multidirectory_pdns_auth:${VERSION:-latest}
container_name: pdns_auth
networks:
default:
dns_net:
ipv4_address: 172.20.0.4
expose:
- 8082
- 53/udp
- 53/tcp
volumes:
- dns_server_file:/opt/
- dns_server_config:/etc/bind/
tty: true
env_file:
- .env
environment:
- USE_CONFIG_FILE_LOGGING=true
depends_on:
ldap_server:
condition: service_healthy
restart: true
labels:
- traefik.enable=true
- traefik.udp.routers.bind_dns_udp.entrypoints=bind_dns_udp
- traefik.udp.services.bind_dns_udp.loadbalancer.server.port=53
- dns_lmdb:/var/lib/pdns-lmdb
- dns_config:/etc/powerdns


pdns_recursor:
image: powerdns/pdns-recursor-51:5.1.7
container_name: pdns_recursor
networks:
default:
dns_net:
ipv4_address: 172.20.0.2
expose:
- 8083
- 53/udp
- 53/tcp
volumes:
- ./recursor.conf:/etc/powerdns/recursor.conf
- forward_zones:/etc/powerdns/recursor.d/

pdnsdist:
Copy link
Collaborator

@milov-dmitriy milov-dmitriy Jan 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pdns_dist ? стоит в едином стиле делать?

Copy link
Collaborator

@milov-dmitriy milov-dmitriy Jan 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

или так принято

Copy link
Collaborator Author

@iyashnov iyashnov Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Официально оно просто dnsdist называется

image: powerdns/dnsdist-19:1.9.11
container_name: pdnsdist
networks:
default:
dns_net:
ipv4_address: 172.20.0.3
expose:
- 8084
ports:
- "53:53/tcp"
- "53:53/udp"
volumes:
- ./dnsdist.conf:/etc/dnsdist/dnsdist.conf
- dnsdist_confd:/etc/dnsdist/conf.d

kea_dhcp4:
image: ghcr.io/multidirectorylab/multidirectory_dhcp4:${VERSION:-latest}
Expand Down Expand Up @@ -467,6 +492,14 @@ services:
environment:
HANDLER_NAME: event_sender-1

networks:
dns_net:
driver: bridge
ipam:
config:
- subnet: 172.20.0.0/24
gateway: 172.20.0.1

volumes:
postgres:
kdc:
Expand All @@ -478,3 +511,7 @@ volumes:
leases:
sockets:
dhcp:
dns_lmdb:
dns_config:
forward_zones:
dnsdist_confd:
11 changes: 11 additions & 0 deletions .package/pdns.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
launch=lmdb
lmdb-filename=/var/lib/pdns-lmdb/pdns.lmdb
daemon=no
local-address=0.0.0.0
local-port=53
api=yes
api-key=supersecretapikey
webserver-allow-from=0.0.0.0/0
Copy link

Copilot AI Dec 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The webserver is configured to allow connections from any IP address (0.0.0.0/0). This is a security risk in production environments. Consider restricting access to specific IP ranges or implementing additional authentication mechanisms.

Suggested change
webserver-allow-from=0.0.0.0/0
webserver-allow-from=127.0.0.1,::1

Copilot uses AI. Check for mistakes.
Copy link
Collaborator Author

@iyashnov iyashnov Dec 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Здесь то же самое

webserver=yes
webserver-address=0.0.0.0
webserver-port=8082
10 changes: 10 additions & 0 deletions .package/recursor.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
local-address=0.0.0.0
webserver-allow-from=0.0.0.0/0
Copy link

Copilot AI Dec 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The webserver is configured to allow connections from any IP address (0.0.0.0/0). This is a security risk in production environments. Consider restricting access to specific IP ranges or implementing additional authentication mechanisms.

Suggested change
webserver-allow-from=0.0.0.0/0
webserver-allow-from=127.0.0.1/32

Copilot uses AI. Check for mistakes.
Copy link
Collaborator Author

@iyashnov iyashnov Dec 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Пока сделано так, в дальнейшем, при добавлении PowerDNS DNSdist будет переделано.

forward-zones-recurse=.=1.1.1.1;8.8.8.8
forward-zones=
api-config-dir=/etc/powerdns/recursor.d/
include-dir=/etc/powerdns/recursor.d/
webserver=yes
webserver-address=0.0.0.0
webserver-port=8083
api-key=supersecretapikey
Loading
Loading