first commit

dns/Dockerfile

@@ -0,0 +1,37 @@
+# BSD 2-Clause License
+
+# Copyright (c) 2020, Supreeth Herle
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+# 1. Redistributions of source code must retain the above copyright notice, this
+#    list of conditions and the following disclaimer.
+
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+#    this list of conditions and the following disclaimer in the documentation
+#    and/or other materials provided with the distribution.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+FROM ubuntu:focal
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Install updates and dependencies
+RUN apt-get update && \
+	apt-get -y install tcpdump screen tmux ntp ntpdate iproute2 net-tools \
+					iputils-ping bind9
+
+CMD /mnt/dns/dns_init.sh && \
+	/usr/sbin/named -c /etc/bind/named.conf -g -u bind

dns/dns_init.sh

@@ -0,0 +1,64 @@
+#!/bin/bash
+
+# BSD 2-Clause License
+
+# Copyright (c) 2020, Supreeth Herle
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+# 1. Redistributions of source code must retain the above copyright notice, this
+#    list of conditions and the following disclaimer.
+
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+#    this list of conditions and the following disclaimer in the documentation
+#    and/or other materials provided with the distribution.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+cp /mnt/dns/epc_zone /etc/bind
+cp /mnt/dns/ims_zone /etc/bind
+cp /mnt/dns/pub_3gpp_zone /etc/bind
+cp /mnt/dns/e164.arpa /etc/bind
+cp /mnt/dns/named.conf /etc/bind
+
+[ ${#MNC} == 3 ] && EPC_DOMAIN="epc.mnc${MNC}.mcc${MCC}.3gppnetwork.org" || EPC_DOMAIN="epc.mnc0${MNC}.mcc${MCC}.3gppnetwork.org"
+[ ${#MNC} == 3 ] && IMS_DOMAIN="ims.mnc${MNC}.mcc${MCC}.3gppnetwork.org" || IMS_DOMAIN="ims.mnc0${MNC}.mcc${MCC}.3gppnetwork.org"
+[ ${#MNC} == 3 ] && PUB_3GPP_DOMAIN="mnc${MNC}.mcc${MCC}.pub.3gppnetwork.org" || PUB_3GPP_DOMAIN="mnc0${MNC}.mcc${MCC}.pub.3gppnetwork.org"
+
+sed -i 's|EPC_DOMAIN|'$EPC_DOMAIN'|g' /etc/bind/epc_zone
+sed -i 's|DNS_IP|'$DNS_IP'|g' /etc/bind/epc_zone
+[ -z "$PCRF_PUB_IP" ] && sed -i 's|PCRF_IP|'$PCRF_IP'|g' /etc/bind/epc_zone || sed -i 's|PCRF_IP|'$PCRF_PUB_IP'|g' /etc/bind/epc_zone
+
+sed -i 's|IMS_DOMAIN|'$IMS_DOMAIN'|g' /etc/bind/ims_zone
+sed -i 's|DNS_IP|'$DNS_IP'|g' /etc/bind/ims_zone
+sed -i 's|PCSCF_IP|'$PCSCF_IP'|g' /etc/bind/ims_zone
+sed -i 's|ICSCF_IP|'$ICSCF_IP'|g' /etc/bind/ims_zone
+sed -i 's|SCSCF_IP|'$SCSCF_IP'|g' /etc/bind/ims_zone
+sed -i 's|PYHSS_IP|'$PYHSS_IP'|g' /etc/bind/ims_zone
+sed -i 's|SMSC_IP|'$SMSC_IP'|g' /etc/bind/ims_zone
+sed -i 's|IBCF_IP|'$IBCF_IP'|g' /etc/bind/ims_zone
+
+sed -i 's|PUB_3GPP_DOMAIN|'$PUB_3GPP_DOMAIN'|g' /etc/bind/pub_3gpp_zone
+sed -i 's|DNS_IP|'$DNS_IP'|g' /etc/bind/pub_3gpp_zone
+sed -i 's|ENTITLEMENT_SERVER_IP|'$ENTITLEMENT_SERVER_IP'|g' /etc/bind/pub_3gpp_zone
+
+sed -i 's|IMS_DOMAIN|'$IMS_DOMAIN'|g' /etc/bind/e164.arpa
+sed -i 's|DNS_IP|'$DNS_IP'|g' /etc/bind/e164.arpa
+
+sed -i 's|EPC_DOMAIN|'$EPC_DOMAIN'|g' /etc/bind/named.conf
+sed -i 's|IMS_DOMAIN|'$IMS_DOMAIN'|g' /etc/bind/named.conf
+sed -i 's|PUB_3GPP_DOMAIN|'$PUB_3GPP_DOMAIN'|g' /etc/bind/named.conf
+
+# Sync docker time
+#ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone

dns/e164.arpa

@@ -0,0 +1,17 @@
+$TTL 1h
+@ IN SOA ns.e164.arpa. root.e164.arpa. (
+                                                        2009010918 ;serial
+                                                        3600 ;refresh
+                                                        3600 ;retry
+                                                        3600 ;expire
+                                                        3600 ;minimum TTL
+)
+@ IN NS e164.arpa.
+@ IN A DNS_IP
+
+; Wildcard to match any tel:+xxxx and change to sip:xxxx@IMS_DOMAIN
+* IN NAPTR 10 100 "u" "E2U+sip" "!(^.*$)!sip:\\1@IMS_DOMAIN!" .
+; Record to route calls starting with DE +49 to IBCF :
+*.9.4 IN NAPTR 20 100 "u" "E2U+sip" "!(^.*$)!sip:\\1@ibcf.IMS_DOMAIN!" .
+; Add more country codes to route over IBCF using the same format as below. You may need also to adjust the dialplan in Asterisk, e.g. for UK +44:
+; *.4.4 IN NAPTR 20 100 "u" "E2U+sip" "!(^.*$)!sip:\\1@ibcf.IMS_DOMAIN!" .

dns/epc_zone

@@ -0,0 +1,13 @@
+$ORIGIN EPC_DOMAIN.
+$TTL 1W
+@                       1D IN SOA       localhost. root.localhost. (
+                                        1		; serial
+                                        3H              ; refresh
+                                        15M             ; retry
+                                        1W              ; expiry
+                                        1D )            ; minimum
+
+                        1D IN NS        epcns
+epcns                   1D IN A         DNS_IP
+
+pcrf                    1D IN A         PCRF_IP

dns/ims_zone

@@ -0,0 +1,37 @@
+$ORIGIN IMS_DOMAIN.
+$TTL 1W
+@                       1D IN SOA       localhost. root.localhost. (
+                                        1		; serial
+                                        3H              ; refresh
+                                        15M             ; retry
+                                        1W              ; expiry
+                                        1D )            ; minimum
+
+                        1D IN NS        ns
+ns                      1D IN A         DNS_IP
+
+pcscf                   1D IN A         PCSCF_IP
+_sip._udp.pcscf         1D SRV 0 0 5060 pcscf
+_sip._tcp.pcscf         1D SRV 0 0 5060 pcscf
+
+icscf                   1D IN A         ICSCF_IP
+_sip._udp               1D SRV 0 0 4060 icscf
+_sip._tcp               1D SRV 0 0 4060 icscf
+
+scscf                   1D IN A         SCSCF_IP
+_sip._udp.scscf         1D SRV 0 0 6060 scscf
+_sip._tcp.scscf         1D SRV 0 0 6060 scscf
+
+hss                     1D IN A         PYHSS_IP
+
+smsc                    1D IN A         SMSC_IP
+_sip._udp.smsc          1D SRV 0 0 7090 smsc
+_sip._tcp.smsc          1D SRV 0 0 7090 smsc
+
+ibcf                    1D IN A         IBCF_IP
+_sip._udp.ibcf          1D SRV 0 0 5090 ibcf
+_sip._tcp.ibcf          1D SRV 0 0 5090 ibcf
+
+voicemail               1D IN A         IBCF_IP
+_sip._udp.voicemail     1D SRV 0 0 5090 voicemail
+_sip._tcp.voicemail     1D SRV 0 0 5090 voicemail

dns/named.conf

@@ -0,0 +1,53 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	forwarders {
+		8.8.8.8;
+	};
+
+	//========================================================================
+	// If BIND logs error messages about the root key being expired,
+	// you will need to update your keys.  See https://www.isc.org/bind-keys
+	//========================================================================
+	dnssec-validation no;
+	allow-query { any; };
+
+	auth-nxdomain no;    # conform to RFC1035
+	listen-on-v6 { any; };
+};
+
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+zone "IMS_DOMAIN" {
+        type master;
+        file "/etc/bind/ims_zone";
+};
+
+zone "EPC_DOMAIN" {
+        type master;
+        file "/etc/bind/epc_zone";
+};
+
+zone "PUB_3GPP_DOMAIN" {
+        type master;
+        file "/etc/bind/pub_3gpp_zone";
+};
+
+zone "e164.arpa" {
+        type master;
+        file "/etc/bind/e164.arpa";
+};

dns/pub_3gpp_zone

@@ -0,0 +1,13 @@
+$ORIGIN PUB_3GPP_DOMAIN.
+$TTL 1W
+@                       1D IN SOA       localhost. root.localhost. (
+                                        1		; serial
+                                        3H              ; refresh
+                                        15M             ; retry
+                                        1W              ; expiry
+                                        1D )            ; minimum
+
+                        1D IN NS        pubns
+pubns                   1D IN A         DNS_IP
+
+aes                     1D IN A         ENTITLEMENT_SERVER_IP