From dedf17723b64de557a23da361ba0e2f7d4472af9 Mon Sep 17 00:00:00 2001
From: herlesupreeth <herlesupreeth@gmail.com>
Date: Sun, 26 Jul 2020 16:19:31 +0200
Subject: [PATCH] Add Docker file to build DNS server used in IMS

---
 dns/Dockerfile  | 37 +++++++++++++++++++++++++++++++++++++
 dns/dns_init.sh | 45 +++++++++++++++++++++++++++++++++++++++++++++
 dns/epc_zone    | 13 +++++++++++++
 dns/ims_zone    | 25 +++++++++++++++++++++++++
 dns/named.conf  | 43 +++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 163 insertions(+)
 create mode 100644 dns/Dockerfile
 create mode 100755 dns/dns_init.sh
 create mode 100644 dns/epc_zone
 create mode 100644 dns/ims_zone
 create mode 100644 dns/named.conf

diff --git a/dns/Dockerfile b/dns/Dockerfile
new file mode 100644
index 0000000..df330a5
--- /dev/null
+++ b/dns/Dockerfile
@@ -0,0 +1,37 @@
+# BSD 2-Clause License
+
+# Copyright (c) 2020, Supreeth Herle
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+# 1. Redistributions of source code must retain the above copyright notice, this
+#    list of conditions and the following disclaimer.
+
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+#    this list of conditions and the following disclaimer in the documentation
+#    and/or other materials provided with the distribution.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+FROM ubuntu:bionic
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Install updates and dependencies
+RUN apt-get update && \
+	apt-get -y install tcpdump screen tmux ntp ntpdate iproute2 net-tools \
+					iputils-ping bind9
+
+CMD /mnt/dns/dns_init.sh && \
+	/usr/sbin/named -c /etc/bind/named.conf -g -u bind
diff --git a/dns/dns_init.sh b/dns/dns_init.sh
new file mode 100755
index 0000000..b82764e
--- /dev/null
+++ b/dns/dns_init.sh
@@ -0,0 +1,45 @@
+#!/bin/bash
+
+# BSD 2-Clause License
+
+# Copyright (c) 2020, Supreeth Herle
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+# 1. Redistributions of source code must retain the above copyright notice, this
+#    list of conditions and the following disclaimer.
+
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+#    this list of conditions and the following disclaimer in the documentation
+#    and/or other materials provided with the distribution.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+cp /mnt/dns/epc_zone /etc/bind
+cp /mnt/dns/ims_zone /etc/bind
+cp /mnt/dns/named.conf /etc/bind
+
+sed -i 's|EPC_DOMAIN|'$EPC_DOMAIN'|g' /etc/bind/epc_zone
+sed -i 's|DNS_IP|'$DNS_IP'|g' /etc/bind/epc_zone
+[ -z "$PCRF_PUB_IP" ] && sed -i 's|PCRF_IP|'$PCRF_IP'|g' /etc/bind/epc_zone || sed -i 's|PCRF_IP|'$PCRF_PUB_IP'|g' /etc/bind/epc_zone
+
+sed -i 's|IMS_DOMAIN|'$IMS_DOMAIN'|g' /etc/bind/ims_zone
+sed -i 's|DNS_IP|'$DNS_IP'|g' /etc/bind/ims_zone
+sed -i 's|PCSCF_IP|'$PCSCF_IP'|g' /etc/bind/ims_zone
+sed -i 's|ICSCF_IP|'$ICSCF_IP'|g' /etc/bind/ims_zone
+sed -i 's|SCSCF_IP|'$SCSCF_IP'|g' /etc/bind/ims_zone
+sed -i 's|FHOSS_IP|'$FHOSS_IP'|g' /etc/bind/ims_zone
+
+sed -i 's|EPC_DOMAIN|'$EPC_DOMAIN'|g' /etc/bind/named.conf
+sed -i 's|IMS_DOMAIN|'$IMS_DOMAIN'|g' /etc/bind/named.conf
diff --git a/dns/epc_zone b/dns/epc_zone
new file mode 100644
index 0000000..b6acfe7
--- /dev/null
+++ b/dns/epc_zone
@@ -0,0 +1,13 @@
+$ORIGIN EPC_DOMAIN.
+$TTL 1W
+@                       1D IN SOA       localhost. root.localhost. (
+                                        1		; serial
+                                        3H              ; refresh
+                                        15M             ; retry
+                                        1W              ; expiry
+                                        1D )            ; minimum
+
+                        1D IN NS        epcns
+epcns                   1D IN A         DNS_IP
+
+pcrf                    1D IN A         PCRF_IP
diff --git a/dns/ims_zone b/dns/ims_zone
new file mode 100644
index 0000000..a7426b2
--- /dev/null
+++ b/dns/ims_zone
@@ -0,0 +1,25 @@
+$ORIGIN IMS_DOMAIN.
+$TTL 1W
+@                       1D IN SOA       localhost. root.localhost. (
+                                        1		; serial
+                                        3H              ; refresh
+                                        15M             ; retry
+                                        1W              ; expiry
+                                        1D )            ; minimum
+
+                        1D IN NS        ns
+ns                      1D IN A         DNS_IP
+
+pcscf                   1D IN A         PCSCF_IP
+_sip._udp.pcscf         1D SRV 0 0 5060 pcscf
+_sip._tcp.pcscf         1D SRV 0 0 5060 pcscf
+
+icscf                   1D IN A         ICSCF_IP
+_sip._udp               1D SRV 0 0 4060 icscf
+_sip._tcp               1D SRV 0 0 4060 icscf
+
+scscf                   1D IN A         SCSCF_IP
+_sip._udp.scscf         1D SRV 0 0 6060 scscf
+_sip._tcp.scscf         1D SRV 0 0 6060 scscf
+
+hss                     1D IN A         FHOSS_IP
diff --git a/dns/named.conf b/dns/named.conf
new file mode 100644
index 0000000..84e016c
--- /dev/null
+++ b/dns/named.conf
@@ -0,0 +1,43 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	forwarders {
+		8.8.8.8;
+	};
+
+	//========================================================================
+	// If BIND logs error messages about the root key being expired,
+	// you will need to update your keys.  See https://www.isc.org/bind-keys
+	//========================================================================
+	dnssec-validation no;
+	allow-query { any; };
+
+	auth-nxdomain no;    # conform to RFC1035
+	listen-on-v6 { any; };
+};
+
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+zone "IMS_DOMAIN" {
+        type master;
+        file "/etc/bind/ims_zone";
+};
+
+zone "EPC_DOMAIN" {
+        type master;
+        file "/etc/bind/epc_zone";
+};