Corefile-Notizen

Container/Gitea/Dockerfile

@@ -0,0 +1,80 @@
+#FROM golang:1.17-alpine3.15 AS build-env
+#
+#ARG GOPROXY
+#ENV GOPROXY ${GOPROXY:-direct}
+#
+#ARG GITEA_VERSION
+#ARG TAGS="sqlite sqlite_unlock_notify"
+#ENV TAGS "bindata timetzdata $TAGS"
+#ARG CGO_EXTRA_CFLAGS
+#
+##Build deps
+#RUN apk --no-cache add build-base git nodejs npm
+#
+##Setup repo
+#COPY . ${GOPATH}/src/code.gitea.io/gitea
+#WORKDIR ${GOPATH}/src/code.gitea.io/gitea
+#
+##Checkout version if set
+#RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
+#  && make clean-all build
+#
+## Begin env-to-ini build
+#RUN go build contrib/environment-to-ini/environment-to-ini.go
+#
+#FROM alpine:3.15
+#LABEL maintainer="maintainers@gitea.io"
+#
+#EXPOSE 2222 3000
+#
+#RUN apk --no-cache add \
+#  bash \
+#  ca-certificates \
+#  gettext \
+#  git \
+#  curl \
+#  gnupg
+#
+#RUN addgroup \
+#  -S -g 1000 \
+#  git && \
+#  adduser \
+#  -S -H -D \
+#  -h /var/lib/gitea/git \
+#  -s /bin/bash \
+#  -u 1000 \
+#  -G git \
+#  git
+#
+#RUN mkdir -p /var/lib/gitea /etc/gitea
+#RUN chown git:git /var/lib/gitea /etc/gitea
+#
+#COPY docker/rootless /
+#COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
+#COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
+#RUN chmod 755 /usr/local/bin/docker-entrypoint.sh /usr/local/bin/docker-setup.sh /app/gitea/gitea /usr/local/bin/gitea /usr/local/bin/environment-to-ini
+#
+##git:git
+#USER 1000:1000
+#ENV GITEA_WORK_DIR /var/lib/gitea
+#ENV GITEA_CUSTOM /var/lib/gitea/custom
+#ENV GITEA_TEMP /tmp/gitea
+#ENV TMPDIR /tmp/gitea
+#
+##TODO add to docs the ability to define the ini to load (usefull to test and revert a config)
+#ENV GITEA_APP_INI /etc/gitea/app.ini
+#ENV HOME "/var/lib/gitea/git"
+#VOLUME ["/var/lib/gitea", "/etc/gitea"]
+#WORKDIR /var/lib/gitea
+#
+#ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
+#CMD []
+#----
+#FROM golang:1.17-alpine as build-env
+
+#LABEL maintainer="eichehome@gmx.de eichehome"
+
+#RUN apk --no-cache add git
+#RUN git clone https://
+#---
+FROM docker.io/gitea/gitea:1.16.2-rootless

CoreDNS/Corefile

@@ -1,53 +1,82 @@
-tls
-sign
-file/root
-loadbalance
-forward
-bind
-loop
-
 dns://.:53 {
-  bind eth0
-  loadbalance round_robin
-  forward . 127.0.0.1:5051 127.0.0.1:5052
+  forward . 5.1.66.255:53 [2001:678:e68:f000::]:53 185.150.99.255 [2001:678:ed0:f000::]:53 91.239.100.100 [2001:67c:28a4::]:53 89.233.43.71 [2a01:3a0:53:53::]:53 {
+    prefer_udp
+    policy round_robin
+  }
+  cache {
+    success 5000
+    denial 2500
+  }
 }
 
+dns://.:5353 {
+  forward . 127.0.0.1:5051 127.0.0.1:5052 127.0.0.1:5053 127.0.0.1:5054 127.0.0.1:5055 127.0.0.1:5056 127.0.0.1:5057 {
+    policy round_robin
+  }
+  cache {
+    success 5000
+    denial 2500
+  }
+}
+
+tls://.:853 {}
+
+https://.:443 {}
+
+##########
+
 127.0.0.1:5051 {
-  forward . tls://8.8.8.8 tls://8.8.4.4 {
-    tls_servername dns.google
+  forward . tls://[2a01:4f8:251:554::2] tls://5.9.164.112 {
+    tls_servername dns3.digitalcourage.de
+    prefer_udp
+    policy round_robin
   }
 }
 
 127.0.0.1:5052 {
-  forward . 1.1.1.1 1.0.0.1 {
-    tls_servername cloudflare-dns.com
+  forward . tls://5.1.66.255 tls://185.150.99.255 tls://[2001:678:ed0:f000::] tls://[2001:678:e68:f000::] {
+    tls_servername dot.ffmuc.net
+    prefer_udp
+    policy round_robin
   }
 }
 
-
-
-tls://.:853 {
-  tls cert.pem key.pem ca.pem
-}
-
-https://.:443 {
-  tls cert.pem key.pem ca.pem
-}
-
-. {
-  bind eth0
-  loop
-  loadbalance round_robin
-  forward . 8.8.8.8 9.9.9.9
-  forward . tls://9.9.9.9 {
-    tls_servername dns.quad9.net
-    health_check 5s
+127.0.0.1:5053 {
+  forward . tls://185.95.218.43 tls://185.95.218.42 tls://[2a05:fc84::43] tls://[2a05:fc84::42] {
+    tls_servername dns.digitale-gesellschaft.ch
+    prefer_udp
+    policy round_robin
+  }
+}
+
+127.0.0.1:5054 {
+  forward . tls://89.233.43.71 tls://[2a01:3a0:53:53::] {
+    tls_servername unicast.censurfridns.dk
+    prefer_udp
+    policy round_robin
+  }
+}
+
+127.0.0.1:5055 {
+  forward . tls://91.239.100.100 tls://[2001:67c:28a4::] {
+    tls_servername anycast.censurfridns.dk
+    prefer_udp
+    policy round_robin
+  }
+}
+
+127.0.0.1:5056 {
+  forward . tls://91.239.100.100 tls://[2001:67c:28a4::] {
+    tls_servername anycast.uncensoreddns.org
+    prefer_udp
+    policy round_robin
+  }
+}
+
+127.0.0.1:5057 {
+  forward . tls://89.233.43.71 tls://[2a01:3a0:53:53::] {
+    tls_servername unicast.uncensoreddns.org
+    prefer_udp
+    policy round_robin
   }
-  cache 30
-  hosts {
-    10.0.0.1 example.org
-    falltrough
-  }
-  hosts
-  hosts /etc/hosts example.org
 }

CoreDNS/Corefile-bsp

@@ -0,0 +1,53 @@
+tls
+sign
+file/root
+loadbalance
+forward
+bind
+loop
+
+dns://.:53 {
+  bind eth0
+  loadbalance round_robin
+  forward . 127.0.0.1:5051 127.0.0.1:5052
+}
+
+127.0.0.1:5051 {
+  forward . tls://8.8.8.8 tls://8.8.4.4 {
+    tls_servername dns.google
+  }
+}
+
+127.0.0.1:5052 {
+  forward . 1.1.1.1 1.0.0.1 {
+    tls_servername cloudflare-dns.com
+  }
+}
+
+
+
+tls://.:853 {
+  tls cert.pem key.pem ca.pem
+}
+
+https://.:443 {
+  tls cert.pem key.pem ca.pem
+}
+
+. {
+  bind eth0
+  loop
+  loadbalance round_robin
+  forward . 8.8.8.8 9.9.9.9
+  forward . tls://9.9.9.9 {
+    tls_servername dns.quad9.net
+    health_check 5s
+  }
+  cache 30
+  hosts {
+    10.0.0.1 example.org
+    falltrough
+  }
+  hosts
+  hosts /etc/hosts example.org
+}