Docker - DNS Server
What Is DNS and How Does It Work – A Comprehensive Guide
I have been using Bind9 as my home LAN DNS for the past few years. I originally operated it on bare metal on my home router computer. In mid 2023 I successfully moved my Bind9 primary instance to my main home server in a container and created a slave instance in a container running on my home router computer. I created a Docker Bind9 Image using base Docker Alpine Linux images, with S6 init system.
The main router must be set to forward packets!
The ability to forward packets must be set / allowed, edit or add the following parameters in sudo vim /etc/sysctl.conf
:
- net.ipv4.ip_forward = 1
- net.ipv4.conf.all.proxy_arp = 1
sudo sysctl net.ipv6.conf.all.forwarding=1
similar for ipv6
After applying these changes reboot or apply setting using sudo sysctl -p /etc/sysctl.conf
/usr/sbin/named -f -4
to start the isc-bind9 application called named,-f
to run in foreground-4
to run ipv4 only
rndc stop
to stop named - need to implement this in S6rndc reload
to reload the named configuration filesnamed-checkconf /etc/bind/named.conf
named-checkzone kptree.net /etc/bind/db.kptree.net
named-checkzone 1.168.192.in-addr.arpa /etc/bind/db.1.168.192
cat /log/named/bind.log
to list bind log file-
rndc dumpdb -zones
cat /var/bind/named_dump.db
to see the database dumpnamed-checkconf -l
does this option still exist?named-checkconf -p
for a flatened uncomment listing of the configuration files
I have setup a primary DNS server and secondary slave DNS server.
- The primary DNS server runs on my main home server, it is the master
- The secondary DNS server runs on my router, it is set up as a slave server from the primary server and reads the zone files from the master when available.
bind9 docker image
I use the s6 rc system. Notes
- I never had much success with the S6_KEEP_ENV when I played around with this earlier.
- Some of the packages are handy for debugging the container, but not required for normal package operation. Hence these are commented out.
docker compose
A key point is the docker network is in host mode. (The ports are opened directly on the host and not routed from the docker internal network.)
References
References
- KPTree.net's bare metal implementation of dns - dhcp, based upon ISC Bind9 and DHCP on Debian 10 (was originally Ubuntu).