What Is DNS and How Does It Work – A Comprehensive Guide
I have been using Bind9 as my home LAN DNS for the past few years. I originally operated it on bare metal on my home router computer. In mid 2023 I successfully moved my Bind9 primary instance to my main home server in a container and created a slave instance in a container running on my home router computer. I created a Docker Bind9 Image using base Docker Alpine Linux images, with S6 init system.

The main router must be set to forward packets! The ability to forward packets must be set / allowed, edit or add the following parameters in sudo vim /etc/sysctl.conf:

• net.ipv4.ip_forward = 1
• net.ipv4.conf.all.proxy_arp = 1
• sudo sysctl net.ipv6.conf.all.forwarding=1 similar for ipv6

After applying these changes reboot or apply setting using sudo sysctl -p /etc/sysctl.conf

• /usr/sbin/named -f -4 to start the isc-bind9 application called named,
  • -f to run in foreground
  • -4 to run ipv4 only
• rndc stop to stop named - need to implement this in S6
• rndc reload to reload the named configuration files
• named-checkconf /etc/bind/named.conf
• named-checkzone kptree.net /etc/bind/db.kptree.net
• named-checkzone 1.168.192.in-addr.arpa /etc/bind/db.1.168.192
• cat /log/named/bind.log to list bind log file
• From Listing all zones loaded in BIND
  • rndc dumpdb -zones
  • cat /var/bind/named_dump.db to see the database dump
  • named-checkconf -l does this option still exist?
  • named-checkconf -p for a flatened uncomment listing of the configuration files

I have setup a primary DNS server and secondary slave DNS server.

• The primary DNS server runs on my main home server, it is the master
• The secondary DNS server runs on my router, it is set up as a slave server from the primary server and reads the zone files from the master when available.

I use the s6 rc system. Notes

1. I never had much success with the S6_KEEP_ENV when I played around with this earlier.
2. Some of the packages are handy for debugging the container, but not required for normal package operation. Hence these are commented out.

Dockerfile

FROM alpine:latest

ARG S6_OVERLAY_VERSION=3.1.6.2

ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz /tmp
RUN tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz
ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-x86_64.tar.xz /tmp
RUN tar -C / -Jxpf /tmp/s6-overlay-x86_64.tar.xz

#ENV S6_KEEP_ENV=1 
#this keeps the environment variables

ENTRYPOINT ["/init"]

#add UID & GID
RUN \
addgroup -g 99 named && \
adduser -G named -u 99  -G named -D -S -h /dev/null named

RUN apk update && \
apk --no-cache add \
bind \
bind-dnssec-tools \
&& \
apk upgrade
#util-linux \
#vim \
#less \

COPY user/* /etc/s6-overlay/s6-rc.d/user/contents.d/

COPY s6-rc.d /etc/s6-overlay/s6-rc.d/

EXPOSE 53/tcp
EXPOSE 53/udp
EXPOSE 953/tcp

A key point is the docker network is in host mode. (The ports are opened directly on the host and not routed from the docker internal network.)

docker-compose.yml

---
services:
  bind:
    build: ./
    image: bind:latest
    tty: true
    stdin_open: true
    container_name: kptr-dns-1
    restart: 'always' # always | unless-stopped | no | on-failure [:max-retries]
    volumes:
      - '/mnt/docker_store/bind9/.config:/app/'
      - '/mnt/docker_store/bind9/.config/etc/bind:/etc/bind/'
      - '/mnt/docker_store/bind9/.config/var/bind:/var/bind/'
      - '/mnt/docker_store/bind9/.config/var/log:/var/log/'
    network_mode: host

    command: /bin/sh

• How to make IP forwarding permanent?

• KPTree.net's bare metal implementation of dns - dhcp, based upon ISC Bind9 and DHCP on Debian 10 (was originally Ubuntu).
• DNS for Rocket Scientists
• mjkaye/bind9-alpine
• Getting started with BIND - how to build and run named with a basic recursive configuration
• How To Configure Bind as a Caching or Forwarding DNS Server on Ubuntu 16.04
• How to enable named/bind/DNS full logging? [closed]
• dnssec, Bind9 on Alpine
• ISC Bind9
• Github internetsystemsconsortium/bind9
• How to Configure BIND9 as a Secondary DNS Server on Ubuntu 20.04
• Command-line to list DNS servers used by my system
• Configure Slave BIND DNS Server on Ubuntu 22.04|20.04