| Both sides previous revision Previous revision Next revision | Previous revision |
| docker_notes:docker-dns [2023-05-30 Tue wk22 20:10] – baumkp | docker_notes:docker-dns [2024-05-12 Sun wk19 11:29] (current) – [docker compose] baumkp |
|---|
| {{tag>linux docker DNS bind9}} | {{tag>linux docker DNS bind9}} |
| ======Docker - DNS Server====== | ======Docker - DNS Server====== |
| I propose to create a Docker Bind9 Image using base Docker Alpine Linux images, with S6 init system. | [[https://www.hostinger.com/tutorials/what-is-dns|What Is DNS and How Does It Work – A Comprehensive Guide]]\\ |
| | I have been using Bind9 as my home LAN DNS for the past few years. I originally operated it on bare metal on my home router computer. In mid 2023 I successfully moved my Bind9 primary instance to my main home server in a container and created a slave instance in a container running on my home router computer. I created a Docker Bind9 Image using base Docker Alpine Linux images, with S6 init system. |
| |
| <fs xx-large><fc #ff0000>Work in progress</fc></fs> | The main router must be set to forward packets! |
| | The ability to forward packets must be set / allowed, edit or add the following parameters in ''sudo vim /etc/sysctl.conf'': |
| | *net.ipv4.ip_forward = 1 |
| | *net.ipv4.conf.all.proxy_arp = 1 |
| | * ''sudo sysctl net.ipv6.conf.all.forwarding=1'' similar for ipv6 |
| | After applying these changes reboot or apply setting using ''sudo sysctl -p /etc/sysctl.conf'' |
| | |
| | *''/usr/sbin/named -f -4'' to start the isc-bind9 application called named, |
| | *''-f'' to run in foreground |
| | *''-4'' to run ipv4 only |
| | *''rndc stop'' to stop named <fc #ff0000>- need to implement this in S6</fc> |
| | *''rndc reload'' to reload the named configuration files |
| | *''named-checkconf /etc/bind/named.conf'' |
| | *''named-checkzone kptree.net /etc/bind/db.kptree.net'' |
| | *''named-checkzone 1.168.192.in-addr.arpa /etc/bind/db.1.168.192'' |
| | *''cat /log/named/bind.log'' to list bind log file |
| | *From [[https://serverfault.com/questions/401024/listing-all-zones-loaded-in-bind|Listing all zones loaded in BIND]] |
| | *''rndc dumpdb -zones'' |
| | *''cat /var/bind/named_dump.db'' to see the database dump |
| | *''named-checkconf -l'' does this option still exist? |
| | *''named-checkconf -p'' for a flatened uncomment listing of the configuration files |
| | |
| | I have setup a primary DNS server and secondary slave DNS server. |
| | *The primary DNS server runs on my main home server, it is the master |
| | *The secondary DNS server runs on my router, it is set up as a slave server from the primary server and reads the zone files from the master when available. |
| | |
| | ====bind9 docker image==== |
| | I use the [[https://wiki.kptree.net/doku.php?id=docker_notes:init#s6_supervision_rc_system| s6 rc system]]. |
| | Notes |
| | -I never had much success with the S6_KEEP_ENV when I played around with this earlier. |
| | -Some of the packages are handy for debugging the container, but not required for normal package operation. Hence these are commented out. |
| | |
| | ++++Dockerfile| |
| | <code>FROM alpine:latest |
| | |
| | ARG S6_OVERLAY_VERSION=3.1.6.2 |
| | |
| | ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz /tmp |
| | RUN tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz |
| | ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-x86_64.tar.xz /tmp |
| | RUN tar -C / -Jxpf /tmp/s6-overlay-x86_64.tar.xz |
| | |
| | #ENV S6_KEEP_ENV=1 |
| | #this keeps the environment variables |
| | |
| | ENTRYPOINT ["/init"] |
| | |
| | #add UID & GID |
| | RUN \ |
| | addgroup -g 99 named && \ |
| | adduser -G named -u 99 -G named -D -S -h /dev/null named |
| | |
| | RUN apk update && \ |
| | apk --no-cache add \ |
| | bind \ |
| | bind-dnssec-tools \ |
| | && \ |
| | apk upgrade |
| | #util-linux \ |
| | #vim \ |
| | #less \ |
| | |
| | COPY user/* /etc/s6-overlay/s6-rc.d/user/contents.d/ |
| | |
| | COPY s6-rc.d /etc/s6-overlay/s6-rc.d/ |
| | |
| | EXPOSE 53/tcp |
| | EXPOSE 53/udp |
| | EXPOSE 953/tcp |
| | </code> |
| | ++++ |
| | |
| | ====docker compose==== |
| | A key point is the docker network is in host mode. (The ports are opened directly on the host and not routed from the docker internal network.) |
| | |
| | ++++docker-compose.yml| |
| | <code yaml>--- |
| | services: |
| | bind: |
| | build: ./ |
| | image: bind:latest |
| | tty: true |
| | stdin_open: true |
| | container_name: kptr-dns-1 |
| | restart: 'always' # always | unless-stopped | no | on-failure [:max-retries] |
| | volumes: |
| | - '/mnt/docker_store/bind9/.config:/app/' |
| | - '/mnt/docker_store/bind9/.config/etc/bind:/etc/bind/' |
| | - '/mnt/docker_store/bind9/.config/var/bind:/var/bind/' |
| | - '/mnt/docker_store/bind9/.config/var/log:/var/log/' |
| | network_mode: host |
| | |
| | command: /bin/sh</code> |
| | ++++ |
| | ====References==== |
| | *[[https://askubuntu.com/questions/311053/how-to-make-ip-forwarding-permanent|How to make IP forwarding permanent?]] |
| |
| =====References===== | =====References===== |
| *KPTree.net's bare metal implementation of [[linux_router:dns_dhcp|dns - dhcp]], based upon ISC Bind9 and DHCP on Debian 10 <fs xx-small>(was originally Ubuntu)</fs>. | *KPTree.net's bare metal implementation of [[linux_router:dns_dhcp|dns - dhcp]], based upon ISC Bind9 and DHCP on Debian 10 <fs xx-small>(was originally Ubuntu)</fs>. |
| *[[https://www.zytrax.com/books/dns/|DNS for Rocket Scientists]] | *[[https://www.zytrax.com/books/dns/|DNS for Rocket Scientists]] |
| | *[[https://hub.docker.com/r/mjkaye/bind9-alpine|mjkaye/bind9-alpine]] |
| | *[[https://kb.isc.org/docs/aa-00768|Getting started with BIND - how to build and run named with a basic recursive configuration]] |
| | *[[https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-caching-or-forwarding-dns-server-on-ubuntu-16-04|How To Configure Bind as a Caching or Forwarding DNS Server on Ubuntu 16.04]] |
| | *[[https://stackoverflow.com/questions/11153958/how-to-enable-named-bind-dns-full-logging|How to enable named/bind/DNS full logging? [closed]]] |
| | *[[https://á.se/dnssec-bind9-alpine/|dnssec, Bind9 on Alpine]] |
| | *[[https://www.isc.org/bind/|ISC Bind9]] |
| | *[[https://hub.docker.com/r/internetsystemsconsortium/bind9|Github internetsystemsconsortium/bind9]] |
| | *[[https://serverspace.us/support/help/bind9-as-a-secondary-dns-server-on-ubuntu/|How to Configure BIND9 as a Secondary DNS Server on Ubuntu 20.04]] |
| | *[[https://askubuntu.com/questions/152593/command-line-to-list-dns-servers-used-by-my-system|Command-line to list DNS servers used by my system]] |
| | *[[https://computingforgeeks.com/configure-slave-bind-dns-server-on-ubuntu/|Configure Slave BIND DNS Server on Ubuntu 22.04|20.04]] |
| |
| <- docker_notes:docker-mailserver|Back ^ docker_notes:index|Start page ^ docker_notes:docker-dhcp|Next -> | <- docker_notes:docker-mailserver|Back ^ docker_notes:index|Start page ^ docker_notes:docker-dhcp|Next -> |