Both sides previous revision Previous revision Next revision | Previous revision |
docker_notes:docker-dns [2023-07-08 Sat wk27 11:50] – [Docker - DNS Server] baumkp | docker_notes:docker-dns [2024-05-12 Sun wk19 11:29] (current) – [docker compose] baumkp |
---|
{{tag>linux docker DNS bind9}} | {{tag>linux docker DNS bind9}} |
======Docker - DNS Server====== | ======Docker - DNS Server====== |
I propose to create a Docker Bind9 Image using base Docker Alpine Linux images, with S6 init system. | [[https://www.hostinger.com/tutorials/what-is-dns|What Is DNS and How Does It Work – A Comprehensive Guide]]\\ |
| I have been using Bind9 as my home LAN DNS for the past few years. I originally operated it on bare metal on my home router computer. In mid 2023 I successfully moved my Bind9 primary instance to my main home server in a container and created a slave instance in a container running on my home router computer. I created a Docker Bind9 Image using base Docker Alpine Linux images, with S6 init system. |
| |
<fs xx-large><fc #ff0000>Work in progress</fc></fs> | The main router must be set to forward packets! |
| The ability to forward packets must be set / allowed, edit or add the following parameters in ''sudo vim /etc/sysctl.conf'': |
| *net.ipv4.ip_forward = 1 |
| *net.ipv4.conf.all.proxy_arp = 1 |
| * ''sudo sysctl net.ipv6.conf.all.forwarding=1'' similar for ipv6 |
| After applying these changes reboot or apply setting using ''sudo sysctl -p /etc/sysctl.conf'' |
| |
*''/usr/sbin/named -f -4'' to start the isc-bind9 application called named, | *''/usr/sbin/named -f -4'' to start the isc-bind9 application called named, |
*''-f'' to run in foreground | *''-f'' to run in foreground |
*''-4'' to run ipv4 only | *''-4'' to run ipv4 only |
*''rndc stop'' to stop named | *''rndc stop'' to stop named <fc #ff0000>- need to implement this in S6</fc> |
*''rndc reload'' to reload the named configuration files | *''rndc reload'' to reload the named configuration files |
*''named-checkconf /etc/bind/named.conf'' | *''named-checkconf /etc/bind/named.conf'' |
*''named-checkzone kptree.net /etc/bind/db.kptree.net'' | *''named-checkzone kptree.net /etc/bind/db.kptree.net'' |
*''named-checkzone 1.168.192.in-addr.arpa /etc/bind/db.1.168.192'' | *''named-checkzone 1.168.192.in-addr.arpa /etc/bind/db.1.168.192'' |
| *''cat /log/named/bind.log'' to list bind log file |
| *From [[https://serverfault.com/questions/401024/listing-all-zones-loaded-in-bind|Listing all zones loaded in BIND]] |
| *''rndc dumpdb -zones'' |
| *''cat /var/bind/named_dump.db'' to see the database dump |
| *''named-checkconf -l'' does this option still exist? |
| *''named-checkconf -p'' for a flatened uncomment listing of the configuration files |
| |
| I have setup a primary DNS server and secondary slave DNS server. |
| *The primary DNS server runs on my main home server, it is the master |
| *The secondary DNS server runs on my router, it is set up as a slave server from the primary server and reads the zone files from the master when available. |
| |
| ====bind9 docker image==== |
| I use the [[https://wiki.kptree.net/doku.php?id=docker_notes:init#s6_supervision_rc_system| s6 rc system]]. |
| Notes |
| -I never had much success with the S6_KEEP_ENV when I played around with this earlier. |
| -Some of the packages are handy for debugging the container, but not required for normal package operation. Hence these are commented out. |
| |
| ++++Dockerfile| |
| <code>FROM alpine:latest |
| |
| ARG S6_OVERLAY_VERSION=3.1.6.2 |
| |
| ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz /tmp |
| RUN tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz |
| ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-x86_64.tar.xz /tmp |
| RUN tar -C / -Jxpf /tmp/s6-overlay-x86_64.tar.xz |
| |
| #ENV S6_KEEP_ENV=1 |
| #this keeps the environment variables |
| |
| ENTRYPOINT ["/init"] |
| |
| #add UID & GID |
| RUN \ |
| addgroup -g 99 named && \ |
| adduser -G named -u 99 -G named -D -S -h /dev/null named |
| |
| RUN apk update && \ |
| apk --no-cache add \ |
| bind \ |
| bind-dnssec-tools \ |
| && \ |
| apk upgrade |
| #util-linux \ |
| #vim \ |
| #less \ |
| |
| COPY user/* /etc/s6-overlay/s6-rc.d/user/contents.d/ |
| |
| COPY s6-rc.d /etc/s6-overlay/s6-rc.d/ |
| |
| EXPOSE 53/tcp |
| EXPOSE 53/udp |
| EXPOSE 953/tcp |
| </code> |
| ++++ |
| |
| ====docker compose==== |
| A key point is the docker network is in host mode. (The ports are opened directly on the host and not routed from the docker internal network.) |
| |
| ++++docker-compose.yml| |
| <code yaml>--- |
| services: |
| bind: |
| build: ./ |
| image: bind:latest |
| tty: true |
| stdin_open: true |
| container_name: kptr-dns-1 |
| restart: 'always' # always | unless-stopped | no | on-failure [:max-retries] |
| volumes: |
| - '/mnt/docker_store/bind9/.config:/app/' |
| - '/mnt/docker_store/bind9/.config/etc/bind:/etc/bind/' |
| - '/mnt/docker_store/bind9/.config/var/bind:/var/bind/' |
| - '/mnt/docker_store/bind9/.config/var/log:/var/log/' |
| network_mode: host |
| |
| command: /bin/sh</code> |
| ++++ |
| ====References==== |
| *[[https://askubuntu.com/questions/311053/how-to-make-ip-forwarding-permanent|How to make IP forwarding permanent?]] |
| |
=====References===== | =====References===== |
*[[https://www.isc.org/bind/|ISC Bind9]] | *[[https://www.isc.org/bind/|ISC Bind9]] |
*[[https://hub.docker.com/r/internetsystemsconsortium/bind9|Github internetsystemsconsortium/bind9]] | *[[https://hub.docker.com/r/internetsystemsconsortium/bind9|Github internetsystemsconsortium/bind9]] |
| *[[https://serverspace.us/support/help/bind9-as-a-secondary-dns-server-on-ubuntu/|How to Configure BIND9 as a Secondary DNS Server on Ubuntu 20.04]] |
| *[[https://askubuntu.com/questions/152593/command-line-to-list-dns-servers-used-by-my-system|Command-line to list DNS servers used by my system]] |
| *[[https://computingforgeeks.com/configure-slave-bind-dns-server-on-ubuntu/|Configure Slave BIND DNS Server on Ubuntu 22.04|20.04]] |
| |
<- docker_notes:docker-mailserver|Back ^ docker_notes:index|Start page ^ docker_notes:docker-dhcp|Next -> | <- docker_notes:docker-mailserver|Back ^ docker_notes:index|Start page ^ docker_notes:docker-dhcp|Next -> |