| Both sides previous revision Previous revision Next revision | Previous revision |
| docker_notes:docker-dns [2023-07-10 Mon wk28 17:33] – [Docker - DNS Server] baumkp | docker_notes:docker-dns [2024-05-12 Sun wk19 11:29] (current) – [docker compose] baumkp |
|---|
| {{tag>linux docker DNS bind9}} | {{tag>linux docker DNS bind9}} |
| ======Docker - DNS Server====== | ======Docker - DNS Server====== |
| I propose to create a Docker Bind9 Image using base Docker Alpine Linux images, with S6 init system. | [[https://www.hostinger.com/tutorials/what-is-dns|What Is DNS and How Does It Work – A Comprehensive Guide]]\\ |
| | I have been using Bind9 as my home LAN DNS for the past few years. I originally operated it on bare metal on my home router computer. In mid 2023 I successfully moved my Bind9 primary instance to my main home server in a container and created a slave instance in a container running on my home router computer. I created a Docker Bind9 Image using base Docker Alpine Linux images, with S6 init system. |
| <fs xx-large><fc #ff0000>Work in progress</fc></fs> | |
| |
| The main router must be set to forward packets! | The main router must be set to forward packets! |
| *''named-checkzone kptree.net /etc/bind/db.kptree.net'' | *''named-checkzone kptree.net /etc/bind/db.kptree.net'' |
| *''named-checkzone 1.168.192.in-addr.arpa /etc/bind/db.1.168.192'' | *''named-checkzone 1.168.192.in-addr.arpa /etc/bind/db.1.168.192'' |
| | *''cat /log/named/bind.log'' to list bind log file |
| | *From [[https://serverfault.com/questions/401024/listing-all-zones-loaded-in-bind|Listing all zones loaded in BIND]] |
| | *''rndc dumpdb -zones'' |
| | *''cat /var/bind/named_dump.db'' to see the database dump |
| | *''named-checkconf -l'' does this option still exist? |
| | *''named-checkconf -p'' for a flatened uncomment listing of the configuration files |
| | |
| | I have setup a primary DNS server and secondary slave DNS server. |
| | *The primary DNS server runs on my main home server, it is the master |
| | *The secondary DNS server runs on my router, it is set up as a slave server from the primary server and reads the zone files from the master when available. |
| | |
| | ====bind9 docker image==== |
| | I use the [[https://wiki.kptree.net/doku.php?id=docker_notes:init#s6_supervision_rc_system| s6 rc system]]. |
| | Notes |
| | -I never had much success with the S6_KEEP_ENV when I played around with this earlier. |
| | -Some of the packages are handy for debugging the container, but not required for normal package operation. Hence these are commented out. |
| | |
| | ++++Dockerfile| |
| | <code>FROM alpine:latest |
| | |
| | ARG S6_OVERLAY_VERSION=3.1.6.2 |
| | |
| | ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz /tmp |
| | RUN tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz |
| | ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-x86_64.tar.xz /tmp |
| | RUN tar -C / -Jxpf /tmp/s6-overlay-x86_64.tar.xz |
| | |
| | #ENV S6_KEEP_ENV=1 |
| | #this keeps the environment variables |
| | |
| | ENTRYPOINT ["/init"] |
| | |
| | #add UID & GID |
| | RUN \ |
| | addgroup -g 99 named && \ |
| | adduser -G named -u 99 -G named -D -S -h /dev/null named |
| | |
| | RUN apk update && \ |
| | apk --no-cache add \ |
| | bind \ |
| | bind-dnssec-tools \ |
| | && \ |
| | apk upgrade |
| | #util-linux \ |
| | #vim \ |
| | #less \ |
| | |
| | COPY user/* /etc/s6-overlay/s6-rc.d/user/contents.d/ |
| | |
| | COPY s6-rc.d /etc/s6-overlay/s6-rc.d/ |
| | |
| | EXPOSE 53/tcp |
| | EXPOSE 53/udp |
| | EXPOSE 953/tcp |
| | </code> |
| | ++++ |
| | |
| | ====docker compose==== |
| | A key point is the docker network is in host mode. (The ports are opened directly on the host and not routed from the docker internal network.) |
| | |
| | ++++docker-compose.yml| |
| | <code yaml>--- |
| | services: |
| | bind: |
| | build: ./ |
| | image: bind:latest |
| | tty: true |
| | stdin_open: true |
| | container_name: kptr-dns-1 |
| | restart: 'always' # always | unless-stopped | no | on-failure [:max-retries] |
| | volumes: |
| | - '/mnt/docker_store/bind9/.config:/app/' |
| | - '/mnt/docker_store/bind9/.config/etc/bind:/etc/bind/' |
| | - '/mnt/docker_store/bind9/.config/var/bind:/var/bind/' |
| | - '/mnt/docker_store/bind9/.config/var/log:/var/log/' |
| | network_mode: host |
| |
| | command: /bin/sh</code> |
| | ++++ |
| ====References==== | ====References==== |
| *[[https://askubuntu.com/questions/311053/how-to-make-ip-forwarding-permanent|How to make IP forwarding permanent?]] | *[[https://askubuntu.com/questions/311053/how-to-make-ip-forwarding-permanent|How to make IP forwarding permanent?]] |
| *[[https://www.isc.org/bind/|ISC Bind9]] | *[[https://www.isc.org/bind/|ISC Bind9]] |
| *[[https://hub.docker.com/r/internetsystemsconsortium/bind9|Github internetsystemsconsortium/bind9]] | *[[https://hub.docker.com/r/internetsystemsconsortium/bind9|Github internetsystemsconsortium/bind9]] |
| | *[[https://serverspace.us/support/help/bind9-as-a-secondary-dns-server-on-ubuntu/|How to Configure BIND9 as a Secondary DNS Server on Ubuntu 20.04]] |
| | *[[https://askubuntu.com/questions/152593/command-line-to-list-dns-servers-used-by-my-system|Command-line to list DNS servers used by my system]] |
| | *[[https://computingforgeeks.com/configure-slave-bind-dns-server-on-ubuntu/|Configure Slave BIND DNS Server on Ubuntu 22.04|20.04]] |
| |
| <- docker_notes:docker-mailserver|Back ^ docker_notes:index|Start page ^ docker_notes:docker-dhcp|Next -> | <- docker_notes:docker-mailserver|Back ^ docker_notes:index|Start page ^ docker_notes:docker-dhcp|Next -> |