docker-bind/README.md

### ISC BIND9 Container (Stable: 9.11.2_xx) built on top of Alpine
### Last update: 2-12-18 (major new update!)

NOTE: "Last Update" is the date of the latest DockerHub build.

This container is a super small (~5MB compressed pull, and only ~9MB
when extracted) FULL version of ISC BIND9.

It is ideal for an extremely secure and fast master (authoritative server),
slave, recursive server/resolver, RPZ "dns firewall", or just
about any other purpose you can use bind for.

# Security - always on the latest stable BIND release!
This container will _always_ be up to date on the latest
stable+patched version, usually within 24 hours of it being available
in Alpine. In fact, most of the BIND vulnerabilities so far have been
reported by me to the Alpine developers.

# How to deploy a Bind (DNS) server?
This container contains everything needed in terms of configuration to
run as an authoritative server or a recursive resolver/forwarding cacher.

However, the default config permits queries and recursion only from 127.0.0.1 - which will not be too useful :)
But the assumption is that you will override ```/etc/bind``` with your configs, and ```/var/bind``` with your zones.

# Required "DATA" directory - for configs and zone data:
This container assumes you have a "/DATA" folder with with your container specific data.
(You can change that folder, sub-folders, and file points as needed, but make sure you update the "-v" mounts for the run.)

Specifically, you need to have these directories/paths:
```
1.) [ *REQUIRED* ]
In your "/DATA/etc/bind" directory, a file "named.conf", which acts as an entry point to your configs
Take a look at the default config, and the example configs provided

2.) [ *REQUIRED* ]
A "/DATA/var/bind" directory for all of the master or slave zones. If it's for slave zones, it will populate automatically and you can leave it blank.
```


# How to run a BIND ("named") Docker Container?

```
# Default Example
# This is just to test it out - by default only allows queries from
# itself (127.0.0.1) -- pretty useless for real world usage
docker run --name=dns-test
-it -d \
--dns=8.8.8.8 --dns=8.8.4.4 \
-p 53:53/udp -p 53:53 \
ventz/bind
```

```
# Customer Override Example for Authoritative Master
# Edit: named.conf.local with your forward zone at least
# and create the file in /var/named/$yourdomain.tld
docker run --name=dns-master
-it -d \
--dns=8.8.8.8 --dns=8.8.4.4 \
-p 53:53/udp -p 53:53 \
-v /DATA/etc/bind:/etc/bind \
-v /DATA/var/bind:/var/bind \
ventz/bind
```

```
# Custom Override Example for Recursive Resolver/Cacher:
# Edit: named.conf.options -> change the "allow-recursion" and  "allow-query" with your subnets
docker run --name=dns-resolver
-it -d \
--dns=8.8.8.8 --dns=8.8.4.4 \
-p 53:53/udp -p 53:53 \
-v /DATA/etc/bind:/etc/bind \
-v /DATA/var/bind:/var/bind \
ventz/bind
```
Updated for 9.11.2_p1-r0 - CVE-2017-3145 - https://kb.isc.org/article/AA-01542/0/CVE-2017-3145 2018-02-06 22:23:44 +00:00			`### ISC BIND9 Container (Stable: 9.11.2_xx) built on top of Alpine`
Major Upgrade - added very detailed configs for many scenarios, with lots of examples. The server is now fully functional for an authoritative master and a recursive/forwarding cacher. You can still mount over the /etc/bind and /var/bind directories and override everything yourself. This should help many users who did not know where to start with bind. 2018-02-13 04:35:24 +00:00			`### Last update: 2-12-18 (major new update!)`
Updated for 9.11.1_p1-r1, due to multiple medium and high vulnerabilities (https://kb.isc.org/article/AA-01503/0, https://kb.isc.org/article/AA-01504/0, https://kb.isc.org/article/AA-01495/0) 2017-09-18 18:19:07 +00:00
			`NOTE: "Last Update" is the date of the latest DockerHub build.`
Moving Docker bind container to github so that I can autobuild in docker hub 2016-01-10 21:11:56 +00:00
Cleaned up notes, structure, build, supplied run, etc 2017-03-14 08:37:37 +00:00			`This container is a super small (~5MB compressed pull, and only ~9MB`
			`when extracted) FULL version of ISC BIND9.`
Moving Docker bind container to github so that I can autobuild in docker hub 2016-01-10 21:11:56 +00:00
Major Upgrade - added very detailed configs for many scenarios, with lots of examples. The server is now fully functional for an authoritative master and a recursive/forwarding cacher. You can still mount over the /etc/bind and /var/bind directories and override everything yourself. This should help many users who did not know where to start with bind. 2018-02-13 04:35:24 +00:00			`It is ideal for an extremely secure and fast master (authoritative server),`
			`slave, recursive server/resolver, RPZ "dns firewall", or just`
			`about any other purpose you can use bind for.`
Moving Docker bind container to github so that I can autobuild in docker hub 2016-01-10 21:11:56 +00:00
Major Upgrade - added very detailed configs for many scenarios, with lots of examples. The server is now fully functional for an authoritative master and a recursive/forwarding cacher. You can still mount over the /etc/bind and /var/bind directories and override everything yourself. This should help many users who did not know where to start with bind. 2018-02-13 04:35:24 +00:00			`# Security - always on the latest stable BIND release!`
Cleaned up notes, structure, build, supplied run, etc 2017-03-14 08:37:37 +00:00			`This container will _always_ be up to date on the latest`
			`stable+patched version, usually within 24 hours of it being available`
			`in Alpine. In fact, most of the BIND vulnerabilities so far have been`
			`reported by me to the Alpine developers.`
Cleaned up ReadMe 2016-01-10 21:24:26 +00:00
Major Upgrade - added very detailed configs for many scenarios, with lots of examples. The server is now fully functional for an authoritative master and a recursive/forwarding cacher. You can still mount over the /etc/bind and /var/bind directories and override everything yourself. This should help many users who did not know where to start with bind. 2018-02-13 04:35:24 +00:00			`# How to deploy a Bind (DNS) server?`
			`This container contains everything needed in terms of configuration to`
			`run as an authoritative server or a recursive resolver/forwarding cacher.`

			`However, the default config permits queries and recursion only from 127.0.0.1 - which will not be too useful :)`
			But the assumption is that you will override ```/etc/bind``` with your configs, and ```/var/bind``` with your zones.

			`# Required "DATA" directory - for configs and zone data:`
Cleaned up notes, structure, build, supplied run, etc 2017-03-14 08:37:37 +00:00			`This container assumes you have a "/DATA" folder with with your container specific data.`
Major Upgrade - added very detailed configs for many scenarios, with lots of examples. The server is now fully functional for an authoritative master and a recursive/forwarding cacher. You can still mount over the /etc/bind and /var/bind directories and override everything yourself. This should help many users who did not know where to start with bind. 2018-02-13 04:35:24 +00:00			`(You can change that folder, sub-folders, and file points as needed, but make sure you update the "-v" mounts for the run.)`
Cleaned up ReadMe 2016-01-10 21:24:26 +00:00
Cleaned up notes, structure, build, supplied run, etc 2017-03-14 08:37:37 +00:00			`Specifically, you need to have these directories/paths:`
Moving Docker bind container to github so that I can autobuild in docker hub 2016-01-10 21:11:56 +00:00			```
Cleaned up notes, structure, build, supplied run, etc 2017-03-14 08:37:37 +00:00			`1.) [ REQUIRED ]`
			`In your "/DATA/etc/bind" directory, a file "named.conf", which acts as an entry point to your configs`
Major Upgrade - added very detailed configs for many scenarios, with lots of examples. The server is now fully functional for an authoritative master and a recursive/forwarding cacher. You can still mount over the /etc/bind and /var/bind directories and override everything yourself. This should help many users who did not know where to start with bind. 2018-02-13 04:35:24 +00:00			`Take a look at the default config, and the example configs provided`
Cleaned up notes, structure, build, supplied run, etc 2017-03-14 08:37:37 +00:00
			`2.) [ REQUIRED ]`
Major Upgrade - added very detailed configs for many scenarios, with lots of examples. The server is now fully functional for an authoritative master and a recursive/forwarding cacher. You can still mount over the /etc/bind and /var/bind directories and override everything yourself. This should help many users who did not know where to start with bind. 2018-02-13 04:35:24 +00:00			`A "/DATA/var/bind" directory for all of the master or slave zones. If it's for slave zones, it will populate automatically and you can leave it blank.`
Cleaned up notes, structure, build, supplied run, etc 2017-03-14 08:37:37 +00:00			```


			`# How to run a BIND ("named") Docker Container?`

			```
Major Upgrade - added very detailed configs for many scenarios, with lots of examples. The server is now fully functional for an authoritative master and a recursive/forwarding cacher. You can still mount over the /etc/bind and /var/bind directories and override everything yourself. This should help many users who did not know where to start with bind. 2018-02-13 04:35:24 +00:00			`# Default Example`
			`# This is just to test it out - by default only allows queries from`
			`# itself (127.0.0.1) -- pretty useless for real world usage`
			`docker run --name=dns-test`
			`-it -d \`
			`--dns=8.8.8.8 --dns=8.8.4.4 \`
			`-p 53:53/udp -p 53:53 \`
			`ventz/bind`
			```

			```
			`# Customer Override Example for Authoritative Master`
			`# Edit: named.conf.local with your forward zone at least`
			`# and create the file in /var/named/$yourdomain.tld`
			`docker run --name=dns-master`
			`-it -d \`
			`--dns=8.8.8.8 --dns=8.8.4.4 \`
			`-p 53:53/udp -p 53:53 \`
			`-v /DATA/etc/bind:/etc/bind \`
			`-v /DATA/var/bind:/var/bind \`
			`ventz/bind`
			```

			```
			`# Custom Override Example for Recursive Resolver/Cacher:`
			`# Edit: named.conf.options -> change the "allow-recursion" and "allow-query" with your subnets`
			`docker run --name=dns-resolver`
Cleaned up notes, structure, build, supplied run, etc 2017-03-14 08:37:37 +00:00			`-it -d \`
			`--dns=8.8.8.8 --dns=8.8.4.4 \`
Moving Docker bind container to github so that I can autobuild in docker hub 2016-01-10 21:11:56 +00:00			`-p 53:53/udp -p 53:53 \`
Cleaned up notes, structure, build, supplied run, etc 2017-03-14 08:37:37 +00:00			`-v /DATA/etc/bind:/etc/bind \`
Major Upgrade - added very detailed configs for many scenarios, with lots of examples. The server is now fully functional for an authoritative master and a recursive/forwarding cacher. You can still mount over the /etc/bind and /var/bind directories and override everything yourself. This should help many users who did not know where to start with bind. 2018-02-13 04:35:24 +00:00			`-v /DATA/var/bind:/var/bind \`
Moving Docker bind container to github so that I can autobuild in docker hub 2016-01-10 21:11:56 +00:00			`ventz/bind`
			```