Major Upgrade - added very detailed configs for many scenarios, with lots of examples. The server is now fully functional for an authoritative master and a recursive/forwarding cacher. You can still mount over the /etc/bind and /var/bind directories and override everything yourself. This should help many users who did not know where to start with bind.

This commit is contained in:
Ventz Petkov 2018-02-12 23:35:24 -05:00
parent ca044d1672
commit 108554317e
20 changed files with 611 additions and 31 deletions

View File

@ -1,46 +1,77 @@
### ISC BIND9 Container (Stable: 9.11.2_xx) built on top of Alpine
### Last update: 2-6-18
### Last update: 2-12-18 (major new update!)
NOTE: "Last Update" is the date of the latest DockerHub build.
This container is a super small (~5MB compressed pull, and only ~9MB
when extracted) FULL version of ISC BIND9.
It is ideal for a quick master, slave, recursive server/resolver, RPZ
"dns firewall", or just about any other purpose you can use bind for.
It is ideal for an extremely secure and fast master (authoritative server),
slave, recursive server/resolver, RPZ "dns firewall", or just
about any other purpose you can use bind for.
# Security - always on the latest stable release!
# Security - always on the latest stable BIND release!
This container will _always_ be up to date on the latest
stable+patched version, usually within 24 hours of it being available
in Alpine. In fact, most of the BIND vulnerabilities so far have been
reported by me to the Alpine developers.
# Required "DATA" directory - for named.conf and zone data:
# How to deploy a Bind (DNS) server?
This container contains everything needed in terms of configuration to
run as an authoritative server or a recursive resolver/forwarding cacher.
However, the default config permits queries and recursion only from 127.0.0.1 - which will not be too useful :)
But the assumption is that you will override ```/etc/bind``` with your configs, and ```/var/bind``` with your zones.
# Required "DATA" directory - for configs and zone data:
This container assumes you have a "/DATA" folder with with your container specific data.
You can change that folder (and sub-folders) as needed, but make sure you update the "-v" mounts for the run.
(You can change that folder, sub-folders, and file points as needed, but make sure you update the "-v" mounts for the run.)
Specifically, you need to have these directories/paths:
```
1.) [ *REQUIRED* ]
In your "/DATA/etc/bind" directory, a file "named.conf", which acts as an entry point to your configs
Take a look at the default config, and the example configs provided
2.) [ *REQUIRED* ]
A "/DATA/var/cache/bind" directory for all of the master or slave zones. If it's for slave zones, it will populate automatically and you can leave it blank.
3.) [ *OPTIONAL* ]
A "/DATA/var/log/named" directory for logging your DNS requests/returns/other breakdown. By default, logging is done to the console
A "/DATA/var/bind" directory for all of the master or slave zones. If it's for slave zones, it will populate automatically and you can leave it blank.
```
# How to run a BIND ("named") Docker Container?
```
docker run --name=dns-master01
# Default Example
# This is just to test it out - by default only allows queries from
# itself (127.0.0.1) -- pretty useless for real world usage
docker run --name=dns-test
-it -d \
--dns=8.8.8.8 --dns=8.8.4.4 \
-p 53:53/udp -p 53:53 \
ventz/bind
```
```
# Customer Override Example for Authoritative Master
# Edit: named.conf.local with your forward zone at least
# and create the file in /var/named/$yourdomain.tld
docker run --name=dns-master
-it -d \
--dns=8.8.8.8 --dns=8.8.4.4 \
-p 53:53/udp -p 53:53 \
-v /DATA/etc/bind:/etc/bind \
-v /DATA/var/cache/bind:/var/cache/bind \
-v /DATA/var/log/named:/var/log/named \
-v /DATA/var/bind:/var/bind \
ventz/bind
```
```
# Custom Override Example for Recursive Resolver/Cacher:
# Edit: named.conf.options -> change the "allow-recursion" and "allow-query" with your subnets
docker run --name=dns-resolver
-it -d \
--dns=8.8.8.8 --dns=8.8.4.4 \
-p 53:53/udp -p 53:53 \
-v /DATA/etc/bind:/etc/bind \
-v /DATA/var/bind:/var/bind \
ventz/bind
```

0
build.sh Normal file → Executable file
View File

View File

@ -3,19 +3,28 @@ EXPOSE 53 53/udp
RUN apk --update upgrade && apk add bind
RUN mkdir -m 0755 -p /var/run/named && chown -R root:named /var/run/named
# /var/cache/bind needs to be owned by "bind"
# /etc/bind needs to be owned by root, group owned by "bind", and chmod 750
# since we are mounting, do it manually
# NOTE: Per Dockerfile manual --> need to mkdir the mounted dir to chown
RUN mkdir -m 0755 -p /var/cache/bind && touch /var/cache/bind/docker-init && chown -R named:named /var/cache/bind
# &
# /var/bind needs to be owned by root, group owned by "bind", and chmod 770
# since we are mounting, do it manually
# NOTE: Per Dockerfile manual --> need to mkdir the mounted dir to chown
# &
# Get latest bind.keys
RUN mkdir -m 0770 -p /etc/bind && chown -R root:named /etc/bind ; \
mkdir -m 0770 -p /var/bind && chown -R root:named /var/cache ; \
wget -q -O /etc/bind/bind.keys https://ftp.isc.org/isc/bind9/keys/9.11/bind.keys.v9_11 ; \
rndc-confgen -a -r /dev/urandom
COPY configs/. /etc/bind/
# Mounts
# NOTE: Per Dockerfile manual -->
# "if any build steps change the data within the volume
# after it has been declared, those changes will be discarded."
VOLUME ["/etc/bind"]
VOLUME ["/var/cache/bind"]
VOLUME ["/var/bind"]
COPY entrypoint.sh /
ENTRYPOINT ["/entrypoint.sh"]

2
container/configs/README Normal file
View File

@ -0,0 +1,2 @@
You should add your zones to: named.conf.local
Generally, that's the only file you will need to modify

View File

@ -0,0 +1,12 @@
;
; BIND reverse data file for broadcast zone
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.

View File

@ -0,0 +1,13 @@
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.
1.0.0 IN PTR localhost.

View File

@ -0,0 +1,12 @@
;
; BIND reverse data file for broadcast zone
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.

View File

@ -0,0 +1,14 @@
; BIND reverse data file for empty rfc1918 zone
;
; DO NOT EDIT THIS FILE - it is used for multiple zones.
; Instead, copy it, edit named.conf, and use that copy.
;
$TTL 86400
@ IN SOA localhost. root.localhost. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
86400 ) ; Negative Cache TTL
;
@ IN NS localhost.

View File

@ -0,0 +1,14 @@
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.
@ IN A 127.0.0.1
@ IN AAAA ::1

View File

@ -0,0 +1,92 @@
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.cache
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: January 30, 2018
; related version of root zone: 2018013001
;
; FORMERLY NS.INTERNIC.NET
;
. 3600000 NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30
;
; FORMERLY NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 199.9.14.201
B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:200::b
;
; FORMERLY C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c
;
; FORMERLY TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d
;
; FORMERLY NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e
;
; FORMERLY NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
;
; FORMERLY NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d
;
; FORMERLY AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53
;
; FORMERLY NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53
;
; OPERATED BY VERISIGN, INC.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30
;
; OPERATED BY RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
;
; OPERATED BY ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42
;
; OPERATED BY WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
; End of file

View File

@ -0,0 +1,20 @@
1.) Start with the FULL directory contents of "configs" which has a
fully functioning recurive resolver/forwarding cacher AND an
authoritative config at the same time.
The "configs" directory contains:
* README
* named.conf
* named.conf.default-zones
* named.conf.rfc1918
* named.conf.local -> modify this for all of your authoritative zones
* named.conf.options -> feel free to overwrite this with one fr
default-zones:
db.0 db.127 db.255 db.empty db.local db.root
2.) and then feel free to use the "named.conf.options" provided in the
"example-configs" to override the default with a more "specific
'named.conf.options' as needed for a more

View File

@ -0,0 +1,56 @@
// Copy this file to /etc/bind/named.conf.options if you want to run bind as an
// authoritative nameserver. If you want to run a recursive DNS resolver
// instead, see Ventz's "example-configs/recursive-resolver/named.conf.options"
//
// BIND supports using the same daemon as both authoritative nameserver and
// recursive resolver; it supports this because it is the oldest and original
// nameserver and so was designed before it was realized that combining these
// functions is inadvisable.
//
// In actual fact, combining these functions is a very bad idea. It is thus
// recommended that you run a given instance of BIND as either an authoritative
// nameserver or recursive resolver, not both. The example configuration herein
// provides a secure starting point for running an authoritative nameserver.
options {
directory "/var/bind";
// Configure the IPs to listen on here.
listen-on { 127.0.0.1; };
listen-on-v6 { none; };
// If you want to allow only specific hosts to use the DNS server:
//allow-query {
// 127.0.0.1;
//};
// Specify a list of IPs/masks to allow zone transfers to here.
//
// You can override this on a per-zone basis by specifying this inside a zone
// block.
//
// Warning: Removing this block will cause BIND to revert to its default
// behaviour of allowing zone transfers to any host (!).
allow-transfer {
none;
};
// If you have problems and are behind a firewall:
//query-source address * port 53;
pid-file "/var/run/named/named.pid";
// Changing this is NOT RECOMMENDED; see the notes above and in
// named.conf.recursive.
allow-recursion { none; };
recursion no;
};
// Example of how to configure a zone for which this server is the master:
//zone "example.com" IN {
// type master;
// file "/etc/bind/master/example.com";
//};
// You can include files:
//include "/etc/bind/example.conf";

View File

@ -0,0 +1,104 @@
// Copy this file to /etc/bind/named.conf.options if you want to run bind as a
// recursive DNS resolver. If you want to run an authoritative nameserver
// instead, see Ventz's "example-configs/authoritative/named.conf.options"
//
// BIND supports using the same daemon as both authoritative nameserver and
// recursive resolver; it supports this because it is the oldest and original
// nameserver and so was designed before it was realized that combining these
// functions is inadvisable.
//
// In actual fact, combining these functions is a very bad idea. It is thus
// recommended that you run a given instance of BIND as either an authoritative
// nameserver or recursive resolver, not both. The example configuration herein
// provides a starting point for running a recursive resolver.
//
//
// *** IMPORTANT ***
// You should note that running an open DNS resolver (that is, a resolver which
// answers queries from any globally routable IP) makes the resolver vulnerable
// to abuse in the form of reflected DDoS attacks.
//
// These attacks are now widely prevalent on the open internet. Even if
// unadvertised, attackers can and will find your resolver by portscanning the
// global IPv4 address space.
//
// In one case the traffic generated using such an attack reached 300 Gb/s (!).
//
// It is therefore imperative that you take care to configure the resolver to
// only answer queries from IP address space you trust or control. See the
// "allow-recursion" directive below.
//
// Bear in mind that with these attacks, the "source" of a query will actually
// be the intended target of a DDoS attack, so this only protects other networks
// from attack, not your own; ideally therefore you should firewall DNS traffic
// at the borders of your network to eliminate spoofed traffic.
//
// This is a complex issue and some level of understanding of these attacks is
// advisable before you attempt to configure a resolver.
options {
directory "/var/bind";
// Specify a list of CIDR masks which should be allowed to issue recursive
// queries to the DNS server. Do NOT specify 0.0.0.0/0 here; see above.
allow-recursion {
127.0.0.1/32;
};
// If you want this resolver to itself resolve via means of another recursive
// resolver, uncomment this block and specify the IP addresses of the desired
// upstream resolvers.
//forwarders {
// 8.8.8.8;
// 8.8.4.4;
//};
// By default the resolver will attempt to perform recursive resolution itself
// if the forwarders are unavailable. If you want this resolver to fail outright
// if the upstream resolvers are unavailable, uncomment this directive.
//forward only;
// Configure the IPs to listen on here.
listen-on { 127.0.0.1; };
listen-on-v6 { none; };
// If you have problems and are behind a firewall:
//query-source address * port 53;
pid-file "/var/run/named/named.pid";
// Removing this block will cause BIND to revert to its default behaviour
// of allowing zone transfers to any host (!). There is no need to allow zone
// transfers when operating as a recursive resolver.
allow-transfer { none; };
};
// Briefly, a zone which has been declared delegation-only will be effectively
// limited to containing NS RRs for subdomains, but no actual data beyond its
// own apex (for example, its SOA RR and apex NS RRset). This can be used to
// filter out "wildcard" or "synthesized" data from NAT boxes or from
// authoritative name servers whose undelegated (in-zone) data is of no
// interest.
// See http://www.isc.org/products/BIND/delegation-only.html for more info
//zone "COM" { type delegation-only; };
//zone "NET" { type delegation-only; };
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "pri/localhost.zone";
allow-update { none; };
notify no;
};
zone "127.in-addr.arpa" IN {
type master;
file "pri/127.zone";
allow-update { none; };
notify no;
};

View File

@ -0,0 +1,16 @@
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
controls {
inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};
include "/etc/bind/rndc.key";
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";

View File

@ -0,0 +1,28 @@
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/default-zones/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/default-zones/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/default-zones/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/default-zones/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/default-zones/db.255";
};

View File

@ -0,0 +1,42 @@
//
// Do any local configuration here
//
///////////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////////
// STANDARD ZONES
include "/etc/bind/named.conf.default-zones";
// Consider adding the 1918 zones here, if they are not used in your
// organization
include "/etc/bind/named.conf.rfc1918";
///////////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////////
#######################################
# REVERSE 'PTR' RECORDS #
#######################################
# example reverse zone: 1.2.3.4/24
//zone "4.3.2.1.in-addr.arpa" {
// type master;
// file "/var/bind/1.2.3.4.rev";
// notify yes;
//};
#######################################
# FORWARD 'A' RECORDS #
#######################################
# example "forward" (domain) zone: domain.tld
//zone "domain.tld" {
// type master;
// file "/var/bind/domain.tld";
// notify yes;
// #also-notify { a.b.c.d; };
// #allow-transfer { localhost; a.b.c.d; };
// # vs
// #allow-transfer { "none"; };
//};

View File

@ -0,0 +1,105 @@
options {
directory "/var/bind";
// Remove (hide) our bind version - no reason to disclose it
version "";
// Configure the IPs to listen on here.
listen-on { any; };
listen-on-v6 { none; };
// QUERY SOURCE - Useful for caching servers behind a firewall
// Default: address * port *
// Values : The IP address and port to use as the source of queries to other servers
// If you have problems and are behind a firewall, uncomment:
//query-source address * port *;
pid-file "/var/run/named/named.pid";
// statistics-file "/var/cache/bind/named.stats";
// zone-statistics yes;
// If you want to allow only specific hosts to use the DNS server:
allow-query { 127.0.0.1; };
// Specify a list of IPs/masks to allow zone transfers to here.
//
// You can override this on a per-zone basis by specifying this inside a zone
// block.
//
// Warning: Removing this block will cause BIND to revert to its default
// behaviour of allowing zone transfers to any host (!).
allow-transfer { none; };
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// RECURSION - Required for caching servers
// Default: yes
// Values : yes, no
//
// yes: Attempt to resolve requests we are not authoritative for
// no : Do not resolve requests we are not authoritative for
//
// NOTE: Commented out because specified in each zone/view
recursion yes;
//recursion no;
// ALLOW-RECURSION - Who may use our caching server?
// Default: any;
// Values : any, none, (addresslist)
//
// any : anybody may use the caching server
// none : noone may use the caching server
// address: List of IP addresses that may use the caching server.
// allow-recursion { localhost; localnets; };
//
// NOTE: Commented out because specified in each zone/view
// allow-recursion { clients; servers; lan; };
//allow-recursion { none; };
allow-recursion { 127.0.0.1; };
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
8.8.8.8;
8.8.4.4;
};
// FORWARD - Recommended for caching servers
// Default: first
// Values : first, only
//
// first: Query "forwarders" first, then resolve request ourself
// only : Only query the "forwarders" to resolve requests
//
forward first;
// NOTIFY - Relevant to authoritative servers
// Default: yes
// Values : yes, explicit, no
//
// yes : Send DNS NOTIFY messages to slave servers in zone NS records when zone changes
// explicit: Only send DNS NOTIFY messages to "also-notify" hosts
// no : Never automatically send DNS NOTIFY messages
//
notify yes;
// Need this for SRV records
check-names master ignore;
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
};

View File

@ -0,0 +1,20 @@
zone "10.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; };
zone "16.172.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; };
zone "17.172.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; };
zone "18.172.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; };
zone "19.172.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; };
zone "20.172.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; };
zone "21.172.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; };
zone "22.172.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; };
zone "23.172.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; };
zone "24.172.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; };
zone "25.172.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; };
zone "26.172.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; };
zone "27.172.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; };
zone "28.172.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; };
zone "29.172.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; };
zone "30.172.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; };
zone "31.172.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; };
zone "168.192.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; };

View File

@ -1,4 +1,6 @@
#!/bin/sh
chown -R named:named /var/cache/bind
chown -R root:named /etc/bind /var/bind /var/run/named
chmod -R 770 /var/bind /var/run/named
chmod -R 750 /etc/bind
# Run in foreground and log to STDERR (console):
exec /usr/sbin/named -c /etc/bind/named.conf -g -u named

12
run.sh
View File

@ -1,12 +0,0 @@
#!/bin/bash
# NOTE: Please make sure you have /DATA with those directories as sources
# and the appropriate named.conf + zone files
docker run --name=dns-master01
-it -d \
--dns=8.8.8.8 --dns=8.8.4.4 \
-p 53:53/udp -p 53:53 \
-v /DATA/etc/bind:/etc/bind \
-v /DATA/var/cache/bind:/var/cache/bind \
-v /DATA/var/log/named:/var/log/named \
ventz/bind