coryHawkvelt
/
docker-bind
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Cleaned up notes, structure, build, supplied run, etc

This commit is contained in:
Ventz Petkov 2017-03-14 04:37:37 -04:00
parent 08a6019c24
commit 9a282a87b6
6 changed files with 70 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
Dockerfile
View File

@ -1,21 +0,0 @@
FROM alpine:latest
EXPOSE 53
RUN apk --update add bind
RUN mkdir -m 0755 -p /var/run/named && chown -R root:named /var/run/named
# /var/cache/bind needs to be owned by "bind"
# since we are mounting, do it manually
# NOTE: Per Dockerfile manual --> need to mkdir the mounted dir to chown
RUN mkdir -m 0755 -p /var/cache/bind && touch /var/cache/bind/docker-init && chown -R named:named /var/cache/bind
# Mounts
# NOTE: Per Dockerfile manual -->
# "if any build steps change the data within the volume
# after it has been declared, those changes will be discarded."
VOLUME ["/etc/bind"]
VOLUME ["/var/cache/bind"]
COPY entrypoint.sh /
ENTRYPOINT ["/entrypoint.sh"]

47
README.md
View File

@ -1,22 +1,43 @@
NOTE: Example assumes you have a "/dns-slave01" with your container specific data! ### ISC BIND9 Container (Stable: 9.10.4_xx) built on top of Alpine
Change as needed with the SRC data that you are mounting into the container.
## Required "DATA" directory - named.conf and zone data: This container is a super small (~5MB compressed pull, and only ~9MB
This container assumes you have a "/dns" folder with your container specific data: when extracted) FULL version of ISC BIND9.
You can change that folder as needed, but make sure you update the "-v" mounts for run time
1.) [ *REQUIRED* ] In your /dns/etc/bind a file "named.conf", which acts as an entry point to your configs It is ideal for a quick master, slave, recursive server/resolver, RPZ
"dns firewall", or just about any other purpose you can use bind for.
2.) [ *REQUIRED* ] A "/dns/var/cache/bind" directory for all of the master or slave zones. If it's for slave zones, it will populate automatically and you can leave it blank. # Security - always on the latest stable release!
This container will _always_ be up to date on the latest
stable+patched version, usually within 24 hours of it being available
in Alpine. In fact, most of the BIND vulnerabilities so far have been
reported by me to the Alpine developers.
3.) [ *OPTIONAL* ] "/dns/var/log/named" directory for logging your DNS requests/returns/other breakdown. # Required "DATA" directory - for named.conf and zone data:
This container assumes you have a "/DATA" folder with with your container specific data.
You can change that folder (and sub-folders) as needed, but make sure you update the "-v" mounts for the run.
## Run BIND Container: Specifically, you need to have these directories/paths:
``` ```
docker run --name=dns-slave01 -d --dns=8.8.8.8 --dns=8.8.4.4 \ 1.) [ *REQUIRED* ]
In your "/DATA/etc/bind" directory, a file "named.conf", which acts as an entry point to your configs
2.) [ *REQUIRED* ]
A "/DATA/var/cache/bind" directory for all of the master or slave zones. If it's for slave zones, it will populate automatically and you can leave it blank.
3.) [ *OPTIONAL* ]
A "/DATA/var/log/named" directory for logging your DNS requests/returns/other breakdown. By default, logging is done to the console
```
# How to run a BIND ("named") Docker Container?
```
docker run --name=dns-master01
-it -d \
--dns=8.8.8.8 --dns=8.8.4.4 \
-p 53:53/udp -p 53:53 \ -p 53:53/udp -p 53:53 \
-v /dns-slave01/etc/bind:/etc/bind \ -v /DATA/etc/bind:/etc/bind \
-v /dns-slave01/var/cache/bind:/var/cache/bind \ -v /DATA/var/cache/bind:/var/cache/bind \
-v /dns-slave01/var/log/named:/var/log/named \ -v /DATA/var/log/named:/var/log/named \
ventz/bind ventz/bind
``` ```

2
build.sh Normal file
View File

@ -0,0 +1,2 @@
#!/bin/bash
docker build --rm=true --force-rm=true -t ventz/bind container

21
container/Dockerfile Normal file
View File

@ -0,0 +1,21 @@
FROM alpine:latest
EXPOSE 53 53/udp
RUN apk --update add bind
RUN mkdir -m 0755 -p /var/run/named && chown -R root:named /var/run/named
# /var/cache/bind needs to be owned by "bind"
# since we are mounting, do it manually
# NOTE: Per Dockerfile manual --> need to mkdir the mounted dir to chown
RUN mkdir -m 0755 -p /var/cache/bind && touch /var/cache/bind/docker-init && chown -R named:named /var/cache/bind
# Mounts
# NOTE: Per Dockerfile manual -->
# "if any build steps change the data within the volume
# after it has been declared, those changes will be discarded."
VOLUME ["/etc/bind"]
VOLUME ["/var/cache/bind"]
COPY entrypoint.sh /
ENTRYPOINT ["/entrypoint.sh"]

1
entrypoint.sh → container/entrypoint.sh
View File

@ -1,3 +1,4 @@
#!/bin/sh #!/bin/sh
chown -R named:named /var/cache/bind chown -R named:named /var/cache/bind
# Run in foreground and log to STDERR (console):
/usr/sbin/named -c /etc/bind/named.conf -g -u named /usr/sbin/named -c /etc/bind/named.conf -g -u named

12
run.sh Normal file
View File

@ -0,0 +1,12 @@
#!/bin/bash
# NOTE: Please make sure you have /DATA with those directories as sources
# and the appropriate named.conf + zone files
docker run --name=dns-master01
-it -d \
--dns=8.8.8.8 --dns=8.8.4.4 \
-p 53:53/udp -p 53:53 \
-v /DATA/etc/bind:/etc/bind \
-v /DATA/var/cache/bind:/var/cache/bind \
-v /DATA/var/log/named:/var/log/named \
ventz/bind