Updated Docker images (9.18, 9.20, 9.21) - now based on Alpine Linux
Ondřej Surý
ondrej at isc.org
Tue Aug 27 08:21:54 UTC 2024
Hello,
the Docker images have been updated to use Alpine Linux as the base image
and the bind9 binaries are now compiled from the source while building the
Docker images. This is more in-line with the expected Docker (Podman) workflow.
Externally, there should not be any visible changes to the current installations.
The named.conf has been simplified, but the configuration remained the same,
and if you are using custom (mapped /etc/bind) configuration, the new docker
image will not touch any externally managed configuration.
As usual, please first deploy in staging environment and report if anything is broken.
The more comprehensive instructions are listed at the official Docker Hub repository:
https://hub.docker.com/r/internetsystemsconsortium/bind9
TL;DR for the current stable version
How to run BIND 9 as a resolver:
docker run \
--name=bind9 \
--restart=always \
--publish 53:53/udp \
--publish 53:53/tcp \
internetsystemsconsortium/bind9:9.20
How to run BIND 9 as an authoritative server:
docker run \
--name=bind9 \
--restart=always \
--publish 53:53/udp \
--publish 53:53/tcp \
--publish 127.0.0.1:953:953/tcp \
--volume /etc/bind \
--volume /var/cache/bind \
--volume /var/lib/bind \
--volume /var/log \
internetsystemsconsortium/bind9:9.20
The /etc/bind needs custom named.conf + rndc.key and you need
to make sure that the named in the container can read the configuration
and zone files.
NOTES:
- replace 9.20 with 9.18 for the Extended Support Version, use 9.21 for the development version
- expose port 853 for DoT with ephemeral certificate
- expose port 443 for DoH with ephemeral certificate on /dns-query
Ondrej
--
Ondřej Surý (He/Him)
ondrej at isc.org
My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
More information about the bind-users
mailing list