<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto">This is extremely bad advice. Unless the OP understands what went wrong and how to fix it, advising them to change the image, change the architecture and mash random stuff into docker will only lead to more confusion and more problems in the future.<div><br></div><div>I was using ISC docker images with my students during the fall semester and the images work just fine both for authoritative and recursive workload. And I’ve tested them using both docker and podman.</div><div><br></div><div>Ondrej<br id="lineBreakAtBeginningOfSignature"><div dir="ltr"><div>--</div>Ondřej Surý — ISC (He/Him)<div><br></div><div>My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.</div></div><div dir="ltr"><br><blockquote type="cite">On 30. 12. 2024, at 9:21, Fajar Nugraha <fajar.nugraha+list@gmail.com> wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"><div dir="auto"><div dir="ltr"><div>Try these</div><div><br></div><div>Background info on my setup</div><div>- ubuntu 24.04 + <a href="https://docs.docker.com/engine/install/ubuntu/" target="_blank" rel="noreferrer">https://docs.docker.com/engine/install/ubuntu/</a> , arm64 (a vm on mac, if it matters). Other distros should work fine too, as long it can run docker compose.</div><div>- ubuntu/bind9:9.20-24.10_edge docker image . Mainly because internetsystemsconsortium/bind9 don't hame arm64 image.</div><div>- test on host port 10053 first, so you can make sure it works while still having whatever is currently using port 53 running (e.g. your non-docker bind9 setup)</div><div dir="ltr"><div>- make sure the user owns the directory and is part of "docker" group (in my case, the user name is "user")</div><div>$ id</div>uid=1000(user) gid=1000(user) groups=1000(user),997(docker)<br><div><br></div></div><div>Preparation:</div><div>- make sure docker-ce-cli and docker-compose-plugin is installed (if you can run "docker compose", you should be fine already)</div><div>- pick a directory (in my case, /data/bind9), make user the user running docker owns it.</div><div>- easiest way to setup sub directories for docker volumes: $ mkdir -m 1777 {etc,cache,lib}</div><div>- create minimal etc/named.conf</div><div>options {<br> directory "/var/cache/bind";<br> // needed if your ISP mess with DNS<br> dnssec-validation no;<br>};<br></div><div><br></div><div>- create this compose.yml, then run "docker compose up"</div><div>services:<br> bind9:<br> image: ubuntu/bind9:9.20-24.10_edge<br> command: "docker-entrypoint.sh -4"<br> ports:<br> - "10053:53"<br> - "10053:53/udp"<br> volumes:<br> - etc:/etc/bind<br> - lib:/var/lib/bind<br> - cache:/var/cache/bind<br>volumes:<br> etc:<br> driver: local<br> driver_opts:<br> device: "./etc"<br> type: none<br> o: bind<br> lib:<br> driver: local<br> driver_opts:<br> device: "./lib"<br> type: none<br> o: bind<br> cache:<br> driver: local<br> driver_opts:<br> device: "./cache"<br> type: none<br> o: bind<br></div><div><br></div><div>- or you can also run</div>docker run --rm -it --name bind9 \<br> -e TZ=UTC \<br> -p 10053:53 -p 10053:53/udp \<br> -v ./etc:/etc/bind \<br> -v ./lib:/var/lib/bind \<br> -v ./cache:/var/cache/bind \<br> ubuntu/bind9:9.20-24.10_edge \<br> docker-entrypoint.sh -4<br><div><br></div><div>- on another terminal, "dig <a href="http://google.com" target="_blank" rel="noreferrer">google.com</a> @<a href="http://127.0.0.1" target="_blank" rel="noreferrer">127.0.0.1</a> -p 10053"</div><div>- to exit, press ctrl-c on the docker / docker compose terminal</div><div>- to listen on your ip address port 53, replace "10053:53" with "your_ip_addres:53:53", e.g "192.168.25.156:53:53". note that you will also need to edit named.conf to allow queries from that subnet</div><div dir="auto"><br></div><div dir="auto">-- </div><div dir="auto">Fajar</div><div><br></div><div dir="ltr">On Mon, Dec 30, 2024 at 1:27 AM Pablo Andalaft Tarodo <<a href="mailto:pablo@heavenly.cl" target="_blank" rel="noreferrer">pablo@heavenly.cl</a>> wrote:</div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi all,<br>
<br>
<br>
Thanks for taking the time. I've been spending many hours on this, to no <br>
solution. But, some things that may shine more light:<br>
<br>
When the container is stuck restarting, the error, aside from exit code <br>
1, is "user 'bind' is not recognised" or something similar, and checking <br>
the container entrypoint "/usr/sbin/named -u bind -f -c <br>
/etc/bind/named.conf", it tries to use the user "bind" to start "named", <br>
but this user is present in the base image (checking /etc/passwd)...<br>
<br>
For a long time I wasn't able to find other logs and I resorted to using <br>
a Dockerfile to see if I could control more steps for the image, no help.<br>
<br>
So I started off with what works, running a container directly from the <br>
image (doesn't get stuck restarting), and copying the files to it <br>
`docker container cp /config/named.conf <br>
<container_name>:/etc/bind/named.conf` etc., and finally exec'ing into <br>
the container's shell and launching `/usr/sbin/named -u bind -f -g -c <br>
/etc/bind/named.conf`, this showed me that there were some errors in the <br>
config (thanks for the -g heads up), that I could address.<br>
<br>
However through docker compose, I still get the "named: user 'bind' <br>
unknown" error.<br>
<br></blockquote><div><br></div><div><br></div><div> </div></div></div></div>
<span>-- </span><br><span>Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list</span><br><span></span><br><span>ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.</span><br><span></span><br><span></span><br><span>bind-users mailing list</span><br><span>bind-users@lists.isc.org</span><br><span>https://lists.isc.org/mailman/listinfo/bind-users</span><br></div></blockquote></div></body></html>