8000 GitHub - thompsondt/dockerdns: Docker-BIND DNS Server
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

thompsondt/dockerdns

BranchesTags

Repository files navigation

Docker-BIND DNS Server

A containerized DNS server powered by BIND.

This project consists of two components:

  • The DNS Recursor - By default, this component forwards queries to upstream DNS servers and caches their responses
  • The DNS Nameserver - This component is a slightly different configuration of bind that functions as exclusively as an authoritative name server

Design Considerations

  • BIND SHOULD NOT simultaneously operate as a recursor and an authoritative name server - this is why the project consists of two components rather than one

Usage

Secure Your Deployment

To communicate between components bind needs a key to authenticate those communications. An RNDC key will be generated automatically at /etc/bind/rndc/rndc.key if one isn't found at startup. A new key can be generated at any time using the rndc-confgen command. Keys can be shared by mounting the containers at a shared volume at the time of deployment.

docker-compose.yml:

version: '3.3'
services:
    ...

    recursor:
        volumes:
           - rndc_shared_key:/etc/bind/rndc/
    ...

    nameserver:
        volumes:
            - rndc_shared_key:/etc/bind/rndc/

volumes:
    rndc_shared_key:     
        driver: local

DNSSEC Validation

While you can turn off DNSSEC Validation the BIND_RECURSOR_DNSSEC_VALIDATION environment variable on the recursor, I'd leave this parameter alone. I use it only intesting.

Configuring The Recursor

On the recursor, set the BIND_NAMESERVER_IP to point to the host IP of the machine which runs your authoritative nameserver. If you're running the nameserver on the same host as the recursor then you can grab the host IP programmatically with scripts/hostIP.py.

Configuring The Nameserver

To configure the name server, you need to override /etc/bind/local with a volume containing your local configuration, options, and zone files.

Working with Git Secrets

There are some secrets in this repository, like the zonefiles that I'm using in production. To see those secrets use git secrets reveal. You will need to have the necessary permission to reveal secrets, however.

Deployment from Development

It's possible to deploy to a target environment from within the devcontainer. Prior to loading the devcontainer, one must add the private ssh key for the target environment to the local ssh-agent.

NOTE:

The d 683E eployment script currently contains secrets and is hidden from the repository. To reveal the deployment script, use git secret reveal.

Setup SSH Keys

On the local environment:

  1. Create an ssh key for the target environment
  2. Use ssh-add $HOME/.ssh/private_key to add the private key to your ssh-agent.

Testing SSH from within the DevContainer

  1. ssh user@example.com
    • This should succeed

Deploy Tokens

You will need a GitLab Deploy Token to pull images from the private container registry. See: https://docs.gitlab.com/ee/user/project/deploy_tokens/index.html

About

Docker-BIND DNS Server

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages
0