Authoritative config for bind9 on Docker

mr.zog

7/30/24, 3:35 PM

https://hub.docker.com/r/internetsystemsconsortium/bind9

When the author of this documentation says,

You need to properly mount the following volumes:
/etc/bind - for configuration, your named.conf lives here
/var/cache/bind - the working directory, e.g. options { directory "/var/cache/bind"; };
/var/lib/bind - this is usually the place where the secondary zones are placed
/var/log - for logfiles

do they mean we should create a directory tree in the directory where our Dockerfile lives?

Below this under the title "Authoritative DNS server" they have some config file syntax. I can't tell if it's intended for the named.conf.local or named.conf.options file. What is your guess?

Thanks.

1 + 0

bind

docker

Score:2

Server

Håkan Lindqvist

7/30/24, 3:46 PM

do they mean we should create a directory tree in the directory where our Dockerfile lives?

I think what they are saying is just that you are expected to declare a docker --volume (or equivalent config if using docker compose or similar) for each of those paths, such that config and data files remain when you upgrade the container to a new image.
One option is indeed to map these volumes to host directories, but it's up to you where you choose to place these directories.

I can't tell if it's intended for the named.conf.local or named.conf.options file. What is your guess?

Looks like it's simply an example of named.conf.
The named.conf.local / named.conf.options files are nothing that BIND itself knows about, these are however used in the default Debian/Ubuntu BIND package config (referenced by include statements in their named.conf file).

+ 3

mr.zog

8/1/24, 3:23 PM

When I used https://github.com/isc-projects/bind9-docker/blob/v9.18/Dockerfile all I needed to do was add my config files to the /home/tzv/docker-bind9 (project dir) and add a few COPY lines to the example Dockerfile COPY named.conf /var/lib/bind/ COPY myfake.yu.zone /var/lib/bind/ COPY 10.168.192.in-addr.arpa /var/lib/bind/ before the last line: VOLUME ["/etc/bind", "/var/cache/bind", "/var/lib/bind", "/var/log"] and my bind9 service worked.

mr.zog

8/1/24, 3:31 PM

The confusing thing for me was, the official image is based on Ubuntu/Debian but the design of the config files in the bind9 image does not match the bind9 design config for the full OS. Example: named.conf on Debian is nothing but include statements whereas in the image it defines the location of zone files, listen-on etc.

Håkan Lindqvist

8/1/24, 4:31 PM

@mr.zog ISC is just using a very simple BIND config as their example. I won't pretend to know why they did it that way, but I can see some potential reasons: 1) it's much easier to show an example that's just a single file instead of spread over multiple files, 2) they probably don't feel overly attached to this config scheme that Debian chose to use, 3) users of their docker image don't even really need to know there's something Debian-like inside the box, 4) it's just an example config, nothing prevents a user from provide a Debian-style config if they already have opinions and prefer that.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Authoritative config for bind9 on Docker

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.