diff --git a/Dockerfile b/Dockerfile index 8b8ec19..5f2d69e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,22 +6,23 @@ LABEL ImageName="bind-hidden-primary" RUN \ apk add --no-cache bind bind-tools bash git openssh-client-default && \ mkdir -p /etc/named && \ - mkdir -p /etc/named/keys && \ mkdir -p /etc/named/zones && \ mkdir -p /etc/named-dist && \ - mkdir -p /var/log/named + mkdir -p /var/log/named && \ + chown -R named:named /etc/named/zones /var/log/named && \ + sed -i s,/etc/bind,/etc/named/zones, /etc/passwd && \ COPY named.conf /etc/named/ COPY whiskeylimahotel.de.zone /etc/named-dist/ COPY zones.conf /etc/named-dist/ -COPY transfer-key.conf /etc/named-dist/ COPY start.sh /usr/local/bin/start.sh RUN chmod +x /usr/local/bin/start.sh WORKDIR /etc/named VOLUME /etc/named/zones -VOLUME /etc/named/keys + +USER named EXPOSE 8053/udp EXPOSE 8053/tcp diff --git a/named.conf b/named.conf index f6be47e..9892ba9 100644 --- a/named.conf +++ b/named.conf @@ -1,41 +1,33 @@ -// BIND Configuration for Hidden Primary Server - options { directory "/etc/named/zones"; - pid-file "/var/run/named/named.pid"; + pid-file "/etc/named/zones/named.pid"; + + user "named"; + group "named"; // Hide version information version "DNS Server"; - // Listen on all IPv4 interfaces on port 8053 listen-on port 8053 { any; }; listen-on-v6 { none; }; - // Allow queries from anywhere (read-only) allow-query { any; }; + allow-transfer { any; }; - // Disable recursion (authoritative only) recursion no; - // Enable query logging querylog yes; - // Global notification and transfer settings notify yes; also-notify { 213.239.242.238; 213.133.100.103; 193.47.99.3; }; - - // Default transfer enabled - allow-transfer { any; }; }; -// Zone configurations (loaded from separate file) include "/etc/named/zones/zones.conf"; -// Logging configuration logging { channel default_log { file "/var/log/named/named.log" versions 3 size 5m;