user

Dockerfile

@@ -6,22 +6,23 @@ LABEL ImageName="bind-hidden-primary"
 RUN \
   apk add --no-cache bind bind-tools bash git openssh-client-default && \
   mkdir -p /etc/named && \
-  mkdir -p /etc/named/keys && \
   mkdir -p /etc/named/zones && \
   mkdir -p /etc/named-dist && \
-  mkdir -p /var/log/named
+  mkdir -p /var/log/named && \
+  chown -R named:named /etc/named/zones /var/log/named && \
+  sed -i s,/etc/bind,/etc/named/zones, /etc/passwd && \
 
 COPY named.conf /etc/named/
 COPY whiskeylimahotel.de.zone /etc/named-dist/
 COPY zones.conf /etc/named-dist/
-COPY transfer-key.conf /etc/named-dist/
 COPY start.sh /usr/local/bin/start.sh
 
 RUN chmod +x /usr/local/bin/start.sh
 
 WORKDIR /etc/named
 VOLUME /etc/named/zones
-VOLUME /etc/named/keys
+
+USER named
 
 EXPOSE 8053/udp
 EXPOSE 8053/tcp

named.conf

@@ -1,41 +1,33 @@
-// BIND Configuration for Hidden Primary Server
-
 options {
     directory "/etc/named/zones";
-    pid-file "/var/run/named/named.pid";
+    pid-file "/etc/named/zones/named.pid";
+    
+    user "named";
+    group "named";
     
     // Hide version information
     version "DNS Server";
     
-    // Listen on all IPv4 interfaces on port 8053
     listen-on port 8053 { any; };
     listen-on-v6 { none; };
     
-    // Allow queries from anywhere (read-only)
     allow-query { any; };
+    allow-transfer { any; };
     
-    // Disable recursion (authoritative only)
     recursion no;
     
-    // Enable query logging
     querylog yes;
     
-    // Global notification and transfer settings
     notify yes;
     also-notify {
         213.239.242.238;
         213.133.100.103;
         193.47.99.3;
     };
-    
-    // Default transfer enabled
-    allow-transfer { any; };
 };
 
-// Zone configurations (loaded from separate file)
 include "/etc/named/zones/zones.conf";
 
-// Logging configuration
 logging {
     channel default_log {
         file "/var/log/named/named.log" versions 3 size 5m;