.gitsecret/keys/random_seed

SHELL := /bin/bash

export TEST_HOST_IP=$(shell python scripts/hostIP.py;)

default: build

clean:

docker stack rm dns

deploy-test: build

docker stack deploy --resolve-image=never --compose-file docker-compose.test.yml dns --prune

test: deploy-test

python3 "tests/functional tests.py"

test-cst:

bash "tests/container tests.sh"

build:

docker build -t recursor:latest -f ./recursor/Dockerfile ./recursor

docker build -t nameserver:latest -f ./nameserver/Dockerfile ./nameserver

A containerized DNS server powered by BIND.

This project consists of two components:

* The **DNS Recursor** - By default, this component forwards queries to upstream DNS servers and caches their responses

* The **DNS Nameserver** - This component is a slightly different configuration of bind that functions as exclusively as an authoritative name server

* BIND SHOULD NOT simultaneously operate as a recursor *and* an authoritative name server - this is why the project consists of two components rather than one

To communicate between components bind needs a key to authenticate those communications. An RNDC key will be generated automatically at /etc/bind/rndc/rndc.key if one isn't found at startup. A new key can be generated at any time using the `rndc-confgen` command. Keys can be shared by mounting the containers at a shared volume at the time of deployment.

*docker-compose.yml:*

version: '3.3'

services:

...

recursor:

volumes:

- rndc_shared_key:/etc/bind/rndc/

...

nameserver:

volumes:

- rndc_shared_key:/etc/bind/rndc/

volumes:

rndc_shared_key:

driver: local

version: '3.3'

services:

recursor:

build:

context: ./recursor

dockerfile: Dockerfile

ports:

# Requires Port 53 UDP as the Primary Port with TCP as a fallback

# https://bind9.readthedocs.io/en/latest/dnssec-guide.html?highlight=53#wait-dns-uses-tcp

- "53:53/udp"

- "53:53"

version: '3.3'

services:

recursor:

image: recursor:latest

ports:

# Requires Port 53 UDP as the Primary Port with TCP as a fallback

# https://bind9.readthedocs.io/en/latest/dnssec-guide.html?highlight=53#wait-dns-uses-tcp

- "53:53/udp"

- "53:53"

environment:

- BIND_NAMESERVER_IP=${TEST_HOST_IP}

- BIND_RECURSOR_DNSSEC_VALIDATION=no

volumes:

- rndc_shared_key:/etc/bind/rndc/

nameserver:

image: nameserver:latest

ports:

- "8053:53/udp"

- "8053:53"

volumes:

- rndc_shared_key:/etc/bind/rndc/

volumes:

rndc_shared_key:

driver: local

FROM alpine:3.13 as build

RUN apk update && apk add bind;

COPY etc/bind/ /etc/bind/

COPY entrypoint.sh /sbin/entrypoint.sh

RUN chmod 755 /sbin/entrypoint.sh

RUN cd /etc/bind && rm rndc.key && ln -s rndc/rndc.key rndc.key

RUN adduser -g bind -HD bind && \

chown -R root:bind /etc/bind && \

chown -R root:bind /run/named && \

chown -R root:bind /var/bind

EXPOSE 53/udp 53/tcp

ENTRYPOINT ["/sbin/entrypoint.sh"]