1
0
Fork 0

add support for Debian Bookworm / PowerDNS 4.6

This commit is contained in:
Pim van den Berg 2022-06-22 13:57:30 +02:00
parent 043c456fdf
commit aec33942bb
3 changed files with 58 additions and 2 deletions

View File

@ -5,6 +5,11 @@
* Bind backend support only
* DNSSEC support (optional per zone)
# Supported tags and respective `Dockerfile` links
- [`4.6-bookworm`, `latest`](https://github.com/pommi/docker-powerdns/blob/master/debian/12/Dockerfile)
- [`4.4-bullseye`](https://github.com/pommi/docker-powerdns/blob/master/debian/11/Dockerfile)
# Usage
```
@ -32,7 +37,7 @@ $ docker run -it \
-v $(pwd)/named.conf:/etc/powerdns/named.conf \
-v $(pwd)/zones/:/var/lib/powerdns/zones/ \
-p 5353:53/udp -p 5353:53 \
pommib/powerdns:4.4-bullseye
pommib/powerdns:latest
$ dig +short @127.0.0.1 -p5353 example.tld A
192.0.2.1
@ -46,7 +51,7 @@ version: "3"
services:
powerdns:
container_name: powerdns
image: pommib/powerdns:4.4-bullseye
image: pommib/powerdns:latest
ports:
- "5353:53/tcp"
- "5353:53/udp"

21
debian/12/Dockerfile vendored Normal file
View File

@ -0,0 +1,21 @@
FROM debian:bookworm-slim
RUN set -eux; \
apt-get update; \
apt-get install -y --no-install-recommends \
pdns-server \
pdns-backend-bind \
sqlite3 \
bind9-dnsutils \
inotify-tools \
; \
rm -rf /var/lib/apt/lists/*
ADD start.sh /
EXPOSE 53/tcp 53/udp
VOLUME ["/var/lib/powerdns"]
CMD /start.sh
HEALTHCHECK CMD dig +timeout=1 @127.0.0.1 || exit 1

30
debian/12/start.sh vendored Executable file
View File

@ -0,0 +1,30 @@
#!/bin/bash
# create sqlite database for DNSSEC
if test ! -e /var/lib/powerdns/bind-dnssec-db.sqlite3; then
echo [$0] Initializing /var/lib/powerdns/bind-dnssec-db.sqlite3
/usr/bin/pdnsutil create-bind-db /var/lib/powerdns/bind-dnssec-db.sqlite3
fi
sed -i 's/^# bind-dnssec-db=/bind-dnssec-db=\/var\/lib\/powerdns\/bind-dnssec-db.sqlite3/' /etc/powerdns/pdns.d/bind.conf
# start powerdns server
/usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no &
# watch for zone changes
inotifywait -mqre modify --exclude '\.git' --format '%w%f' "/var/lib/powerdns/zones/" |
while read -r path; do
zone=$(basename $path)
echo [$0] A modification was detected in $path
echo [$0] Executing \`/usr/bin/pdns_control bind-reload-now $zone\`
/usr/bin/pdns_control bind-reload-now $zone
if pdnsutil show-zone $zone 2>/dev/null | grep -q "Zone is not actively secured"; then
echo [$0] Zone is not actively secured, skipping \`pdnsutil rectify-zone $zone\`
else
echo [$0] DNSSEC secured zone. Executing \`pdnsutil rectify-zone $zone\`
/usr/bin/pdnsutil rectify-zone $zone
fi
done &
wait -n
exit $?