add support for Debian Bookworm / PowerDNS 4.6
This commit is contained in:
parent
043c456fdf
commit
aec33942bb
3 changed files with 58 additions and 2 deletions
|
|
@ -5,6 +5,11 @@
|
|||
* Bind backend support only
|
||||
* DNSSEC support (optional per zone)
|
||||
|
||||
# Supported tags and respective `Dockerfile` links
|
||||
|
||||
- [`4.6-bookworm`, `latest`](https://github.com/pommi/docker-powerdns/blob/master/debian/12/Dockerfile)
|
||||
- [`4.4-bullseye`](https://github.com/pommi/docker-powerdns/blob/master/debian/11/Dockerfile)
|
||||
|
||||
# Usage
|
||||
|
||||
```
|
||||
|
|
@ -32,7 +37,7 @@ $ docker run -it \
|
|||
-v $(pwd)/named.conf:/etc/powerdns/named.conf \
|
||||
-v $(pwd)/zones/:/var/lib/powerdns/zones/ \
|
||||
-p 5353:53/udp -p 5353:53 \
|
||||
pommib/powerdns:4.4-bullseye
|
||||
pommib/powerdns:latest
|
||||
|
||||
$ dig +short @127.0.0.1 -p5353 example.tld A
|
||||
192.0.2.1
|
||||
|
|
@ -46,7 +51,7 @@ version: "3"
|
|||
services:
|
||||
powerdns:
|
||||
container_name: powerdns
|
||||
image: pommib/powerdns:4.4-bullseye
|
||||
image: pommib/powerdns:latest
|
||||
ports:
|
||||
- "5353:53/tcp"
|
||||
- "5353:53/udp"
|
||||
|
|
|
|||
21
debian/12/Dockerfile
vendored
Normal file
21
debian/12/Dockerfile
vendored
Normal file
|
|
@ -0,0 +1,21 @@
|
|||
FROM debian:bookworm-slim
|
||||
|
||||
RUN set -eux; \
|
||||
apt-get update; \
|
||||
apt-get install -y --no-install-recommends \
|
||||
pdns-server \
|
||||
pdns-backend-bind \
|
||||
sqlite3 \
|
||||
bind9-dnsutils \
|
||||
inotify-tools \
|
||||
; \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
ADD start.sh /
|
||||
|
||||
EXPOSE 53/tcp 53/udp
|
||||
VOLUME ["/var/lib/powerdns"]
|
||||
|
||||
CMD /start.sh
|
||||
|
||||
HEALTHCHECK CMD dig +timeout=1 @127.0.0.1 || exit 1
|
||||
30
debian/12/start.sh
vendored
Executable file
30
debian/12/start.sh
vendored
Executable file
|
|
@ -0,0 +1,30 @@
|
|||
#!/bin/bash
|
||||
|
||||
# create sqlite database for DNSSEC
|
||||
if test ! -e /var/lib/powerdns/bind-dnssec-db.sqlite3; then
|
||||
echo [$0] Initializing /var/lib/powerdns/bind-dnssec-db.sqlite3
|
||||
/usr/bin/pdnsutil create-bind-db /var/lib/powerdns/bind-dnssec-db.sqlite3
|
||||
fi
|
||||
sed -i 's/^# bind-dnssec-db=/bind-dnssec-db=\/var\/lib\/powerdns\/bind-dnssec-db.sqlite3/' /etc/powerdns/pdns.d/bind.conf
|
||||
|
||||
# start powerdns server
|
||||
/usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no &
|
||||
|
||||
# watch for zone changes
|
||||
inotifywait -mqre modify --exclude '\.git' --format '%w%f' "/var/lib/powerdns/zones/" |
|
||||
while read -r path; do
|
||||
zone=$(basename $path)
|
||||
echo [$0] A modification was detected in $path
|
||||
echo [$0] Executing \`/usr/bin/pdns_control bind-reload-now $zone\`
|
||||
/usr/bin/pdns_control bind-reload-now $zone
|
||||
if pdnsutil show-zone $zone 2>/dev/null | grep -q "Zone is not actively secured"; then
|
||||
echo [$0] Zone is not actively secured, skipping \`pdnsutil rectify-zone $zone\`
|
||||
else
|
||||
echo [$0] DNSSEC secured zone. Executing \`pdnsutil rectify-zone $zone\`
|
||||
/usr/bin/pdnsutil rectify-zone $zone
|
||||
fi
|
||||
done &
|
||||
|
||||
wait -n
|
||||
|
||||
exit $?
|
||||
Loading…
Add table
Add a link
Reference in a new issue