From 67a4f2b02e41aee29855e7d0f6957f46c49d3546 Mon Sep 17 00:00:00 2001 From: Pim van den Berg Date: Thu, 30 Jun 2022 14:15:26 +0200 Subject: [PATCH 01/10] exclude .swp files in inotifywait --- debian/11/start.sh | 2 +- debian/12/start.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/11/start.sh b/debian/11/start.sh index 060842c..924a34b 100755 --- a/debian/11/start.sh +++ b/debian/11/start.sh @@ -11,7 +11,7 @@ sed -i 's/^# bind-dnssec-db=/bind-dnssec-db=\/var\/lib\/powerdns\/bind-dnssec-db /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no & # watch for zone changes -inotifywait -mqre modify --exclude '\.git' --format '%w%f' "/var/lib/powerdns/zones/" | +inotifywait -mqre modify --exclude '\.git' --exclude '.*\.swp' --format '%w%f' "/var/lib/powerdns/zones/" | while read -r path; do zone=$(basename $path) echo [$0] A modification was detected in $path diff --git a/debian/12/start.sh b/debian/12/start.sh index 060842c..924a34b 100755 --- a/debian/12/start.sh +++ b/debian/12/start.sh @@ -11,7 +11,7 @@ sed -i 's/^# bind-dnssec-db=/bind-dnssec-db=\/var\/lib\/powerdns\/bind-dnssec-db /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no & # watch for zone changes -inotifywait -mqre modify --exclude '\.git' --format '%w%f' "/var/lib/powerdns/zones/" | +inotifywait -mqre modify --exclude '\.git' --exclude '.*\.swp' --format '%w%f' "/var/lib/powerdns/zones/" | while read -r path; do zone=$(basename $path) echo [$0] A modification was detected in $path From 288045eb535f42ac147bf37a6c21d17f13a520fd Mon Sep 17 00:00:00 2001 From: Pim van den Berg Date: Fri, 1 Jul 2022 15:42:00 +0200 Subject: [PATCH 02/10] add drone-ci --- .drone.yml | 81 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 .drone.yml diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..9fa1715 --- /dev/null +++ b/.drone.yml @@ -0,0 +1,81 @@ +kind: pipeline +type: docker +name: build + +steps: + - name: build + image: docker:dind + volumes: + - name: dockersock + path: /var/run + environment: + DOCKER_USERNAME: + from_secret: docker_username + DOCKER_PASSWORD: + from_secret: docker_password + commands: + - sleep 5 # give docker enough time to start + - echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin + - ./debian/11/build.sh + - ./debian/12/build.sh + when: + branch: + - master + event: + - push + +services: + - name: docker + image: docker:dind + privileged: true + volumes: + - name: dockersock + path: /var/run + +volumes: + - name: dockersock + temp: {} + +trigger: + branch: + - master + event: + - push +--- +kind: pipeline +type: docker +name: rebuild + +steps: + - name: rebuild + image: docker:dind + volumes: + - name: dockersock + path: /var/run + environment: + DOCKER_USERNAME: + from_secret: docker_username + DOCKER_PASSWORD: + from_secret: docker_password + commands: + - sleep 5 # give docker enough time to start + - echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin + - ./build/rebuild.sh + +services: + - name: docker + image: docker:dind + privileged: true + volumes: + - name: dockersock + path: /var/run + +volumes: + - name: dockersock + temp: {} + +trigger: + event: + - cron + cron: + - rebuild From 15e959391d81e909010ae39b10db2b249517ab84 Mon Sep 17 00:00:00 2001 From: Pim van den Berg Date: Sat, 17 Sep 2022 15:24:14 +0200 Subject: [PATCH 03/10] fix(Dockerfile): fail build when apt-get fails --- debian/11/Dockerfile | 10 +++++----- debian/11/build.sh | 2 +- debian/12/Dockerfile | 10 +++++----- debian/12/build.sh | 2 +- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/debian/11/Dockerfile b/debian/11/Dockerfile index 70beedd..e8e3b95 100644 --- a/debian/11/Dockerfile +++ b/debian/11/Dockerfile @@ -1,15 +1,15 @@ FROM debian:bullseye-slim -RUN set -eux; \ - apt-get update; \ - apt-get upgrade -y; \ - apt-get install -y --no-install-recommends \ +RUN set -eux && \ + apt-get update && \ + DEBIAN_FRONTEND=noninteractive apt-get upgrade -y && \ + DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ pdns-server \ pdns-backend-bind \ sqlite3 \ bind9-dnsutils \ inotify-tools \ - ; \ + && \ rm -rf /var/lib/apt/lists/* ADD start.sh / diff --git a/debian/11/build.sh b/debian/11/build.sh index c7a1f93..7c1f192 100755 --- a/debian/11/build.sh +++ b/debian/11/build.sh @@ -1,6 +1,6 @@ #!/bin/sh -set -x +set -ex IMAGE=pommib/powerdns:4.4-bullseye docker pull $IMAGE diff --git a/debian/12/Dockerfile b/debian/12/Dockerfile index 57fe68b..9964bb9 100644 --- a/debian/12/Dockerfile +++ b/debian/12/Dockerfile @@ -1,15 +1,15 @@ FROM debian:bookworm-slim -RUN set -eux; \ - apt-get update; \ - apt-get upgrade -y; \ - apt-get install -y --no-install-recommends \ +RUN set -eux && \ + apt-get update && \ + DEBIAN_FRONTEND=noninteractive apt-get upgrade -y && \ + DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ pdns-server \ pdns-backend-bind \ sqlite3 \ bind9-dnsutils \ inotify-tools \ - ; \ + && \ rm -rf /var/lib/apt/lists/* ADD start.sh / diff --git a/debian/12/build.sh b/debian/12/build.sh index acb58d4..0338aad 100755 --- a/debian/12/build.sh +++ b/debian/12/build.sh @@ -1,6 +1,6 @@ #!/bin/sh -set -x +set -ex IMAGE=pommib/powerdns:4.6-bookworm docker pull $IMAGE From 197a87f26879c455148aa3dc7ad5d1cbd5c83d16 Mon Sep 17 00:00:00 2001 From: Pim van den Berg Date: Sun, 18 Sep 2022 15:54:43 +0200 Subject: [PATCH 04/10] fix: configure MTU for docker:dind service to 1492 https://blog.zespre.com/dind-mtu-size-matters.html --- .drone.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.drone.yml b/.drone.yml index 9fa1715..d322cd2 100644 --- a/.drone.yml +++ b/.drone.yml @@ -31,6 +31,11 @@ services: volumes: - name: dockersock path: /var/run + command: + - dockerd-entrypoint.sh + - dockerd + - --host=unix:///var/run/docker.sock + - --mtu=1492 volumes: - name: dockersock @@ -69,6 +74,11 @@ services: volumes: - name: dockersock path: /var/run + command: + - dockerd-entrypoint.sh + - dockerd + - --host=unix:///var/run/docker.sock + - --mtu=1492 volumes: - name: dockersock From f27537448c8ba229e254f0a749d89963ae60195d Mon Sep 17 00:00:00 2001 From: Pim van den Berg Date: Sat, 19 Nov 2022 17:16:31 +0100 Subject: [PATCH 05/10] fix(rebuild): the input device is not a TTY --- build/rebuild.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/build/rebuild.sh b/build/rebuild.sh index 41a1af8..eb95b94 100755 --- a/build/rebuild.sh +++ b/build/rebuild.sh @@ -1,8 +1,10 @@ #!/bin/sh +set -x + updates_available () { docker pull $1 - if test "$(docker run -it --rm $1 /bin/sh -c 'apt -qqq update && apt -qq list --upgradable')" != ""; then + if test "$(docker run --rm $1 /bin/sh -c 'apt -qqq update && apt -qq list --upgradable')" != ""; then return 0 else return 1 From 49e6e9ce561c51fbba938783c9570f8c81bdb2ba Mon Sep 17 00:00:00 2001 From: Pim van den Berg Date: Sat, 24 Dec 2022 19:53:13 +0100 Subject: [PATCH 06/10] fix: merge inotifywait --exclude args inotifywait only takes the last --exclude argument --- debian/11/start.sh | 2 +- debian/12/start.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/11/start.sh b/debian/11/start.sh index 924a34b..e650da1 100755 --- a/debian/11/start.sh +++ b/debian/11/start.sh @@ -11,7 +11,7 @@ sed -i 's/^# bind-dnssec-db=/bind-dnssec-db=\/var\/lib\/powerdns\/bind-dnssec-db /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no & # watch for zone changes -inotifywait -mqre modify --exclude '\.git' --exclude '.*\.swp' --format '%w%f' "/var/lib/powerdns/zones/" | +inotifywait -mqre modify --exclude '.*(\.git|.*\.swp)' --format '%w%f' "/var/lib/powerdns/zones/" | while read -r path; do zone=$(basename $path) echo [$0] A modification was detected in $path diff --git a/debian/12/start.sh b/debian/12/start.sh index 924a34b..e650da1 100755 --- a/debian/12/start.sh +++ b/debian/12/start.sh @@ -11,7 +11,7 @@ sed -i 's/^# bind-dnssec-db=/bind-dnssec-db=\/var\/lib\/powerdns\/bind-dnssec-db /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no & # watch for zone changes -inotifywait -mqre modify --exclude '\.git' --exclude '.*\.swp' --format '%w%f' "/var/lib/powerdns/zones/" | +inotifywait -mqre modify --exclude '.*(\.git|.*\.swp)' --format '%w%f' "/var/lib/powerdns/zones/" | while read -r path; do zone=$(basename $path) echo [$0] A modification was detected in $path From 3a364b462d1e81f92736bfd80b0303b9c4d9b12e Mon Sep 17 00:00:00 2001 From: Pim van den Berg Date: Sun, 29 Jan 2023 13:53:42 +0100 Subject: [PATCH 07/10] feat(readme): add section about SOA-EDIT = INCEPTION-INCREMENT --- README.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/README.md b/README.md index 1ac2cac..5128e23 100644 --- a/README.md +++ b/README.md @@ -87,3 +87,15 @@ DS = example.tld. IN DS 280 13 1 0dead339b7dacebb6750c7d4e5c9c0f4c19843a9 ; ( SH DS = example.tld. IN DS 280 13 2 f340e93c42b3c2c6fa8ef76e044ad2f064c1cd7484e785bdfca0f51cd548c88d ; ( SHA256 digest ) DS = example.tld. IN DS 280 13 4 a793c7e590a7701c7b39365f99655b865d11961c355a5eb59302282cf653aec8b051ddc9e36a9df0843cad29ca50149a ; ( SHA-384 digest ) ``` + +Set `SOA-EDIT` to `INCEPTION-INCREMENT` so that slaves get notified when a rollover has taken place: +``` +$ docker exec -it powerdns pdnsutil set-meta example.tld SOA-EDIT INCEPTION-INCREMENT +[bindbackend] Done parsing domains, 0 rejected, 1 new, 0 removed +Set 'example.tld' meta SOA-EDIT = INCEPTION-INCREMENT + +$ docker exec -it powerdns pdnsutil get-meta example.tld +[bindbackend] Done parsing domains, 0 rejected, 1 new, 0 removed +Metadata for 'example.tld' +SOA-EDIT = INCEPTION-INCREMENT +``` From d2ad01fd37d72e121fdcf927a30e055a4ccc035e Mon Sep 17 00:00:00 2001 From: Pim van den Berg Date: Sun, 4 Feb 2024 19:10:33 +0100 Subject: [PATCH 08/10] feat: drop Debian 11 support --- .drone.yml | 1 - README.md | 1 - build/rebuild.sh | 4 ---- debian/11/Dockerfile | 22 ---------------------- debian/11/build.sh | 9 --------- debian/11/start.sh | 30 ------------------------------ 6 files changed, 67 deletions(-) delete mode 100644 debian/11/Dockerfile delete mode 100755 debian/11/build.sh delete mode 100755 debian/11/start.sh diff --git a/.drone.yml b/.drone.yml index d322cd2..9986fb6 100644 --- a/.drone.yml +++ b/.drone.yml @@ -16,7 +16,6 @@ steps: commands: - sleep 5 # give docker enough time to start - echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin - - ./debian/11/build.sh - ./debian/12/build.sh when: branch: diff --git a/README.md b/README.md index 5128e23..53f6025 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,6 @@ # Supported tags and respective `Dockerfile` links - [`4.6-bookworm`, `latest`](https://github.com/pommi/docker-powerdns/blob/master/debian/12/Dockerfile) -- [`4.4-bullseye`](https://github.com/pommi/docker-powerdns/blob/master/debian/11/Dockerfile) # Usage diff --git a/build/rebuild.sh b/build/rebuild.sh index eb95b94..c05a772 100755 --- a/build/rebuild.sh +++ b/build/rebuild.sh @@ -11,10 +11,6 @@ updates_available () { fi } -if updates_available pommib/powerdns:4.4-bullseye; then - ./debian/11/build.sh -fi - if updates_available pommib/powerdns:4.6-bookworm; then ./debian/12/build.sh fi diff --git a/debian/11/Dockerfile b/debian/11/Dockerfile deleted file mode 100644 index e8e3b95..0000000 --- a/debian/11/Dockerfile +++ /dev/null @@ -1,22 +0,0 @@ -FROM debian:bullseye-slim - -RUN set -eux && \ - apt-get update && \ - DEBIAN_FRONTEND=noninteractive apt-get upgrade -y && \ - DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ - pdns-server \ - pdns-backend-bind \ - sqlite3 \ - bind9-dnsutils \ - inotify-tools \ - && \ - rm -rf /var/lib/apt/lists/* - -ADD start.sh / - -EXPOSE 53/tcp 53/udp -VOLUME ["/var/lib/powerdns"] - -CMD /start.sh - -HEALTHCHECK CMD dig +timeout=1 @127.0.0.1 || exit 1 diff --git a/debian/11/build.sh b/debian/11/build.sh deleted file mode 100755 index 7c1f192..0000000 --- a/debian/11/build.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh - -set -ex - -IMAGE=pommib/powerdns:4.4-bullseye -docker pull $IMAGE -docker pull debian:bullseye-slim -docker build --no-cache -t $IMAGE ./debian/11/ -docker push $IMAGE diff --git a/debian/11/start.sh b/debian/11/start.sh deleted file mode 100755 index e650da1..0000000 --- a/debian/11/start.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -# create sqlite database for DNSSEC -if test ! -e /var/lib/powerdns/bind-dnssec-db.sqlite3; then - echo [$0] Initializing /var/lib/powerdns/bind-dnssec-db.sqlite3 - /usr/bin/pdnsutil create-bind-db /var/lib/powerdns/bind-dnssec-db.sqlite3 -fi -sed -i 's/^# bind-dnssec-db=/bind-dnssec-db=\/var\/lib\/powerdns\/bind-dnssec-db.sqlite3/' /etc/powerdns/pdns.d/bind.conf - -# start powerdns server -/usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no & - -# watch for zone changes -inotifywait -mqre modify --exclude '.*(\.git|.*\.swp)' --format '%w%f' "/var/lib/powerdns/zones/" | - while read -r path; do - zone=$(basename $path) - echo [$0] A modification was detected in $path - echo [$0] Executing \`/usr/bin/pdns_control bind-reload-now $zone\` - /usr/bin/pdns_control bind-reload-now $zone - if pdnsutil show-zone $zone 2>/dev/null | grep -q "Zone is not actively secured"; then - echo [$0] Zone is not actively secured, skipping \`pdnsutil rectify-zone $zone\` - else - echo [$0] DNSSEC secured zone. Executing \`pdnsutil rectify-zone $zone\` - /usr/bin/pdnsutil rectify-zone $zone - fi - done & - -wait -n - -exit $? From 14ae02d552007f91133dd23490dfd524906d0f0a Mon Sep 17 00:00:00 2001 From: Pim van den Berg Date: Wed, 6 Aug 2025 14:30:26 +0200 Subject: [PATCH 09/10] feat: add support for debian 13 (trixie) --- .drone.yml | 1 + README.md | 1 + build/rebuild.sh | 4 ++++ debian/13/Dockerfile | 22 ++++++++++++++++++++++ debian/13/build.sh | 9 +++++++++ debian/13/start.sh | 30 ++++++++++++++++++++++++++++++ 6 files changed, 67 insertions(+) create mode 100644 debian/13/Dockerfile create mode 100755 debian/13/build.sh create mode 100755 debian/13/start.sh diff --git a/.drone.yml b/.drone.yml index 9986fb6..b995a06 100644 --- a/.drone.yml +++ b/.drone.yml @@ -17,6 +17,7 @@ steps: - sleep 5 # give docker enough time to start - echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin - ./debian/12/build.sh + - ./debian/13/build.sh when: branch: - master diff --git a/README.md b/README.md index 53f6025..5cbe250 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,7 @@ # Supported tags and respective `Dockerfile` links - [`4.6-bookworm`, `latest`](https://github.com/pommi/docker-powerdns/blob/master/debian/12/Dockerfile) +- [`4.9-trixie`](https://github.com/pommi/docker-powerdns/blob/master/debian/13/Dockerfile) # Usage diff --git a/build/rebuild.sh b/build/rebuild.sh index c05a772..e05ade0 100755 --- a/build/rebuild.sh +++ b/build/rebuild.sh @@ -14,3 +14,7 @@ updates_available () { if updates_available pommib/powerdns:4.6-bookworm; then ./debian/12/build.sh fi + +if updates_available pommib/powerdns:4.9-trixie; then + ./debian/13/build.sh +fi diff --git a/debian/13/Dockerfile b/debian/13/Dockerfile new file mode 100644 index 0000000..4382fa3 --- /dev/null +++ b/debian/13/Dockerfile @@ -0,0 +1,22 @@ +FROM debian:trixie-slim + +RUN set -eux && \ + apt-get update && \ + DEBIAN_FRONTEND=noninteractive apt-get upgrade -y && \ + DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ + pdns-server \ + pdns-backend-bind \ + sqlite3 \ + bind9-dnsutils \ + inotify-tools \ + && \ + rm -rf /var/lib/apt/lists/* + +ADD start.sh / + +EXPOSE 53/tcp 53/udp +VOLUME ["/var/lib/powerdns"] + +CMD /start.sh + +HEALTHCHECK CMD dig +timeout=1 @127.0.0.1 || exit 1 diff --git a/debian/13/build.sh b/debian/13/build.sh new file mode 100755 index 0000000..c2b4dc4 --- /dev/null +++ b/debian/13/build.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +set -ex + +IMAGE=pommib/powerdns:4.9-trixie +#docker pull $IMAGE +docker pull debian:trixie-slim +docker build --no-cache -t $IMAGE ./debian/13/ +docker push $IMAGE diff --git a/debian/13/start.sh b/debian/13/start.sh new file mode 100755 index 0000000..e650da1 --- /dev/null +++ b/debian/13/start.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +# create sqlite database for DNSSEC +if test ! -e /var/lib/powerdns/bind-dnssec-db.sqlite3; then + echo [$0] Initializing /var/lib/powerdns/bind-dnssec-db.sqlite3 + /usr/bin/pdnsutil create-bind-db /var/lib/powerdns/bind-dnssec-db.sqlite3 +fi +sed -i 's/^# bind-dnssec-db=/bind-dnssec-db=\/var\/lib\/powerdns\/bind-dnssec-db.sqlite3/' /etc/powerdns/pdns.d/bind.conf + +# start powerdns server +/usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no & + +# watch for zone changes +inotifywait -mqre modify --exclude '.*(\.git|.*\.swp)' --format '%w%f' "/var/lib/powerdns/zones/" | + while read -r path; do + zone=$(basename $path) + echo [$0] A modification was detected in $path + echo [$0] Executing \`/usr/bin/pdns_control bind-reload-now $zone\` + /usr/bin/pdns_control bind-reload-now $zone + if pdnsutil show-zone $zone 2>/dev/null | grep -q "Zone is not actively secured"; then + echo [$0] Zone is not actively secured, skipping \`pdnsutil rectify-zone $zone\` + else + echo [$0] DNSSEC secured zone. Executing \`pdnsutil rectify-zone $zone\` + /usr/bin/pdnsutil rectify-zone $zone + fi + done & + +wait -n + +exit $? From 988770eddbe634481fc0b37c174273783bfd49a0 Mon Sep 17 00:00:00 2001 From: Pim van den Berg Date: Wed, 6 Aug 2025 17:55:06 +0200 Subject: [PATCH 10/10] feat: latest tag on 4.9-trixie --- README.md | 4 ++-- debian/12/build.sh | 3 --- debian/13/build.sh | 5 ++++- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 5cbe250..67e404f 100644 --- a/README.md +++ b/README.md @@ -7,8 +7,8 @@ # Supported tags and respective `Dockerfile` links -- [`4.6-bookworm`, `latest`](https://github.com/pommi/docker-powerdns/blob/master/debian/12/Dockerfile) -- [`4.9-trixie`](https://github.com/pommi/docker-powerdns/blob/master/debian/13/Dockerfile) +- [`4.6-bookworm`](https://git.nethuis.nl/pommi/docker-powerdns/src/branch/master/debian/12/Dockerfile) +- [`4.9-trixie`, `latest`](https://git.nethuis.nl/pommi/docker-powerdns/src/branch/master/debian/13/Dockerfile) # Usage diff --git a/debian/12/build.sh b/debian/12/build.sh index 0338aad..b87ecc0 100755 --- a/debian/12/build.sh +++ b/debian/12/build.sh @@ -7,6 +7,3 @@ docker pull $IMAGE docker pull debian:bookworm-slim docker build --no-cache -t $IMAGE ./debian/12/ docker push $IMAGE - -docker tag $IMAGE pommib/powerdns:latest -docker push pommib/powerdns:latest diff --git a/debian/13/build.sh b/debian/13/build.sh index c2b4dc4..7e162e9 100755 --- a/debian/13/build.sh +++ b/debian/13/build.sh @@ -3,7 +3,10 @@ set -ex IMAGE=pommib/powerdns:4.9-trixie -#docker pull $IMAGE +docker pull $IMAGE docker pull debian:trixie-slim docker build --no-cache -t $IMAGE ./debian/13/ docker push $IMAGE + +docker tag $IMAGE pommib/powerdns:latest +docker push pommib/powerdns:latest