pommi/docker-powerdns
1
0
Fork 0
Code Releases Activity

Compare commits

base: pommi:master
Branches Tags
pommi:master
..
compare: pommi:2ed8ae1978789fd8e98495c397fc19e9cf529257
Branches Tags
pommi:master

1 Commits
master ... 2ed8ae1978

Author SHA1 Message Date
Pim van den Berg
2ed8ae1978 add drone-ci
All checks were successful
continuous-integration/drone/push Build is passing
Details
2022-07-22 19:58:33 +02:00
9 changed files with 84 additions and 61 deletions
Expand all files Collapse all files

49
.drone.yml
View File

@ -1,6 +1,6 @@
kind: pipeline kind: pipeline
name: default
type: docker type: docker
name: build
steps: steps:
- name: build - name: build
@ -15,7 +15,8 @@ steps:
from_secret: docker_password from_secret: docker_password
commands: commands:
- sleep 5 # give docker enough time to start - sleep 5 # give docker enough time to start
- echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin - docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
- ./debian/11/build.sh
- ./debian/12/build.sh - ./debian/12/build.sh
when: when:
branch: branch:
@ -23,34 +24,6 @@ steps:
event: event:
- push - push
services:
- name: docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
command:
- dockerd-entrypoint.sh
- dockerd
- --host=unix:///var/run/docker.sock
- --mtu=1492
volumes:
- name: dockersock
temp: {}
trigger:
branch:
- master
event:
- push
---
kind: pipeline
type: docker
name: rebuild
steps:
- name: rebuild - name: rebuild
image: docker:dind image: docker:dind
volumes: volumes:
@ -63,8 +36,11 @@ steps:
from_secret: docker_password from_secret: docker_password
commands: commands:
- sleep 5 # give docker enough time to start - sleep 5 # give docker enough time to start
- echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin - docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
- ./build/rebuild.sh - ./build/rebuild.sh
when:
event:
- cron
services: services:
- name: docker - name: docker
@ -73,18 +49,13 @@ services:
volumes: volumes:
- name: dockersock - name: dockersock
path: /var/run path: /var/run
command:
- dockerd-entrypoint.sh
- dockerd
- --host=unix:///var/run/docker.sock
- --mtu=1492
volumes: volumes:
- name: dockersock - name: dockersock
temp: {} temp: {}
trigger: trigger:
branch:
- master
event: event:
- cron - push
cron:
- rebuild

13
README.md
View File

@ -8,6 +8,7 @@
# Supported tags and respective `Dockerfile` links # Supported tags and respective `Dockerfile` links
- [`4.6-bookworm`, `latest`](https://github.com/pommi/docker-powerdns/blob/master/debian/12/Dockerfile) - [`4.6-bookworm`, `latest`](https://github.com/pommi/docker-powerdns/blob/master/debian/12/Dockerfile)
- [`4.4-bullseye`](https://github.com/pommi/docker-powerdns/blob/master/debian/11/Dockerfile)
# Usage # Usage
@ -86,15 +87,3 @@ DS = example.tld. IN DS 280 13 1 0dead339b7dacebb6750c7d4e5c9c0f4c19843a9 ; ( SH
DS = example.tld. IN DS 280 13 2 f340e93c42b3c2c6fa8ef76e044ad2f064c1cd7484e785bdfca0f51cd548c88d ; ( SHA256 digest ) DS = example.tld. IN DS 280 13 2 f340e93c42b3c2c6fa8ef76e044ad2f064c1cd7484e785bdfca0f51cd548c88d ; ( SHA256 digest )
DS = example.tld. IN DS 280 13 4 a793c7e590a7701c7b39365f99655b865d11961c355a5eb59302282cf653aec8b051ddc9e36a9df0843cad29ca50149a ; ( SHA-384 digest ) DS = example.tld. IN DS 280 13 4 a793c7e590a7701c7b39365f99655b865d11961c355a5eb59302282cf653aec8b051ddc9e36a9df0843cad29ca50149a ; ( SHA-384 digest )
``` ```
Set `SOA-EDIT` to `INCEPTION-INCREMENT` so that slaves get notified when a rollover has taken place:
```
$ docker exec -it powerdns pdnsutil set-meta example.tld SOA-EDIT INCEPTION-INCREMENT
[bindbackend] Done parsing domains, 0 rejected, 1 new, 0 removed
Set 'example.tld' meta SOA-EDIT = INCEPTION-INCREMENT
$ docker exec -it powerdns pdnsutil get-meta example.tld
[bindbackend] Done parsing domains, 0 rejected, 1 new, 0 removed
Metadata for 'example.tld'
SOA-EDIT = INCEPTION-INCREMENT
```

8
build/rebuild.sh
View File

@ -1,16 +1,18 @@
#!/bin/sh #!/bin/sh
set -x
updates_available () { updates_available () {
docker pull $1 docker pull $1
if test "$(docker run --rm $1 /bin/sh -c 'apt -qqq update && apt -qq list --upgradable')" != ""; then if test "$(docker run -it --rm $1 /bin/sh -c 'apt -qqq update && apt -qq list --upgradable')" != ""; then
return 0 return 0
else else
return 1 return 1
fi fi
} }
if updates_available pommib/powerdns:4.4-bullseye; then
./debian/11/build.sh
fi
if updates_available pommib/powerdns:4.6-bookworm; then if updates_available pommib/powerdns:4.6-bookworm; then
./debian/12/build.sh ./debian/12/build.sh
fi fi

22
debian/11/Dockerfile vendored Normal file
View File

@ -0,0 +1,22 @@
FROM debian:bullseye-slim
RUN set -eux; \
apt-get update; \
apt-get upgrade -y; \
apt-get install -y --no-install-recommends \
pdns-server \
pdns-backend-bind \
sqlite3 \
bind9-dnsutils \
inotify-tools \
; \
rm -rf /var/lib/apt/lists/*
ADD start.sh /
EXPOSE 53/tcp 53/udp
VOLUME ["/var/lib/powerdns"]
CMD /start.sh
HEALTHCHECK CMD dig +timeout=1 @127.0.0.1 || exit 1

9
debian/11/build.sh vendored Executable file
View File

@ -0,0 +1,9 @@
#!/bin/sh
set -x
IMAGE=pommib/powerdns:4.4-bullseye
docker pull $IMAGE
docker pull debian:bullseye-slim
docker build --no-cache -t $IMAGE ./debian/11/
docker push $IMAGE

30
debian/11/start.sh vendored Executable file
View File

@ -0,0 +1,30 @@
#!/bin/bash
# create sqlite database for DNSSEC
if test ! -e /var/lib/powerdns/bind-dnssec-db.sqlite3; then
echo [$0] Initializing /var/lib/powerdns/bind-dnssec-db.sqlite3
/usr/bin/pdnsutil create-bind-db /var/lib/powerdns/bind-dnssec-db.sqlite3
fi
sed -i 's/^# bind-dnssec-db=/bind-dnssec-db=\/var\/lib\/powerdns\/bind-dnssec-db.sqlite3/' /etc/powerdns/pdns.d/bind.conf
# start powerdns server
/usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no &
# watch for zone changes
inotifywait -mqre modify --exclude '\.git' --exclude '.*\.swp' --format '%w%f' "/var/lib/powerdns/zones/" |
while read -r path; do
zone=$(basename $path)
echo [$0] A modification was detected in $path
echo [$0] Executing \`/usr/bin/pdns_control bind-reload-now $zone\`
/usr/bin/pdns_control bind-reload-now $zone
if pdnsutil show-zone $zone 2>/dev/null | grep -q "Zone is not actively secured"; then
echo [$0] Zone is not actively secured, skipping \`pdnsutil rectify-zone $zone\`
else
echo [$0] DNSSEC secured zone. Executing \`pdnsutil rectify-zone $zone\`
/usr/bin/pdnsutil rectify-zone $zone
fi
done &
wait -n
exit $?

10
debian/12/Dockerfile vendored
View File

@ -1,15 +1,15 @@
FROM debian:bookworm-slim FROM debian:bookworm-slim
RUN set -eux && \ RUN set -eux; \
apt-get update && \ apt-get update; \
DEBIAN_FRONTEND=noninteractive apt-get upgrade -y && \ apt-get upgrade -y; \
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ apt-get install -y --no-install-recommends \
pdns-server \ pdns-server \
pdns-backend-bind \ pdns-backend-bind \
sqlite3 \ sqlite3 \
bind9-dnsutils \ bind9-dnsutils \
inotify-tools \ inotify-tools \
&& \ ; \
rm -rf /var/lib/apt/lists/* rm -rf /var/lib/apt/lists/*
ADD start.sh / ADD start.sh /

2
debian/12/build.sh vendored
View File

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
set -ex set -x
IMAGE=pommib/powerdns:4.6-bookworm IMAGE=pommib/powerdns:4.6-bookworm
docker pull $IMAGE docker pull $IMAGE

2
debian/12/start.sh vendored
View File

@ -11,7 +11,7 @@ sed -i 's/^# bind-dnssec-db=/bind-dnssec-db=\/var\/lib\/powerdns\/bind-dnssec-db
/usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no & /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no &
# watch for zone changes # watch for zone changes
inotifywait -mqre modify --exclude '.*(\.git|.*\.swp)' --format '%w%f' "/var/lib/powerdns/zones/" | inotifywait -mqre modify --exclude '\.git' --exclude '.*\.swp' --format '%w%f' "/var/lib/powerdns/zones/" |
while read -r path; do while read -r path; do
zone=$(basename $path) zone=$(basename $path)
echo [$0] A modification was detected in $path echo [$0] A modification was detected in $path