This is extremely bad advice. Unless the OP understands what went wrong and how to fix it, advising them to change the image, change the architecture and mash random stuff into docker will only lead to more confusion and more problems in the future.

I was using ISC docker images with my students during the fall semester and the images work just fine both for authoritative and recursive workload. And I’ve tested them using both docker and podman.

Ondrej
--
Ondřej Surý — ISC (He/Him)

My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.

On 30. 12. 2024, at 9:21, Fajar Nugraha <fajar.nugraha+l...@gmail.com> wrote:


Try these

Background info on my setup
- ubuntu 24.04 + https://docs.docker.com/engine/install/ubuntu/ , arm64 (a vm on mac, if it matters). Other distros should work fine too, as long it can run docker compose.
- ubuntu/bind9:9.20-24.10_edge docker image . Mainly because internetsystemsconsortium/bind9 don't hame arm64 image.
- test on host port 10053 first, so you can make sure it works while still having whatever is currently using port 53 running (e.g. your non-docker bind9 setup)
- make sure the user owns the directory and is part of "docker" group (in my case, the user name is "user")
$ id
uid=1000(user) gid=1000(user) groups=1000(user),997(docker)

Preparation:
- make sure docker-ce-cli and docker-compose-plugin is installed (if you can run "docker compose", you should be fine already)
- pick a directory (in my case, /data/bind9), make user the user running docker owns it.
- easiest way to setup sub directories for docker volumes: $ mkdir -m 1777 {etc,cache,lib}
- create minimal etc/named.conf
options {
        directory "/var/cache/bind";
        // needed if your ISP mess with DNS
        dnssec-validation no;
};

- create this compose.yml, then run "docker compose up"
services:
  bind9:
    image: ubuntu/bind9:9.20-24.10_edge
    command: "docker-entrypoint.sh -4"
    ports:
      - "10053:53"
      - "10053:53/udp"
    volumes:
      - etc:/etc/bind
      - lib:/var/lib/bind
      - cache:/var/cache/bind
volumes:
  etc:
    driver: local
    driver_opts:
      device: "./etc"
      type: none
      o: bind
  lib:
    driver: local
    driver_opts:
      device: "./lib"
      type: none
      o: bind
  cache:
    driver: local
    driver_opts:
      device: "./cache"
      type: none
      o: bind

- or you can also run
docker run --rm -it --name bind9 \
  -e TZ=UTC \
  -p 10053:53 -p 10053:53/udp \
  -v ./etc:/etc/bind \
  -v ./lib:/var/lib/bind \
  -v ./cache:/var/cache/bind \
  ubuntu/bind9:9.20-24.10_edge \
  docker-entrypoint.sh -4

- on another terminal, "dig google.com @127.0.0.1 -p 10053"
- to exit, press ctrl-c on the docker / docker compose terminal
- to listen on your ip address port 53, replace "10053:53" with "your_ip_addres:53:53", e.g "192.168.25.156:53:53". note that you will also need to edit named.conf to allow queries from that subnet

-- 
Fajar

On Mon, Dec 30, 2024 at 1:27 AM Pablo Andalaft Tarodo <pa...@heavenly.cl> wrote:
Hi all,


Thanks for taking the time. I've been spending many hours on this, to no
solution. But, some things that may shine more light:

When the container is stuck restarting, the error, aside from exit code
1, is "user 'bind' is not recognised" or something similar, and checking
the container entrypoint "/usr/sbin/named -u bind -f -c
/etc/bind/named.conf", it tries to use the user "bind" to start "named",
but this user is present in the base image (checking /etc/passwd)...

For a long time I wasn't able to find other logs and I resorted to using
a Dockerfile to see if I could control  more steps for the image, no help.

So I started off with what works, running a container directly from the
image (doesn't get stuck restarting), and copying the files to it
`docker container cp /config/named.conf
<container_name>:/etc/bind/named.conf` etc., and finally exec'ing into
the container's shell and launching `/usr/sbin/named -u bind -f -g -c
/etc/bind/named.conf`, this showed me that there were some errors in the
config (thanks for the -g heads up), that I could address.

However through docker compose, I still get the "named: user 'bind'
unknown" error.



 
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to