We have a Docker Compose example at https://github.com/PowerDNS/pdns/blob/master/docker-compose.yml .
It brings up all three services, and exposes them to eachother by name (using Docker's internal DNS).
In the dockerdata dir, you can find an example dnsdist Lua config (with Python helper to make DNS lookups non-blocking for dnsdist) for managing your auth/rec backends by name.
+
+# Privileged ports
+
+The default configurations included for dnsdist, Auth and Recursor attempt to bind to port 53, which may not be permitted by the platform on which you intend to use these images. Kubernetes clusters, for example, might have a restriction on binding to privileged ports unless the `NET_BIND_SERVICE` capability is explicitly added to the container's security context.
+
+There are multiple ways of dealing with these restrictions if you encounter them:
+
+* Grant the `NET_BIND_SERVICE` capability to the containers which utilize these images
+* Use custom configuration files to bind to alternate ports outside of the privileged range. This can be done via the following configuration settings:
+ * dnsdist: `setLocal()`
+ * Auth & Recursor: `local-address` and/or `local-port`
\ No newline at end of file
# Output from builder
COPY --from=builder /build /
RUN chmod 1777 /tmp # FIXME: better not use /build/tmp for equivs at all
-RUN setcap 'cap_net_bind_service=+eip' /usr/local/sbin/pdns_server
# Ensure dependencies are present
RUN apt-get install -y /tmp/equivs-dummy_1.0_all.deb && apt-get clean
# Set up database - this needs to be smarter
RUN sqlite3 /var/lib/powerdns/pdns.sqlite3 < /usr/local/share/doc/pdns/schema.sqlite3.sql
-# DNS ports
+# Default DNS ports
EXPOSE 53/udp
EXPOSE 53/tcp
-# webserver port
+# Default webserver port
EXPOSE 8081/tcp
ENTRYPOINT ["/usr/bin/tini", "--", "/usr/local/sbin/pdns_server-startup"]
# Output from builder
COPY --from=builder /build /
RUN chmod 1777 /tmp # FIXME: better not use /build/tmp for equivs at all
-RUN setcap 'cap_net_bind_service=+eip' /usr/local/bin/dnsdist
# Ensure dependencies are present
RUN apt-get install -y /tmp/equivs-dummy_1.0_all.deb && apt-get clean
RUN chown pdns:pdns /etc/dnsdist/conf.d /etc/dnsdist/templates.d
USER pdns
-# DNS ports
+# Default DNS ports
EXPOSE 53/udp
EXPOSE 53/tcp
-# console port
+# Default console port
EXPOSE 5199/tcp
-# webserver port
+# Default webserver port
EXPOSE 8083/tcp
WORKDIR /etc/dnsdist
# Executables from builder
COPY --from=builder /build /
RUN chmod 1777 /tmp # FIXME: better not use /build/tmp for equivs at all
-RUN setcap 'cap_net_bind_service=+eip' /usr/local/sbin/pdns_recursor
# Ensure dependencies are present
RUN apt-get install -y /tmp/equivs-dummy_1.0_all.deb && apt-get clean
RUN chown pdns:pdns /var/run/pdns-recursor /etc/powerdns/recursor.d /etc/powerdns/templates.d
USER pdns
-# DNS ports
+# Default DNS ports
EXPOSE 53/udp
EXPOSE 53/tcp
-# webserver port
+# Default webserver port
EXPOSE 8082/tcp
ENTRYPOINT ["/usr/bin/tini", "--", "/usr/local/sbin/pdns_recursor-startup"]
projects / thirdparty / pdns.git / commitdiff
