# our chosen base image
-FROM debian:10-slim AS builder
+FROM debian:12-slim AS builder
ENV NO_LUA_JIT="s390x arm64"
COPY builder-support /source/builder-support
# TODO: control file is not in tarballs at all right now
-RUN mk-build-deps -i -t 'apt-get -y -o Debug::pkgProblemResolver=yes --no-install-recommends' /source/builder-support/debian/dnsdist/debian-buster/control && \
+RUN mk-build-deps -i -t 'apt-get -y -o Debug::pkgProblemResolver=yes --no-install-recommends' /source/builder-support/debian/dnsdist/debian-bookworm/control && \
apt-get clean
COPY pdns /source/pdns
fi && \
BUILDER_MODULES=dnsdist autoreconf -vfi
+
+RUN mkdir /libh2o && cd /libh2o && \
+ apt-get update && apt-get install -y cmake curl jq libssl-dev zlib1g-dev && \
+ cd /source/builder-support/helpers/ && \
+ ./install_h2o.sh
+
+RUN mkdir /quiche && cd /quiche && \
+ apt-get install -y libclang-dev && \
+ apt-get clean && \
+ cd /source/builder-support/helpers/ && \
+ ./install_rust.sh && \
+ ./install_quiche.sh
+
RUN mkdir /build && \
LUAVER=$([ -z "${NO_LUA_JIT##*$(dpkg --print-architecture)*}" ] && echo 'lua5.3' || echo 'luajit') && \
+ apt-get install -y lib${LUAVER}-*dev && \
./configure \
--with-lua=${LUAVER} \
LDFLAGS=-rdynamic \
--enable-dnscrypt \
--enable-dns-over-tls \
--enable-dns-over-https \
- --with-re2 && \
+ --with-re2 \
+ --with-h2o \
+ --enable-dns-over-quic \
+ --enable-dns-over-http3 \
+ --with-quiche \
+ PKG_CONFIG_PATH=/opt/lib/pkgconfig && \
make clean && \
make $MAKEFLAGS install DESTDIR=/build && make clean && \
- strip /build/usr/local/bin/*
+ strip /build/usr/local/bin/* &&\
+ mkdir -p /build/usr/lib/ && \
+ cp -rf /usr/lib/libdnsdist-quiche.so /build/usr/lib/
+
RUN cd /tmp && mkdir /build/tmp/ && mkdir debian && \
echo 'Source: docker-deps-for-pdns' > debian/control && \
dpkg-shlibdeps /build/usr/local/bin/dnsdist && \
# Runtime
-FROM debian:10-slim
+FROM debian:12-slim
# Reusable layer for base update - Should be cached from builder
RUN apt-get update && apt-get -y dist-upgrade && apt-get clean
-# Ensure python3 and jinja2 is present (for startup script), and python3-atomicwrites (for backend management), and tini (for signal management)
-RUN apt-get install -y python3 python3-jinja2 python3-atomicwrites tini libcap2-bin && apt-get clean
+# - python3 and jinja2 (for startup script)
+# - python3-atomicwrites (for backend management)
+# - tini (for signal management)
+# - ca-certificates (for verifying downstream DoH/DoT certificates)
+RUN apt-get install -y python3 python3-jinja2 python3-atomicwrites tini libcap2-bin ca-certificates && apt-get clean
# Output from builder
COPY --from=builder /build /
RUN chmod 1777 /tmp # FIXME: better not use /build/tmp for equivs at all
-RUN setcap 'cap_net_bind_service=+eip' /usr/local/bin/dnsdist
# Ensure dependencies are present
RUN apt-get install -y /tmp/equivs-dummy_1.0_all.deb && apt-get clean
RUN chown pdns:pdns /etc/dnsdist/conf.d /etc/dnsdist/templates.d
USER pdns
-# DNS ports
+# Default DNS ports
EXPOSE 53/udp
EXPOSE 53/tcp
-# console port
+# Default console port
EXPOSE 5199/tcp
-# webserver port
+# Default webserver port
EXPOSE 8083/tcp
WORKDIR /etc/dnsdist
projects / thirdparty / pdns.git / blobdiff