86 lines
3.0 KiB
Markdown
86 lines
3.0 KiB
Markdown
|
# openSUSE Tumbleweed ISC BIND 9: BIND9 Application Container
|
||
|
|
|
||
|
|
|
||
|
|
## Description
|
||
|
|
|
||
|
|
BIND (Berkeley Internet Name Domain) is a suite of software for interacting
|
||
|
|
with the Domain Name System (DNS). Its core component, `named`, serves as both
|
||
|
|
an authoritative name server for DNS zones and a recursive resolver for network
|
||
|
|
queries.
|
||
|
|
|
||
|
|
## Usage
|
||
|
|
|
||
|
|
This container image provides the `named` daemon from
|
||
|
|
openSUSE Tumbleweed, including the default configuration that comes
|
||
|
|
with the RPM package.
|
||
|
|
|
||
|
|
When no additional parameters are specified, the container entrypoint launches `named` in the foreground mode by default:
|
||
|
|
|
||
|
|
```ShellSession
|
||
|
|
$ podman run --rm -d -p 53/udp registry.opensuse.org/opensuse/bind:9
|
||
|
|
```
|
||
|
|
|
||
|
|
### Health Check
|
||
|
|
|
||
|
|
The container includes a health check script that performs a simple A-record
|
||
|
|
lookup and verifies that a valid IPv4 address is returned.
|
||
|
|
|
||
|
|
### Environment Variables
|
||
|
|
|
||
|
|
The container entrypoint accepts the following environment variables:
|
||
|
|
|
||
|
|
- **`NAMED_CONF`** (default: `/etc/named.conf`): Path to the configuration file
|
||
|
|
for `named`. See the [upstream
|
||
|
|
documentation](https://bind9.readthedocs.io/en/latest/chapter3.html) for
|
||
|
|
syntax details.
|
||
|
|
|
||
|
|
- **`NAMED_CHECKCONF_BIN`** (default: `/usr/bin/named-checkconf`): Path to the
|
||
|
|
configuration checker binary executed before launching `named`.
|
||
|
|
|
||
|
|
- **`NAMED_CHECKCONF_ARGS`** (default: empty): Arguments passed to
|
||
|
|
`NAMED_CHECKCONF_BIN` in the entrypoint.
|
||
|
|
|
||
|
|
- **`ETC_RNDC_KEY`** (default: `/etc/rndc.key`): Location of the `rndc`
|
||
|
|
configuration file. If not a symlink, it is moved to `NEW_RNDC_KEY`.
|
||
|
|
|
||
|
|
- **`NEW_RNDC_KEY`** (default: `/var/lib/named/rndc.key`): Target location where
|
||
|
|
`ETC_RNDC_KEY` is moved if it is not a symlink. If `NEW_RNDC_KEY` does not
|
||
|
|
exist, it is generated using `RNDC_BIN`.
|
||
|
|
|
||
|
|
- **`RNDC_BIN`** (default: `/usr/sbin/rndc`): Binary used to generate the `rndc`
|
||
|
|
configuration file if it does not exist.
|
||
|
|
|
||
|
|
- **`RNDC_KEYSIZE`** (default: `512`): Key size passed to `RNDC_BIN` for
|
||
|
|
generating the `rndc` configuration file.
|
||
|
|
|
||
|
|
|
||
|
|
### Differences compared to the RPM Package
|
||
|
|
|
||
|
|
The container does not use `systemd` to manage
|
||
|
|
`named`. Instead, `named` is launched directly by the container entrypoint in
|
||
|
|
foreground mode, with logs output to `stdout`.
|
||
|
|
|
||
|
|
Moreover, environment variables from `/etc/sysconfig/named` are not sourced
|
||
|
|
or used. You must set them explicitly using the container runtime,
|
||
|
|
for example:
|
||
|
|
|
||
|
|
```ShellSession
|
||
|
|
$ podman run --rm -d -e RNDC_KEYSIZE=1024 registry.opensuse.org/opensuse/bind:9
|
||
|
|
```
|
||
|
|
|
||
|
|
## Additional Information
|
||
|
|
|
||
|
|
For more details on BIND and `named`, refer to the [official
|
||
|
|
documentation](https://bind9.readthedocs.io/).
|
||
|
|
|
||
|
|
|
||
|
|
## Licensing
|
||
|
|
|
||
|
|
`SPDX-License-Identifier: MIT`
|
||
|
|
|
||
|
|
This documentation and the build recipe are licensed as MIT.
|
||
|
|
The container itself contains various software components under various open source licenses listed in the associated
|
||
|
|
Software Bill of Materials (SBOM).
|
||
|
|
|
||
|
|
This image is based on [openSUSE Tumbleweed](https://get.opensuse.org/tumbleweed/).
|