月: 2019年5月

コンピュータ

bind を Docker で動かす

bind を Docker で動かすようにしたので作業メモ。

Dockerfile と初期イメージの作成

$ mkdir docker_bind
$ mkdir docker_bind/conf

$ cat docker_bind/Dockerfile
FROM centos:centos7
RUN yum install -y bind bind-utils && yum clean all
EXPOSE 53/udp
CMD [“/usr/sbin/named”, “-c”, “/etc/named/named.conf”, “-u”, “named”, “-g”]

$ docker build -t bind ./docker_bind/

$ sudo docker run -it bind /bin/bash
[root@148a28083361 /]#

named.conf を取得

$ sudo docker cp 148a28083361:/etc/named.conf docker_bind/conf/named.conf

リポジトリ作成

$ cd docker_bind
docker_bind$ git init
docker_bind$ git add Dockerfile
docker_bind$ git add conf/named.conf
docker_bind$ git commit -m ‘docker_bind initial import’
[master (root-commit) be44df1] docker_bind initial import
2 files changed, 66 insertions(+)
create mode 100644 Dockerfile
create mode 100644 conf/named.conf
docker_bind$

named.conf 編集

docker_bind$ git diff conf/named.conf
diff –git a/conf/named.conf b/conf/named.conf
index 89338bd..3027c20 100644
— a/conf/named.conf
+++ b/conf/named.conf
@@ -10,15 +10,18 @@
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
– listen-on port 53 { 127.0.0.1; };
– listen-on-v6 port 53 { ::1; };
+ listen-on port 53 { localhost; 192.168.0.0/24; };
+
+ // listen-on-v6 port 53 { ::1; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
recursing-file “/var/named/data/named.recursing”;
secroots-file “/var/named/data/named.secroots”;
– allow-query { localhost; };
+ allow-query { localhost; 192.168.0.0/24; };
+
+ forwarders { 192.168.0.210; };

/*
– If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
@@ -56,6 +59,15 @@ zone “.” IN {
file “named.ca”;
};

+zone “example.net” {
+ type master;
+ file “/etc/named/example.net.zone”;
+ allow-update {
+ localhost;
+ 192.168.0.0/24;
+ };
+};
+
include “/etc/named.rfc1912.zones”;
include “/etc/named.root.key”;

conf/example.net.zone と conf/example.net.rev には通常おこなうようにホスト情報を記述する。

bind 起動

ネットワークインターフェースが複数ある場合、インターフェースを指定しないと下記のようなエラーになる。

docker: Error response from daemon: Conflict. The container name “/bind” is already in use by container “a75d2e62ccde7a0bc3fb07be84fd393607f1286fdacaafa828b06ed2789a32d7”. You have to remove (or rename) that container to be able to reuse that name.
See ‘docker run –help’.

私の環境では KVM も動かしている関係で複数のインターフェースが認識されるため、必要。

$ sudo docker run -d -e TZ=’Asia/Tokyo’ -p 192.168.0.34:53:53/udp -v /home/neo/Documents/docker_bind/conf:/etc/named –restart always –name bind bind