search

ventz / docker-bind

Docker Hub ventz/bind - Secure ISC BIND (Authoritative, Recursive, Slave, RPZ) - Docker image always latest built!
https://hub.docker.com/r/ventz/bind/
34 stars 37 forks source link

container even not starting #12

Closed Nurlan199206 closed 6 years ago

Nurlan199206 commented 6 years ago

i am getting error exit code 1 i am running with command: docker run --name=dns-master -it -d --dns=8.8.8.8 --dns=8.8.4.4 -p 53:53/udp -p 53:53 -v /DATA/etc/bind:/etc/bind -v /DATA/var/cache/bind:/var/cache/bind ventz/bind

logs are below.

24-Jun-2018 12:00:55.111 starting BIND 9.11.3 (Extended Support Version) <id:a375815>
,24-Jun-2018 12:00:55.111 running on Linux x86_64 4.13.0-19-generic #22-Ubuntu SMP Mon Dec 4 11:58:07 UTC 2017
,24-Jun-2018 12:00:55.111 built with '--build=x86_64-alpine-linux-musl' '--host=x86_64-alpine-linux-musl' '--prefix=/usr' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--with-openssl=/usr' '--enable-linux-caps' '--with-libxml2' '--enable-threads' '--enable-filter-aaaa' '--enable-ipv6' '--enable-shared' '--enable-static' '--with-libtool' '--with-randomdev=/dev/random' '--mandir=/usr/share/man' '--infodir=/usr/share/info' 'build_alias=x86_64-alpine-linux-musl' 'host_alias=x86_64-alpine-linux-musl' 'CC=gcc' 'CFLAGS=-Os -fomit-frame-pointer -D_GNU_SOURCE' 'LDFLAGS=-Wl,--as-needed' 'CPPFLAGS=-Os -fomit-frame-pointer'
,24-Jun-2018 12:00:55.111 running as: named -c /etc/bind/named.conf -g -u named
,24-Jun-2018 12:00:55.111 ----------------------------------------------------
,24-Jun-2018 12:00:55.111 BIND 9 is maintained by Internet Systems Consortium,
,24-Jun-2018 12:00:55.111 Inc. (ISC), a non-profit 501(c)(3) public-benefit 
,24-Jun-2018 12:00:55.111 corporation.  Support and training for BIND 9 are 
,24-Jun-2018 12:00:55.112 available at https://www.isc.org/support
,24-Jun-2018 12:00:55.113 ----------------------------------------------------
,24-Jun-2018 12:00:55.113 found 1 CPU, using 1 worker thread
,24-Jun-2018 12:00:55.113 using 1 UDP listener per interface
,24-Jun-2018 12:00:55.114 using up to 4096 sockets
,24-Jun-2018 12:00:55.158 loading configuration from '/etc/bind/named.conf'
,24-Jun-2018 12:00:55.162 open: /etc/bind/named.conf: file not found
,24-Jun-2018 12:00:55.163 loading configuration: file not found
,24-Jun-2018 12:00:55.163 exiting (due to fatal error)
,24-Jun-2018 12:01:07.418 starting BIND 9.11.3 (Extended Support Version) <id:a375815>
,24-Jun-2018 12:01:07.418 running on Linux x86_64 4.13.0-19-generic #22-Ubuntu SMP Mon Dec 4 11:58:07 UTC 2017
,24-Jun-2018 12:01:07.418 built with '--build=x86_64-alpine-linux-musl' '--host=x86_64-alpine-linux-musl' '--prefix=/usr' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--with-openssl=/usr' '--enable-linux-caps' '--with-libxml2' '--enable-threads' '--enable-filter-aaaa' '--enable-ipv6' '--enable-shared' '--enable-static' '--with-libtool' '--with-randomdev=/dev/random' '--mandir=/usr/share/man' '--infodir=/usr/share/info' 'build_alias=x86_64-alpine-linux-musl' 'host_alias=x86_64-alpine-linux-musl' 'CC=gcc' 'CFLAGS=-Os -fomit-frame-pointer -D_GNU_SOURCE' 'LDFLAGS=-Wl,--as-needed' 'CPPFLAGS=-Os -fomit-frame-pointer'
,24-Jun-2018 12:01:07.418 running as: named -c /etc/bind/named.conf -g -u named
,24-Jun-2018 12:01:07.418 ----------------------------------------------------
,24-Jun-2018 12:01:07.418 BIND 9 is maintained by Internet Systems Consortium,
,24-Jun-2018 12:01:07.418 Inc. (ISC), a non-profit 501(c)(3) public-benefit 
,24-Jun-2018 12:01:07.418 corporation.  Support and training for BIND 9 are 
,24-Jun-2018 12:01:07.418 available at https://www.isc.org/support
,24-Jun-2018 12:01:07.418 ----------------------------------------------------
,24-Jun-2018 12:01:07.418 found 1 CPU, using 1 worker thread
,24-Jun-2018 12:01:07.418 using 1 UDP listener per interface
,24-Jun-2018 12:01:07.420 using up to 4096 sockets
,24-Jun-2018 12:01:07.460 loading configuration from '/etc/bind/named.conf'
,24-Jun-2018 12:01:07.462 open: /etc/bind/named.conf: file not found
,24-Jun-2018 12:01:07.462 loading configuration: file not found
,24-Jun-2018 12:01:07.462 exiting (due to fatal error)
,
ventz commented 6 years ago

@Nurlan199206 It looks like you are overriding the default named.conf with /DATA/etc/bind, but you don't have a "named.conf" in that directory.

,24-Jun-2018 12:01:07.460 loading configuration from '/etc/bind/named.conf' ,24-Jun-2018 12:01:07.462 open: /etc/bind/named.conf: file not found

You can either run it as "as provided" (with defaults - which for an authoritative server is not very useful), or you would need a complete working bind config directory



I have provided an example of the bind file for an authoritative server here:
https://github.com/ventz/docker-bind/blob/master/container/configs/example-configs/authoritative/named.conf.options

Note that you will still need to add your bind zones if you want to run as an authoritative server.
Nurlan199206 commented 6 years ago

i dont had filenamed.conf on host machine in /etc/bind/, i am created it, but still getting error these errirs... 

28-Jun-2018 11:09:25.391 loading configuration from '/etc/bind/named.conf'
28-Jun-2018 11:09:25.392 open: /etc/bind/named.conf: file not found
28-Jun-2018 11:09:25.393 loading configuration: file not found
28-Jun-2018 11:09:25.393 exiting (due to fatal error)
ventz commented 6 years ago

@Nurlan199206 You want that file on your host system in your bind mount point.

So in the case of:

docker run --name=dns-master -it -d --dns=8.8.8.8 --dns=8.8.4.4 -p 53:53/udp -p 53:53 -v /DATA/etc/bind:/etc/bind -v /DATA/var/cache/bind:/var/cache/bind ventz/bind

Your bind mount point is: /DATA/etc/bind which then in turn becomes /etc/bind within the container.

You should take a look at this if you are not familiar with bind-mounts: https://docs.docker.com/storage/bind-mounts/

Nurlan199206 commented 6 years ago

@ventz i finally did run container.

created example zone, it's not resolving, i did rndc reload

/ # named-checkzone nurlan.kz /etc/bind/default-zones/db.local
zone nurlan.kz/IN: loaded serial 2
OK

/etc/bind/default-zones # cat db.local ; ; BIND data file for local loopback interface ;

$TTL    600
@       IN      SOA     localhost. root.localhost. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      nurlan.kz.
@       IN      A       172.27.1.54
@       IN      AAAA    ::1
nslookup nurlan.kz 127.0.0.1
Server:    127.0.0.1
Address 1: 127.0.0.1 localhost

nslookup: can't resolve 'nurlan.kz': Try again
Nurlan199206 commented 6 years ago

your cointainer image suitable for production environment? example for hosting 10 domains?

ventz commented 6 years ago

@Nurlan199206 We are hosting a few hundred in production and I have heard back from people hosting over 5,000 using this container image. You are only limited by the hardware resources (cpu, ram, etc), and with swarm + a shared/distributed storage backend, there's no limit to how many you can host.

For your zone - I would suggest defining it as it's own zone instead of taking over the db.local. The problem is that the db.local is defined as zone "localhost":

zone "localhost" {
    type master;
    file "/etc/bind/default-zones/db.local";
};

You really want your TLD define as a localhost zone. https://github.com/ventz/docker-bind/blob/master/container/configs/named.conf.local

Alternatively, if you just want to test, on your nslookup (I would suggest dig by the way) you would lookup an A record on your localhost zone.

That said - now we are getting into the actual BIND side (vs this container), and those are better questions for the ISC Bind community: https://github.com/isc-projects/bind9

Closing this issue.