Closed ffabreti closed 4 years ago
@ffabreti Where do you have that from?
The entrypoint
has:
...
chown -R named:named /var/cache/bind
chmod -R 770 /var/cache/bind /var/run/named
...
This should be correct. I am actually running a few hundred containers in production, as dynamic update slaves, and they currently work.
@ventz,
Well, From this version:
# docker run \
--name=bind9-teste \
--env="BIND_LOG=-g" \
-p 53:53 \
-p 53:53/udp \
--restart=unless-stopped \
--detach=true \
ventz/bind:9.14.8-r5
# docker exec -it bind9-teste sh
/ # cat entrypoint.sh
#!/bin/sh
OPTIONS=$@
chown -R root:named /etc/bind /var/run/named
chown -R named:named /var/cache/bind
chmod -R 770 /var/cache/bind /var/run/named
chmod -R 750 /etc/bind
# By default - run in foreground and log to STDERR (console)
# can be changed by running container with: -e "BIND_LOG=-f"
exec /usr/sbin/named -c /etc/bind/named.conf $BIND_LOG -u named $OPTIONS
Closing this in favor of of the conversation (and solution) taking place at: https://github.com/ventz/docker-bind/issues/29
Hey Ventz,
I'm automating Let's Encrypt wildcard certificate generation and have found that chmoding everything to 750 conflicts with the needs for dynamic updates because bind cannot write to the zone directory a file with JNL extension. If that's intended behaviour, should I place zone files elsewhere? I mean, I'm putting then on a volume mapping
/etc/bind
As a workaround, I did this:
At least, it survives a container restart.