Closed ffabreti closed 4 years ago
ventz
commented
4 years ago @ffabreti Where do you have that from?
The entrypoint has:
...
chown -R named:named /var/cache/bind
chmod -R 770 /var/cache/bind /var/run/named
...This should be correct. I am actually running a few hundred containers in production, as dynamic update slaves, and they currently work.
ffabreti
commented
4 years ago @ventz,
Well, From this version:
# docker run \
--name=bind9-teste \
--env="BIND_LOG=-g" \
-p 53:53 \
-p 53:53/udp \
--restart=unless-stopped \
--detach=true \
ventz/bind:9.14.8-r5
# docker exec -it bind9-teste sh
/ # cat entrypoint.sh
#!/bin/sh
OPTIONS=$@
chown -R root:named /etc/bind /var/run/named
chown -R named:named /var/cache/bind
chmod -R 770 /var/cache/bind /var/run/named
chmod -R 750 /etc/bind
# By default - run in foreground and log to STDERR (console)
# can be changed by running container with: -e "BIND_LOG=-f"
exec /usr/sbin/named -c /etc/bind/named.conf $BIND_LOG -u named $OPTIONSClosing this in favor of of the conversation (and solution) taking place at: https://github.com/ventz/docker-bind/issues/29
Hey Ventz,
I'm automating Let's Encrypt wildcard certificate generation and have found that chmoding everything to 750 conflicts with the needs for dynamic updates because bind cannot write to the zone directory a file with JNL extension. If that's intended behaviour, should I place zone files elsewhere? I mean, I'm putting then on a volume mapping
/etc/bindAs a workaround, I did this:
At least, it survives a container restart.