摘要
用bind9的映像搭建DNS
Docker-compose
文件说明如下:
privileged是为了在webmin中更新软件;
映射67的udp端口是为了在webmin中安装DHCP服务。
version: '2'
services:
bind:
image: sameersbn/bind:9.16.1-20200524
container_name: dns
dns: 127.0.0.1
environment:
- ROOT_PASSWORD=you_password
- TZ=Asia/Shanghai
ports:
- 10000:10000
- 53:53
- 53:53/udp
- 67:67/udp
volumes:
- ./data/bind:/data
restart: on-failure
privileged: true
logging:
driver: 'json-file'
options:
max-size: '30m'
max-file: '1'
启动容器
docker-compose up -d
解决53端口被占用
root@ami-home-gateway:/home/david/software/dns# ls
docker-compose.yml
root@ami-home-gateway:/home/david/software/dns# docker-compose up -d
/snap/docker/2285/lib/python3.6/site-packages/paramiko/transport.py:33: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography and will be removed in a future release.
from cryptography.hazmat.backends import default_backend
Creating network "dns_main" with the default driver
Pulling web (sameersbn/bind:9.16.1-20200524)...
9.16.1-20200524: Pulling from sameersbn/bind
d51af753c3d3: Pull complete
fc878cd0a91c: Pull complete
6154df8ff988: Pull complete
fee5db0ff82f: Pull complete
7d5f2b88fbe1: Pull complete
677da372f47f: Pull complete
4adaef8a17ca: Pull complete
00abb6dce6f7: Pull complete
d7852cfdd714: Pull complete
Digest: sha256:685d9404bf08c177413a7448bfdb7ae71ee002a3fbf917fd8d46d4aadd687522
Status: Downloaded newer image for sameersbn/bind:9.16.1-20200524
Creating dns ...
Creating dns ... error
ERROR: for dns Cannot start service web: driver failed programming external connectivity on endpoint dns (7113503da0649c0f745f4a53c16c3c1de24b767f6fbbf816747bf04d987fe803): Error starting userland proxy: listen udp4 0.0.0.0:53: bind: address already in use
ERROR: for web Cannot start service web: driver failed programming external connectivity on endpoint dns (7113503da0649c0f745f4a53c16c3c1de24b767f6fbbf816747bf04d987fe803): Error starting userland proxy: listen udp4 0.0.0.0:53: bind: address already in use
ERROR: Encountered errors while bringing up the project.
修改物理服务器
vi /etc/systemd/resolved.conf
文件修改两个地方
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free
# Software Foundation; either version 2.1 of the License, or (at your option)
# any later version.
#
# Entries in this file show the compile time defaults. Local configuration
# should be created by either modifying this file, or by creating "drop-ins" in
# the resolved.conf.d/ subdirectory. The latter is generally recommended.
# Defaults can be restored by simply deleting this file and all drop-ins.
#
# Use 'systemd-analyze cat-config systemd/resolved.conf' to display the full config.
#
# See resolved.conf(5) for details.
[Resolve]
# Some examples of DNS servers which may be used for DNS= and FallbackDNS=:
# Cloudflare: 1.1.1.1#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com 2606:4700:4700::1111#cloudflare-dns.com 2606:4700:4700::1001#cloudflare-dns.com
# Google: 8.8.8.8#dns.google 8.8.4.4#dns.google 2001:4860:4860::8888#dns.google 2001:4860:4860::8844#dns.google
# Quad9: 9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
# 第一个改动,把这里的IP地址改成服务器在局域网中的地址
DNS=192.168.3.254
#FallbackDNS=
#Domains=
#DNSSEC=no
#DNSOverTLS=no
#MulticastDNS=no
#LLMNR=no
#Cache=no-negative
#CacheFromLocalhost=no
# 第二个改动,把#号去掉,yes改成no
DNSStubListener=no
#DNSStubListenerExtra=
#ReadEtcHosts=yes
#ResolveUnicastSingleLabel=no
重新启动resolved服务即可
systemctl restart systemd-resolved
重新启动DNS容器
docker-compose up -d
进入DNS的管理界面
https://ip:10000
用户名:root
密码:在docker-compose.yml中