{"id":28262871,"url":"https://github.com/jonasalfredsson/docker-bind","last_synced_at":"2026-03-09T15:02:04.021Z","repository":{"id":54595279,"uuid":"510612292","full_name":"JonasAlfredsson/docker-bind","owner":"JonasAlfredsson","description":"ISC Bind/Bind9/Named DNS server buit from source and running inside a Docker container.","archived":false,"fork":false,"pushed_at":"2026-01-29T11:46:49.000Z","size":99,"stargazers_count":7,"open_issues_count":3,"forks_count":3,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-01-30T01:59:45.444Z","etag":null,"topics":["386","alpine","amd64","arm64","armv7","bind9","debian","docker","hacktoberfest","isc-bind","isc-bind-server","named"],"latest_commit_sha":null,"homepage":"https://hub.docker.com/r/jonasal/bind/","language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JonasAlfredsson.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-07-05T06:22:42.000Z","updated_at":"2026-01-28T19:56:25.000Z","dependencies_parsed_at":"2025-10-24T13:14:00.237Z","dependency_job_id":"f4050225-69ee-48b4-a252-4e703eea675e","html_url":"https://github.com/JonasAlfredsson/docker-bind","commit_stats":null,"previous_names":[],"tags_count":14,"template":false,"template_full_name":null,"purl":"pkg:github/JonasAlfredsson/docker-bind","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JonasAlfredsson%2Fdocker-bind","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JonasAlfredsson%2Fdocker-bind/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JonasAlfredsson%2Fdocker-bind/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JonasAlfredsson%2Fdocker-bind/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JonasAlfredsson","download_url":"https://codeload.github.com/JonasAlfredsson/docker-bind/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JonasAlfredsson%2Fdocker-bind/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30299856,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-09T14:33:48.460Z","status":"ssl_error","status_checked_at":"2026-03-09T14:33:48.027Z","response_time":61,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["386","alpine","amd64","arm64","armv7","bind9","debian","docker","hacktoberfest","isc-bind","isc-bind-server","named"],"created_at":"2025-05-20T07:13:09.198Z","updated_at":"2026-03-09T15:02:03.989Z","avatar_url":"https://github.com/JonasAlfredsson.png","language":"Dockerfile","readme":"# docker-bind\n\nA Docker image of the ISC [Bind/Bind9/Named][2] DNS service that has been set\nup so it is easy to configure when running inside a container.\n\nThe program is [built][11] directly from source, in order to get the latest\nversion, and there are both Debian and Alpine images available. Useful\nconfiguration [files and folders](./root/etc/bind/) (similar to what is found in\nthe Debian packages) are included to make it simpler to set up a DNS server.\n\n\u003e There is also an [Ansible role][5] using this image, if that is of interest.\n\n\u003e :information_source: This is still a bit of work in progress, so if something\n\u003e isn't working for you I am very interested in being notified about it.\n\n### Acknowledgments and Thanks\n\nThis repository was originally a fork of [ventz/docker-bind][1], but what was\nsupposed to be just a small pull request turned into a complete rewrite. While\nvery little of the original code remains it would be dishonest to not keep the\ncommit history since without it I would not have found inspiration to make my\nown version.\n\nThere is also an official [Docker image][12] ([source][13]) but I found it\nhave some configuration options I didn't like and chose to try to build my own\ninstead.\n\n\n\n# Usage\n\nThe amount of options available for Bind is absolutely enormous, and what\noptions to use will be very different depending on how you intend to run your\ninstance so I will not even try to list suggestions here. But to just get you\nstarted we will set up a super simple forwarding server, so it becomes easier\nto understand what configuration files are needed and where they are expected\nto be found.\n\nFull Bind documentation found here: https://bind9.readthedocs.io/en/stable/\n\n\n## Available Environment Variables\n\n\u003e :information_source: It is *possible* to change these environment variables,\n  but you will most likely break things.\n\n- `BIND_LOG`: Input argument for configuring stderr or file logging (default: `-f`)\n- `BIND_USER`: The username the service will run as (default: alpine=`named`, debian=`bind`)\n\n\n## Configuration Files and Folders\n\nThere are five folders in this image that are good to know about:\n\n1. `/etc/bind/local-config/` - Your custom configs -\u003e Mount your configs here.\n2. `/var/cache/bind` - Default \"workdir\" for Bind -\u003e Probably good to host mount.\n3. `/var/log/bind` - Recommended folder to output logs to -\u003e Host mount if you want.\n4. `/var/lib/bind` - Suggested folder to place zone files in -\u003e Host mount if used.\n5. `/entrypoint.d/` - Place any scripts that should be executed at startup here.\n\n### 1. Your Custom Configs\nWhen the container starts it will launch Bind which will read the main config\nfile `/etc/bind/named.conf`, however, that one has only the following content:\n\n```conf\ninclude \"/etc/bind/local-config/named.conf.logging\";\ninclude \"/etc/bind/local-config/named.conf.options\";\ninclude \"/etc/bind/local-config/named.conf.local\";\n```\n\nWhat this means is that these three files are expected to be present when the\ncontainer starts, and some basic (but fully functioning) examples are available\ninside the [`example-configs/`](./example-configs/) folder (see how they are\nmounted in the [Run section](#run)).\n\n\u003e :warning: Logging in Bind is a little bit weird, so if anything in the config\n\u003e is wrong it will not output any logs unless you set `BIND_LOG=-g`. Use this\n\u003e for debugging and then switch back to default.\n\nBy having all the user defined files inside this folder, it is possible for\nthis image to include updated version of the [\"default\" config](./root/etc/bind/)\nfiles without the users having to update their paths.\n\n### 2. The Cache\nThe other important location is the \"working directory\" (or cache) of the server\nthat is defined at the top of the\n[`named.conf.options`](./example-configs/named.conf.options) file. This is the\nlocation where slave zone files will be written, or other stuff that needs to be\ncached, so for persistence I recommend to host mount this folder and make sure\nBind is allowed to write to it (`root:101 - 0775`).\n\nISC uses `/var/cache/bind` for this, so that is what we default to in this image\nas well.\n\nPlease also look at the [`rndc` section](#create-rndckey) for a simple way\nto create the `rndc` key needed for communicating with Bind.\n\n### 3. The Logs\nIf you choose to output logs to a file, like in the\n[logging example](./example-configs/named.conf.logging), the `/var/log/bind`\ndirectory is a good location to use inside the container. Host mount it in order\nto be able to read the logs outside the container.\n\nIf you are fine with just letting Docker capture and manage the logs you can\nremove the \"file\" configuration section, and just let it output to stdout.\n\n### 4. Your Zone Files\nISC claims that `/var/lib/bind` is \"usually the place where the secondary zones\nare placed\", but for my personal use I just place everything inside the\n[cache](#2-the-cache) directory. It is up to you, since you will either way\nneed to define the paths in the \"zone\" declarations inside the\n`named.conf.options` file.\n\n\n### 5. The `entrypoint` Scripts\nThe final location that might be of interest is the `/entrypoint.d/` folder,\nsince the main [`entrypoint.sh`](./entrypoint.sh) will look inside it for any\nfiles ending with `.sh` and try to execute them in alphabetical order. This\nallows you to run custom commands before the Bind service is started.\n\n#### Input Arguments\nAny extra input arguments provided as the `CMD`, when starting the image,\nwill be appended directly to the Bind service. Please take a look at the last\nline in [`entrypoint.sh`](./entrypoint.sh) to see how it works.\n\n\n\n## Create `rndc.key`\nAt the top of the [`named.conf.local`](./example-configs/named.conf.local) file\nwe include an \"[rndc key][10]\" which needs to be created manually by you as it\nshould be unique and secret. You can have the file written to the\n`example-configs/` folder by running the following command:\n\n```bash\ndocker run -it --rm \\\n    -v $(pwd)/example-configs:/etc/bind/local-config \\\n    --entrypoint=/bin/sh \\\n    jonasal/bind:9 \\\n    -c 'rndc-confgen -a -A hmac-sha256 -b 256 -u \"${BIND_USER}\" -c /etc/bind/local-config/rndc.key'\n```\n\n\n## Run\n\nAfter you have read through all the steps above we can finally start the\nimage:\n\n\n```bash\ndocker run -it --rm \\\n    -p 54:53 -p 54:53/udp -p 953:953 \\\n    -v $(pwd)/example-configs:/etc/bind/local-config \\\n    -v $(pwd)/zones:/var/cache/bind \\\n    jonasal/bind:9 \\\n    -4\n```\n\nImportant to note here is that we forward port 54 on the host to the \"correct\"\nport 53 inside the container. I do this because some Linux distributions comes\nwith the [`systemd-resolved`][3] service running which already use port 53.\nThis is a problem if you want to run this image as a real DNS server, so you\nwill have to [disable it][4] if it causes you trouble.\n\nFurthermore, at the very end of the command we include `-4`, and this tells\nBind to not enable any IPv6 functionality. The reason for this is that by\ndefault no IPv6 traffic is handled by Docker and unnecessary error messages\nwill be printed unless the flag is provided. Read more about this in the\n[Docker Network Mode](#docker-network-mode) section.\n\n### Verify\n\nIn order to verify that Bind works, after running the command above, is to\njust make a quick query to your machine on port 54 and see if anything is\nprinted in the container logs.\n\n```bash\ndig @127.0.0.1 -p 54 google.se\n```\n\n### Docker Network Mode\n\nAs was previously mentioned Docker does not have [IPv6 enabled][6] by default,\nso it is recommended to start Bind with the `-4` flag to tell it to run in\njust IPv4 mode. But if you do want to run it for both IP versions I would\nsuggest you first [read this][7] to get a better understanding of the quirks\nthat currently exist, and I would actually suggest you just run this container\non the `host` network to make your life easier.\n\n\u003e Also, don't forget to change the `listen-on-v6` directive in the options\n\u003e config file.\n\n```bash\ndocker run -it --rm \\\n    --network host \\\n    -v $(pwd)/example-configs:/etc/bind/local-config \\\n    -v $(pwd)/zones:/var/cache/bind \\\n    jonasal/bind:9\n```\n\nYou could probably do some [fiddling][9] with [macvlan][8] to achieve the same\nstuff, but I would not bother.\n\n\n\n# Further reading\n\nAs was mentioned in the beginning there exists a plethora of ways on how to\nconfigure Bind, so you will need to do some of your own research in order to\nfunction just as you want. However, here is a collection of links from where\nyou can start your journey:\n\n* https://wiki.debian.org/Bind9\n* https://help.ubuntu.com/community/BIND9ServerHowto\n* https://www.zytrax.com/books/dns/ch7/\n* https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-private-network-dns-server-on-ubuntu-18-04\n* https://kb.isc.org/docs/aa-01526\n* https://www.zytrax.com/books/dns/ch7/logging.html\n* https://bind9.readthedocs.io/en/stable/\n\n\n\n\n\n\n[1]: https://github.com/ventz/docker-bind\n[2]: https://www.isc.org/bind/\n[3]: https://www.freedesktop.org/software/systemd/man/systemd-resolved.service.html\n[4]: https://askubuntu.com/a/907249\n[5]: https://github.com/JonasAlfredsson/ansible-role-bind_dns\n[6]: https://docs.docker.com/config/daemon/ipv6/\n[7]: https://github.com/robbertkl/docker-ipv6nat\n[8]: https://docs.docker.com/network/macvlan/\n[9]: https://gist.github.com/mikejoh/04978da4d52447ead7bdd045e878587d\n[10]: https://www.interserver.net/tips/kb/what-and-how-to-use-rndc/\n[11]: https://bind9.readthedocs.io/en/latest/chapter10.html\n[12]: https://hub.docker.com/r/internetsystemsconsortium/bind9/tags\n[13]: https://gitlab.isc.org/isc-projects/bind9-docker/-/tree/v9.21?ref_type=heads\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjonasalfredsson%2Fdocker-bind","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjonasalfredsson%2Fdocker-bind","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjonasalfredsson%2Fdocker-bind/lists"}