【備忘録】内部DNSのAlpine Linuxへの移行



問題なく動いてはいるが、パッケージの管理が面倒&ビルドで少し待たされるのでAlpine Linux上に再構築することにした。



$ cat Dockerfile
# hylogics/bind:alpine-latest
RUN apk update && apk add bind tzdata --no-cache
RUN cp /usr/share/zoneinfo/Asia/Tokyo /etc/localtime
EXPOSE 53/udp

$ cat docker-compose.yml
version: '3'
    image: "hylogics/bind:alpine-latest"
    container_name: "bind"
      - "53:53/udp"
      - "/home/docker/app/hylogics/conf/bind-alpine/named.conf:/etc/bind/named.conf"
      - "/home/docker/app/hylogics/conf/bind-alpine/master:/etc/bind/master"
      driver: "json-file"
    command: "/usr/sbin/named -c /etc/bind/named.conf -u named -g"
    restart: always

$ cat conf/bind-alpine/named.conf
// Copy this file to /etc/bind/named.conf if you want to run bind as an
// authoritative nameserver. If you want to run a recursive DNS resolver
// instead, see /etc/bind/named.conf.recursive.
// BIND supports using the same daemon as both authoritative nameserver and
// recursive resolver; it supports this because it is the oldest and original
// nameserver and so was designed before it was realized that combining these
// functions is inadvisable.
// In actual fact, combining these functions is a very bad idea. It is thus
// recommended that you run a given instance of BIND as either an authoritative
// nameserver or recursive resolver, not both. The example configuration herein
// provides a secure starting point for running an authoritative nameserver.

options {
        directory "/var/bind";

        // Configure the IPs to listen on here.
        listen-on { any; };
        listen-on-v6 { none; };

        // If you want to allow only specific hosts to use the DNS server:
        allow-query {

        // Specify a list of IPs/masks to allow zone transfers to here.
        // You can override this on a per-zone basis by specifying this inside a zone
        // block.
        // Warning: Removing this block will cause BIND to revert to its default
        //          behaviour of allowing zone transfers to any host (!).
        allow-transfer {

        // If you have problems and are behind a firewall:
        //query-source address * port 53;

        pid-file "/var/run/named/";

        // Changing this is NOT RECOMMENDED; see the notes above and in
        // named.conf.recursive.
        allow-recursion { none; };
        recursion no;

// Example of how to configure a zone for which this server is the master:
//zone "" IN {
//      type master;
//      file "/etc/bind/master/";

// You can include files:
//include "/etc/bind/example.conf";


  • パッケージ管理はapk。
  • Debianと違って環境変数を設定してもJSTにならない。
  • IPアドレスは固定せずに用いるためlisten-on { any; };
  • ログは管理しない。syslogに出ても鬱陶しいのでlogging: driver: "json-file"としておく。
  • 自動再起動 restart: always を忘れずに。


$ docker images
REPOSITORY            TAG                 IMAGE ID            CREATED             SIZE
hylogics/bind            alpine-latest       9eb702c23ae4        13 minutes ago      11.5 MB
hylogics/bind            centos-latest       9196e1cd1424        2 hours ago         269 MB


$ docker-compose -f docker-compose.test.yml up -d
Creating bind ... done

$ free -h
              total        used        free      shared  buff/cache   available
Mem:           3.7G        165M        3.2G        8.5M        297M        3.3G
Swap:          2.0G          0B        2.0G

$ docker-compose -f docker-compose.production.yml up -d
Creating bind ... done

$ free -h
              total        used        free      shared  buff/cache   available
Mem:           3.7G        171M        3.2G        8.5M        298M        3.3G
Swap:          2.0G          0B        2.0G