Dockerfile

FROM python:3.11.12-slim

# Install system dependencies.
# Both NSD and BIND are installed so the image works with any DNS backend type.
# The entrypoint detects which one is configured and starts only that daemon.
# CoreDNS MySQL users: neither daemon is started — the image is still usable.
RUN apt-get update && apt-get install -y --no-install-recommends \
    bind9 \
    bind9utils \
    nsd \
    dnsutils \
    gcc \
    python3-dev \
    default-libmysqlclient-dev \
    && rm -rf /var/lib/apt/lists/*

# ---------------------------------------------------------------------------
# BIND setup
# ---------------------------------------------------------------------------
RUN mkdir -p /etc/named/zones && \
    chown -R bind:bind /etc/named && \
    chmod 755 /etc/named/zones

COPY docker/named.conf.local /etc/bind/
COPY docker/named.conf.options /etc/bind/
RUN chown root:bind /etc/bind/named.conf.*

# ---------------------------------------------------------------------------
# NSD setup
# ---------------------------------------------------------------------------
RUN mkdir -p /etc/nsd/zones /etc/nsd/nsd.conf.d && \
    chown -R nsd:nsd /etc/nsd && \
    chmod 755 /etc/nsd/zones

COPY docker/nsd.conf /etc/nsd/nsd.conf
RUN chown nsd:nsd /etc/nsd/nsd.conf

# ---------------------------------------------------------------------------
# Application
# ---------------------------------------------------------------------------
WORKDIR /app
COPY pyproject.toml poetry.lock README.md ./

RUN pip install "poetry==2.1.2"

COPY directdnsonly ./directdnsonly
COPY schema ./schema

RUN poetry config virtualenvs.create false && \
    poetry install

# Create data directories
RUN mkdir -p /app/data/queues /app/data/zones /app/logs && \
    chmod -R 755 /app/data

# Start script
COPY docker/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh

EXPOSE 2222 53/udp
CMD ["/entrypoint.sh"]
feat: update Dockerfile for improved BIND configuration and application setup 2026-02-17 16:16:01 +13:00			`FROM python:3.11.12-slim`

feat: add NSD backend and Topology C (multi-instance with peer sync) 🏗️ - New NSDBackend: zone files + nsd-control reload, zone registration via nsd.conf.d include file; mirrors BIND backend interface exactly - BackendRegistry now supports type "nsd"; config defaults for nsd.zones_dir and nsd.nsd_conf - Dockerfile installs both NSD and BIND9 — entrypoint detects configured backend type(s) and starts only the required daemon; CoreDNS MySQL deployments start neither - docker/nsd.conf: minimal NSD base config with remote-control and zones.conf include - entrypoint.sh: reads config file + env vars to determine which daemon to start; runs nsd-control-setup on first boot - 20 new NSD backend tests (117 total, all passing) - README: Topology C (multi-instance + peer sync) documented as most robust HA option; NSD config reference; updated topology comparison table; NSD env-var-only compose examples; version 2.5.0 2026-02-20 06:29:39 +13:00			`# Install system dependencies.`
			`# Both NSD and BIND are installed so the image works with any DNS backend type.`
			`# The entrypoint detects which one is configured and starts only that daemon.`
			`# CoreDNS MySQL users: neither daemon is started — the image is still usable.`
			`RUN apt-get update && apt-get install -y --no-install-recommends \`
feat: update Dockerfile for improved BIND configuration and application setup 2026-02-17 16:16:01 +13:00			`bind9 \`
			`bind9utils \`
feat: add NSD backend and Topology C (multi-instance with peer sync) 🏗️ - New NSDBackend: zone files + nsd-control reload, zone registration via nsd.conf.d include file; mirrors BIND backend interface exactly - BackendRegistry now supports type "nsd"; config defaults for nsd.zones_dir and nsd.nsd_conf - Dockerfile installs both NSD and BIND9 — entrypoint detects configured backend type(s) and starts only the required daemon; CoreDNS MySQL deployments start neither - docker/nsd.conf: minimal NSD base config with remote-control and zones.conf include - entrypoint.sh: reads config file + env vars to determine which daemon to start; runs nsd-control-setup on first boot - 20 new NSD backend tests (117 total, all passing) - README: Topology C (multi-instance + peer sync) documented as most robust HA option; NSD config reference; updated topology comparison table; NSD env-var-only compose examples; version 2.5.0 2026-02-20 06:29:39 +13:00			`nsd \`
feat: update Dockerfile for improved BIND configuration and application setup 2026-02-17 16:16:01 +13:00			`dnsutils \`
			`gcc \`
			`python3-dev \`
			`default-libmysqlclient-dev \`
			`&& rm -rf /var/lib/apt/lists/*`

feat: add NSD backend and Topology C (multi-instance with peer sync) 🏗️ - New NSDBackend: zone files + nsd-control reload, zone registration via nsd.conf.d include file; mirrors BIND backend interface exactly - BackendRegistry now supports type "nsd"; config defaults for nsd.zones_dir and nsd.nsd_conf - Dockerfile installs both NSD and BIND9 — entrypoint detects configured backend type(s) and starts only the required daemon; CoreDNS MySQL deployments start neither - docker/nsd.conf: minimal NSD base config with remote-control and zones.conf include - entrypoint.sh: reads config file + env vars to determine which daemon to start; runs nsd-control-setup on first boot - 20 new NSD backend tests (117 total, all passing) - README: Topology C (multi-instance + peer sync) documented as most robust HA option; NSD config reference; updated topology comparison table; NSD env-var-only compose examples; version 2.5.0 2026-02-20 06:29:39 +13:00			`# ---------------------------------------------------------------------------`
			`# BIND setup`
			`# ---------------------------------------------------------------------------`
feat: update Dockerfile for improved BIND configuration and application setup 2026-02-17 16:16:01 +13:00			`RUN mkdir -p /etc/named/zones && \`
			`chown -R bind:bind /etc/named && \`
			`chmod 755 /etc/named/zones`

			`COPY docker/named.conf.local /etc/bind/`
			`COPY docker/named.conf.options /etc/bind/`
			`RUN chown root:bind /etc/bind/named.conf.*`

feat: add NSD backend and Topology C (multi-instance with peer sync) 🏗️ - New NSDBackend: zone files + nsd-control reload, zone registration via nsd.conf.d include file; mirrors BIND backend interface exactly - BackendRegistry now supports type "nsd"; config defaults for nsd.zones_dir and nsd.nsd_conf - Dockerfile installs both NSD and BIND9 — entrypoint detects configured backend type(s) and starts only the required daemon; CoreDNS MySQL deployments start neither - docker/nsd.conf: minimal NSD base config with remote-control and zones.conf include - entrypoint.sh: reads config file + env vars to determine which daemon to start; runs nsd-control-setup on first boot - 20 new NSD backend tests (117 total, all passing) - README: Topology C (multi-instance + peer sync) documented as most robust HA option; NSD config reference; updated topology comparison table; NSD env-var-only compose examples; version 2.5.0 2026-02-20 06:29:39 +13:00			`# ---------------------------------------------------------------------------`
			`# NSD setup`
			`# ---------------------------------------------------------------------------`
			`RUN mkdir -p /etc/nsd/zones /etc/nsd/nsd.conf.d && \`
			`chown -R nsd:nsd /etc/nsd && \`
			`chmod 755 /etc/nsd/zones`

			`COPY docker/nsd.conf /etc/nsd/nsd.conf`
			`RUN chown nsd:nsd /etc/nsd/nsd.conf`

			`# ---------------------------------------------------------------------------`
			`# Application`
			`# ---------------------------------------------------------------------------`
feat: update Dockerfile for improved BIND configuration and application setup 2026-02-17 16:16:01 +13:00			`WORKDIR /app`
			`COPY pyproject.toml poetry.lock README.md ./`

feat: add NSD backend and Topology C (multi-instance with peer sync) 🏗️ - New NSDBackend: zone files + nsd-control reload, zone registration via nsd.conf.d include file; mirrors BIND backend interface exactly - BackendRegistry now supports type "nsd"; config defaults for nsd.zones_dir and nsd.nsd_conf - Dockerfile installs both NSD and BIND9 — entrypoint detects configured backend type(s) and starts only the required daemon; CoreDNS MySQL deployments start neither - docker/nsd.conf: minimal NSD base config with remote-control and zones.conf include - entrypoint.sh: reads config file + env vars to determine which daemon to start; runs nsd-control-setup on first boot - 20 new NSD backend tests (117 total, all passing) - README: Topology C (multi-instance + peer sync) documented as most robust HA option; NSD config reference; updated topology comparison table; NSD env-var-only compose examples; version 2.5.0 2026-02-20 06:29:39 +13:00			`RUN pip install "poetry==2.1.2"`
feat: update Dockerfile for improved BIND configuration and application setup 2026-02-17 16:16:01 +13:00
			`COPY directdnsonly ./directdnsonly`
			`COPY schema ./schema`

			`RUN poetry config virtualenvs.create false && \`
			`poetry install`

			`# Create data directories`
feat: add NSD backend and Topology C (multi-instance with peer sync) 🏗️ - New NSDBackend: zone files + nsd-control reload, zone registration via nsd.conf.d include file; mirrors BIND backend interface exactly - BackendRegistry now supports type "nsd"; config defaults for nsd.zones_dir and nsd.nsd_conf - Dockerfile installs both NSD and BIND9 — entrypoint detects configured backend type(s) and starts only the required daemon; CoreDNS MySQL deployments start neither - docker/nsd.conf: minimal NSD base config with remote-control and zones.conf include - entrypoint.sh: reads config file + env vars to determine which daemon to start; runs nsd-control-setup on first boot - 20 new NSD backend tests (117 total, all passing) - README: Topology C (multi-instance + peer sync) documented as most robust HA option; NSD config reference; updated topology comparison table; NSD env-var-only compose examples; version 2.5.0 2026-02-20 06:29:39 +13:00			`RUN mkdir -p /app/data/queues /app/data/zones /app/logs && \`
feat: update Dockerfile for improved BIND configuration and application setup 2026-02-17 16:16:01 +13:00			`chmod -R 755 /app/data`

			`# Start script`
			`COPY docker/entrypoint.sh /entrypoint.sh`
			`RUN chmod +x /entrypoint.sh`

			`EXPOSE 2222 53/udp`
feat: add NSD backend and Topology C (multi-instance with peer sync) 🏗️ - New NSDBackend: zone files + nsd-control reload, zone registration via nsd.conf.d include file; mirrors BIND backend interface exactly - BackendRegistry now supports type "nsd"; config defaults for nsd.zones_dir and nsd.nsd_conf - Dockerfile installs both NSD and BIND9 — entrypoint detects configured backend type(s) and starts only the required daemon; CoreDNS MySQL deployments start neither - docker/nsd.conf: minimal NSD base config with remote-control and zones.conf include - entrypoint.sh: reads config file + env vars to determine which daemon to start; runs nsd-control-setup on first boot - 20 new NSD backend tests (117 total, all passing) - README: Topology C (multi-instance + peer sync) documented as most robust HA option; NSD config reference; updated topology comparison table; NSD env-var-only compose examples; version 2.5.0 2026-02-20 06:29:39 +13:00			`CMD ["/entrypoint.sh"]`