conteneurisation des DNS (2 versions de Dockerfile)

dns-v1/Dockerfile

@@ -0,0 +1,68 @@
+FROM debian:trixie-slim AS builder-common
+
+ENV DEBIAN_FRONTEND=noninteractive
+RUN apt-get update && apt-get install -y --no-install-recommends make
+
+WORKDIR /etc/powerdns
+RUN mkdir -p pdns.d
+
+COPY pdns.conf pdns.conf
+
+COPY zones pri
+
+# this stage prepares the configuration files in /etc/powerdns for primary
+FROM builder-common AS builder-primary
+
+# build additional config files from templates (tpl)
+COPY primary tpl
+COPY primary/Makefile .
+RUN make
+
+RUN rm -rf tpl Makefile
+
+# this stage prepares the configuration files in /etc/powerdns for secondary
+FROM builder-common AS builder-secondary
+
+COPY secondary tpl
+COPY secondary/Makefile .
+RUN make
+
+RUN rm -rf tpl pri Makefile
+
+FROM debian:trixie-slim AS common
+
+# install make for building config files, pdns-server and bind backend for serving zones
+ENV DEBIAN_FRONTEND=noninteractive
+RUN apt-get update && apt-get install -y --no-install-recommends \
+  pdns-server pdns-backend-bind pdns-backend-sqlite3 \
+  && rm -rf /var/lib/apt/lists/*
+
+# install configuration files, create necessary directories
+WORKDIR /etc/powerdns
+RUN rm -rf *
+RUN mkdir -p db sec /var/run/pdns
+
+# user permissions
+RUN chown pdns db sec /var/run/pdns
+USER pdns
+
+CMD ["pdns_server", "--guardian=no", "--daemon=no", "--loglevel=10", "--webserver=no"]
+
+# this stage is the actual primary DNS server image
+FROM common AS primary
+
+COPY --from=builder-primary /etc/powerdns .
+
+# DNSSEC setup
+RUN pdnsutil create-bind-db /etc/powerdns/db/bind-dnssec-db.sqlite3
+RUN pdnsutil secure-all-zones
+RUN cd pri && for i in *; do pdnsutil set-nsec3 $i "1 1 5 $(od -N16 -x < /dev/urandom | head -n1 | cut -b9- | sed 's/ //gi')"; done
+RUN pdnsutil rectify-all-zones
+
+# this stage is the actual secondary DNS server image
+FROM common AS secondary
+
+COPY --from=builder-secondary /etc/powerdns .
+
+# DNSSEC setup
+RUN pdnsutil create-bind-db /etc/powerdns/db/bind-dnssec-db.sqlite3