2/26/2017 Deploying a DNS Server using Docker ­ SAMEER NAIK

SAMEER NAIK (/)

home (/) archives (/blog/archives)

Deploying a DNS Server using Docker

APRIL 28, 2015
posted in docker (/blog/categories/docker/), howto (/blog/categories/howto/)
Tweet 11   0

This is the 壬�rst part of a series of how-to’s where I describe setting up and using various docker
containers for home and production use.

To start o�� this series we will use the sameersbn/bind (https://github.com/sameersbn/docker-bind)

docker (https://www.docker.com/) image to setup a DNS server in production and host only
environments.

BIND (https://www.isc.org/downloads/bind/), developed by the Internet Systems Consortium

(http://www.isc.org/), is a production-grade and by far the most popular and widely used opensource
DNS server software available.

Introduction
The Domain Name System (http://en.wikipedia.org/wiki/Domain_Name_System) (DNS) server takes a
fully quali壬�ed domain name (FQDN) such as www.example.com and returns the corresponding IP
address such as 93.184.216.34 .

A couple of reasons to set up a DNS server.

By setting up a local DNS server you don’t rely on your ISP’s DNS servers which are often bogged
down by incoming tra艀c which makes responses to DNS queries take longer to get serviced.

Besides performing domain name resolutions, a BIND server also acts as a DNS cache. This means
that DNS queries could get serviced from the local cache. This in turn speeds up DNS responses.

Some ISP’s block access to websites by DNS spoo壬�ng. Setting up your own DNS server can help you
get around this. However, a more e��ective way to circumvent this type of censorship is by using the
tor browser (https://www.torproject.org/projects/torbrowser.html.en) which can be installed using the
sameersbn/browser-box (https://github.com/sameersbn/docker-browser-box) image.

Finally and most importantly, a local DNS server will enable you to de壬�ne a domain for your local
network. This allows you to address machines/services on the network with a name rather than its IP
address. When setting up web services whether you do it using docker or otherwise, installing a DNS
server makes the setup much simpler and easier to deal with.

Setting up the image

Begin by fetching the image from the docker hub.

http://www.damagehead.com/blog/2015/04/28/deploying­a­dns­server­using­docker/ 1/9
2/26/2017 Deploying a DNS Server using Docker ­ SAMEER NAIK

1 docker pull sameersbn/bind:latest

Now lets “boot” the image…

1 docker run -d --name=bind --dns=127.0.0.1 \

2 --publish=172.17.42.1:53:53/udp --publish=172.17.42.1:10000:10000 \
3 --volume=/srv/docker/bind:/data \
4 --env='ROOT_PASSWORD=SecretPassword' \
5 sameersbn/bind:latest

Here is the gist of the equivalent con壬�guration in docker-compose.yml

(https://gist.github.com/sameersbn/ea4692d9a8ee7accd6b3) form.

-d detaches, runs the container in the background

--name='bind' assigns the name bind to the container
--dns=127.0.0.1 con壬�gures the dns of the container to 127.0.0.1
--publish=172.17.42.1:53:53/udp makes the DNS server accessible on 172.17.42.1:53
--publish=172.17.42.1:10000:10000 makes webmin accessible at https://172.17.42.1:10000
(https://172.17.42.1:10000)
--volume=/srv/docker/bind:/data mounts /srv/docker/bind as a volume for persistence
--env='ROOT_PASSWORD=SecretPassword' sets the root password to SecretPassword

In the above command the DNS server will only be accessible to the host and other containers over
the docker bridge interface (host only). If you want the DNS server to be accessible over the network
you should replace --publish=172.17.42.1:53:53/udp with --publish=53:53/udp (all interfaces) or
something like --publish=192.168.1.1:53:53/udp (speci壬�c interface).

From this point on 172.17.42.1 will refer to our local DNS server. Replace it with the appropriate
address depending on your setup.

http://www.damagehead.com/blog/2015/04/28/deploying­a­dns­server­using­docker/ 2/9
2/26/2017 Deploying a DNS Server using Docker ­ SAMEER NAIK

The sameersbn/bind (https://github.com/sameersbn/docker-bind) image includes webmin, a web-

based interface for system administration, so that you can quickly and easily con壬�gure BIND.
Webmin is launched automatically when the image is started.

If you prefer con壬�guring BIND by hand, you can turn o�� webmin startup by setting --
env='WEBMIN_ENABLED=false' in the run command. The BIND speci壬�c con壬�guration will be available
at /srv/docker/bind/bind . To apply your con壬�guration send the HUP signal to the container using
docker kill -s HUP bind

Finally, if --env='ROOT_PASSWORD=SecretPassword' is not speci壬�ed in the run command, the

password for the root user is set to password . This password is used while logging in to the webmin
interface.

Test the DNS server

Before we go any further, lets check if our DNS server is able to resolve addresses using the unix
host command.

1 host www.google.com 172.17.42.1

www.google.com the address to resolve

172.17.42.1 the DNS server to be used for the resolution

If everything works as expected the host command should return the IP address of
www.google.com .

Using the DNS server

If you have setup a DNS server for your local network, you can con壬�gure your DHCP server to give
out the DNS servers address in the lease responses. If you do not have a DHCP server running on
your network (why?) you will have to manually con壬�gure it in the operating systems network settings.

http://www.damagehead.com/blog/2015/04/28/deploying­a­dns­server­using­docker/ 3/9
2/26/2017 Deploying a DNS Server using Docker ­ SAMEER NAIK

Alternately, on linux distributions that use Network Manager

(https://wiki.gnome.org/Projects/NetworkManager) (virtually every linux distribution), you can add a
dnsmasq (http://www.thekelleys.org.uk/dnsmasq/doc.html) con壬�guration
( /etc/NetworkManager/dnsmasq.d/dnsmasq.conf ) such that the local DNS server would be used for
speci壬�c addresses, while the default DNS servers would be used otherwise.

1 domain-needed
2 all-servers
3 cache-size=5000
4 strict-order
5
6 server=/example.com/google.com/172.17.42.1

In the above example, regardless of the primary DNS con壬�guration the DNS server at 172.17.42.1
will be used to resolve example.com and google.com addresses. This is particularly useful in host
only con壬�gurations when you setup a domain to address various services on the local host without
having to manually change the DNS con壬�guration everytime you connect to a di��erent network.

After performing the dnsmasq con壬�guration the network manager needs to be restarted for the
changes to take e��ect. On Ubuntu, this is achieved using the command restart network-manager

Finally, we can con壬�gure docker such that the containers are automatically con壬�gured to use our
DNS server. This is done by adding --dns 172.17.42.1 to the docker daemon command. On
Ubuntu, this is done at /etc/default/docker . The docker daemon needs to be restarted for these
changes to take e��ect.

Creating a domain using webmin

http://www.damagehead.com/blog/2015/04/28/deploying­a­dns­server­using­docker/ 4/9
2/26/2017 Deploying a DNS Server using Docker ­ SAMEER NAIK

Point your web browser to https://172.17.42.1:10000 (https://172.17.42.1:10000) and login to

webmin as user root and password SecretPassword . Once logged in click on Servers and select
BIND DNS Server.

This is where we will perform the DNS con壬�guration. Changes to the con壬�guration can be applied
using the Apply Con壬�guration link in the top right corner of the page. We will create a domain named
example.com for demonstration purposes.

We start by creating the reverse zone 172.17.42.1 . This is optional and required only if you want to
be able to do reverse DNS (rDNS) lookups. A rDNS lookup returns the domain name that is
associated with a given IP address. To create the zone select Create master zone and in the Create
new zone dialog set the Zone type to Reverse, the Network address to your interface IP address
172.17.42.1 , the Master server to ns.example.com and 壬�nally set Email address to the domain
administrator’s email address and select Create.

http://www.damagehead.com/blog/2015/04/28/deploying­a­dns­server­using­docker/ 5/9
2/26/2017 Deploying a DNS Server using Docker ­ SAMEER NAIK

Next, we create the forward zone example.com by selecting Create master zone and in the Create
new zone dialog set the Zone type to Forward, the Domain Name to example.com , the Master server
to ns.example.com and set Email address to the domain administrator’s email address and select
Create. Next, create the DNS entry for ns.example.com pointing to 172.17.42.1 and apply the
con壬�guration.

To complete this tutorial we will create a address (A) entry for webserver.example.com and then add
a domain name alias (CNAME) entry www.example.com which will point to webserver.example.com .

To create the A entry, select the zone example.com and then select the Address option. Set the
Name to webserver and the Address to 192.168.1.1 . To create the CNAME entry, select the zone
example.com and then select the Name Alias option. Set the Name to www and the Real Name to
webserver and apply the con壬�guration.

And now, the moment of truth…

http://www.damagehead.com/blog/2015/04/28/deploying­a­dns­server­using­docker/ 6/9
2/26/2017 Deploying a DNS Server using Docker ­ SAMEER NAIK

1 host webserver.example.com 172.17.42.1

2 host www.example.com 172.17.42.1

These commands should return the DNS addresses as per our con壬�guration. Time to 壬�nd out.

And there you have it. A local DNS server with a local domain named example.com .

If you found this post useful don’t forget to share it with your friends.

← Older (/blog/2014/10/31/hello-world/)

14 Comments Sameer Naik  Pradyumna singh r…

  Recommend  8 ⤤ Share Sort by Best

Join the discussion…

WooDzu • 2 years ago
Very nice read and a good use case for local RaspberyPI.
1 △   ▽ • Reply • Share ›

Mark • 2 years ago
Excellent writeup. It also helped me realise the potential of Docker much more.

But for the love of god: Please tell me what software you used for these gif's???

;­)
1 △   ▽ • Reply • Share ›

Sameer Naik  Mod   > Mark •  2 years ago

I used kazam to capture the screen area and used mplayer to spit out the frames from the
video using: mplayer ­ao null video­file­name ­vo jpeg:outdir=output

Then I manually (optional) deleted the frames that I did not want or thought are redundant
(a.k.a editing). Gnome Image Viewer works great for this, just press delete key when you want
to delete the current picture.

Next I created the gif using imagemagick: convert output/* output.gif

And finally optimized the size of the gif using: convert output.gif ­fuzz 10% ­layers Optimize
optimised.gif
http://www.damagehead.com/blog/2015/04/28/deploying­a­dns­server­using­docker/ 7/9
2/26/2017 Deploying a DNS Server using Docker ­ SAMEER NAIK
optimised.gif

­fuzz can be adjusted for quality over quantity. 
2 △   ▽ • Reply • Share ›

Mincă Daniel Andrei > Sameer Naik • a year ago
I suggest you use https://asciinema.org/ for recording terminal sessions, it's quite a
good tool :) I've been using it myself for 2 weeks and, the thing is, it's so darn easy to
install via aptitude.
△   ▽ • Reply • Share ›

Gokhan Oner > Sameer Naik • 2 years ago
Hi Sameer , I did everything what you tell but both dns and webmin not working on my
Ubuntu 14.04. What can i do with this case ?
△   ▽ • Reply • Share ›

Sameer Naik  Mod   > Gokhan Oner •  2 years ago

I suggest you open a issue/support request at
https://github.com/sameersbn/d.... Don't forget to mention the issue you are
facing and your setup details.
△   ▽ • Reply • Share ›

Sanjay Arora • 3 months ago
Sameer, any Ansible Playbook for this?
△   ▽ • Reply • Share ›

echeadle • 4 months ago
I tried the to setup the reverse zone as shown here. I could not get it to work. When creating a reverse
zone, you need to put in the network portion of your address. Which in your case I think is 192.168.1
Instead in the instructions, you put in your Server's address.

For my network, my router ip is 10.0.0.1 my dns server ip is 10.0.0.121. It is a home network so the
netmask is 255.255.255.0. This makes my network: 10.0.0 This worked great. Reverse pointers are
updated when I create the primary record and the host command works with the ip address.

I am using your container because it easily updates the dns records for my home network I am also
thinkig about using the same technique to create a home mail server.

This container is a lot of fun. Thanks for creating it.
△   ▽ • Reply • Share ›

Sanjay • a year ago
Very detailed and informative article! Thanks a lot!
△   ▽ • Reply • Share ›

Ove Ranheim • a year ago
I am not able to have my container to resolve the hostname for configured DNS IP.

Here is what I do: https://gist.github.com/oranhe...

I'm running ubuntu 14.04 LTS and docker bridge0 is configured by default to 172.17.0.0/16

Please advise.
△   ▽ Reply Share ›
http://www.damagehead.com/blog/2015/04/28/deploying­a­dns­server­using­docker/ 8/9
2/26/2017 Deploying a DNS Server using Docker ­ SAMEER NAIK

△   ▽ • Reply • Share ›

ip512 • a year ago
Thank you for this excellent article.
Note if you use docker 1.9+, the ip will be 172.17.0.1 instead of legacy 172.17.42.1
△   ▽ • Reply • Share ›

Navin • a year ago
I keep getting connection refused when I use­­publish=53:53/udp! How do I solve this. Looks like bind
is still listening to 127.0.0.1 inside the container.
△   ▽ • Reply • Share ›

Bruno Batista • 2 years ago
Excellent content! Thanks!
△   ▽ • Reply • Share ›

Slind14 • 2 years ago
dang is there any unix os interface with such window head's?
△   ▽ • Reply • Share ›

✉ Subscribe d Add Disqus to your site Add Disqus Add 🔒 Privacy

Copyright © 2015 Sameer Naik. All Rights Reserved.

The views and opinions expressed in this site are strictly my own and do not represent my employer’s opinions and strategies.
Powered by Octopress (http://octopress.org)

http://www.damagehead.com/blog/2015/04/28/deploying­a­dns­server­using­docker/ 9/9