Merge branch 'feature/multistage-build-9.20' into 'v9.20'

Multistage build 9.20

See merge request isc-projects/bind9-docker!1

Dockerfile

@@ -1,35 +1,130 @@
-FROM ubuntu:jammy
-MAINTAINER BIND 9 Developers <bind9-dev@isc.org>
+# Create common base 
+FROM alpine:latest AS base
+LABEL org.opencontainers.image.authors="BIND 9 Developers <bind9-dev@isc.org>"
 
-ENV DEBIAN_FRONTEND noninteractive
-ENV LC_ALL C.UTF-8
+ENV LC_ALL=C.UTF-8
 
-ARG DEB_VERSION=1:9.19.24-2+ubuntu22.04.1+deb.sury.org+1
+ARG UID=53
+ARG GID=53
 
-# Install add-apt-repository command
-RUN apt-get -qqqy update
-RUN apt-get -qqqy dist-upgrade
-RUN apt-get -qqqy install --no-install-recommends apt-utils software-properties-common dctrl-tools gpg-agent
+ARG BIND9_VERSION=9.21.6
+ARG BIND9_CHECKSUM=ff9722bdb353df442ca95444148aa23e3d16153e4576d2bdaa008fa7f37e019c
 
-# Add the BIND 9 APT Repository
-RUN add-apt-repository -y ppa:isc/bind-dev
+RUN apk --no-cache update
+RUN apk --no-cache upgrade
 
-# Install BIND 9
-RUN apt-get -qqqy update
-RUN apt-get -qqqy dist-upgrade
-RUN apt-get -qqqy install bind9=$DEB_VERSION bind9utils=$DEB_VERSION
+# Build BIND 9
+FROM base AS builder
 
-# Now remove the pkexec that got pulled as dependency to software-properties-common
-RUN apt-get --purge -y autoremove policykit-1
+RUN apk --no-cache add \
+        autoconf \
+        automake \
+        build-base \
+        fstrm \
+        fstrm-dev \
+        jemalloc \
+        jemalloc-dev \
+        json-c \
+        json-c-dev \
+        krb5-dev \
+        krb5-libs \
+        libcap-dev \
+        libcap2 \
+        libidn2 \
+        libidn2-dev \
+        libmaxminddb-dev \
+        libmaxminddb-libs \
+        libtool \
+        libuv \
+        libuv-dbg \
+        libuv-dev \
+        libxml2 \
+        libxml2-dbg \
+        libxml2-dev \
+        libxslt \
+        lmdb \
+        lmdb-dev \
+        make \
+        musl-dbg \
+        nghttp2-dev \
+        nghttp2-libs \
+        openssl-dbg \
+        openssl-dev \
+        procps \
+	protobuf-c \
+        protobuf-c-dev \
+        tzdata \
+        userspace-rcu \
+        userspace-rcu-dev
 
+RUN mkdir -p /usr/src
+ADD https://downloads.isc.org/isc/bind9/${BIND9_VERSION}/bind-${BIND9_VERSION}.tar.xz /usr/src
+RUN cd /usr/src && \
+    ( echo "${BIND9_CHECKSUM}  bind-${BIND9_VERSION}.tar.xz" | sha256sum -c - ) && \
+    tar -xJf bind-${BIND9_VERSION}.tar.xz && \
+    cd /usr/src/bind-${BIND9_VERSION} && \
+    ./configure --prefix /usr \
+                --sysconfdir=/etc/bind \
+                --localstatedir=/ \
+                --enable-shared \
+                --disable-static \
+                --with-gssapi \
+                --with-libidn2 \
+                --with-json-c \
+                --with-lmdb=/usr \
+                --with-gnu-ld \
+                --with-maxminddb \
+                --enable-dnstap && \
+    make -j && \
+    make install DESTDIR=/dist  && \
+    rm -rf /usr/src
+
+# Create final image
+FROM base
+
+RUN apk --no-cache add \
+        fstrm \
+        jemalloc \
+        json-c \
+        krb5-libs \
+        libcap2 \
+        libidn2 \
+        libmaxminddb-libs \
+        libuv \
+        libxml2 \
+        lmdb \
+        nghttp2-libs \
+        procps \
+        protobuf-c \
+        tzdata \
+        userspace-rcu
+
+# Copy binaries from previous stage
+COPY --from=builder /dist/ /
+
+# Create user and group
+RUN addgroup -S -g ${GID} bind && adduser -S -u ${UID} -H -h /var/cache/bind -G bind bind
+
+# Create default configuration file
 RUN mkdir -p /etc/bind && chown root:bind /etc/bind/ && chmod 755 /etc/bind
+COPY named.conf /etc/bind
+RUN chown root:bind /etc/bind/named.conf && chmod 644 /etc/bind/named.conf
+
+# Create working directory
 RUN mkdir -p /var/cache/bind && chown bind:bind /var/cache/bind && chmod 755 /var/cache/bind
+
+# Create directory to store secondary zones
 RUN mkdir -p /var/lib/bind && chown bind:bind /var/lib/bind && chmod 755 /var/lib/bind
+
+# Create log directory
 RUN mkdir -p /var/log/bind && chown bind:bind /var/log/bind && chmod 755 /var/log/bind
+
+# Create PID directory
 RUN mkdir -p /run/named && chown bind:bind /run/named && chmod 755 /run/named
 
 VOLUME ["/etc/bind", "/var/cache/bind", "/var/lib/bind", "/var/log"]
 
-EXPOSE 53/udp 53/tcp 953/tcp
+EXPOSE 53/udp 53/tcp 953/tcp 853/tcp 443/tcp
 
-CMD ["/usr/sbin/named", "-f", "-c", "/etc/bind/named.conf", "-u", "bind"]
+ENTRYPOINT ["/usr/sbin/named", "-u", "bind"]
+CMD ["-f", "-c", "/etc/bind/named.conf", "-L", "/var/log/bind/default.log"]

named.conf

@@ -0,0 +1,14 @@
+http local {
+        endpoints { "/dns-query"; };
+};
+
+options {
+        directory "/var/cache/bind";
+
+	listen-on { any; };
+        listen-on-v6 { any; };
+        listen-on tls ephemeral { any; };
+        listen-on-v6 tls ephemeral { any; };
+        listen-on tls ephemeral http local { any; };
+        listen-on-v6 tls ephemeral http local { any; };
+};