feat(container): initial dockerfile and settings

!1

dockerfile

@@ -0,0 +1,31 @@
+
+ARG TARGETPLATFORM="linux/amd64,linux/amd64/v2,linux/amd64/v3,linux/arm64,linux/arm/v7"
+ARG VERSION_BIND="9.18.19-r0"
+
+FROM --platform=$TARGETPLATFORM alpine:3.18.4
+
+
+ARG VERSION_BIND
+
+
+RUN \
+	apk upgrade --no-cache; \
+	apk add --no-cache \
+		bind==${VERSION_BIND} \
+		supervisor;
+
+
+EXPOSE \
+	53/tcp \
+	53/udp
+	# Others required? dnssec, secure updates, sone transfers DOT etc
+
+
+HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD \
+  supervisorctl status || exit 1
+
+
+COPY includes/ /
+
+
+CMD [ "/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf" ]

includes/etc/bind/named.conf

@@ -0,0 +1,43 @@
+// Docs: https://bind9.readthedocs.io/en/v9.18.19/reference.html
+options {
+	directory "/var/bind";
+
+	// Configure the IPs to listen on here.
+	listen-on { 127.0.0.1; };
+	listen-on-v6 { none; };
+
+	// If you want to allow only specific hosts to use the DNS server:
+	//allow-query {
+	//	127.0.0.1;
+	//};
+
+	// Specify a list of IPs/masks to allow zone transfers to here.
+	//
+	// You can override this on a per-zone basis by specifying this inside a zone
+	// block.
+	//
+	// Warning: Removing this block will cause BIND to revert to its default
+	//          behaviour of allowing zone transfers to any host (!).
+	allow-transfer {
+		none;
+	};
+
+	// If you have problems and are behind a firewall:
+	//query-source address * port 53;
+
+	pid-file "/var/run/named/named.pid";
+
+	// Changing this is NOT RECOMMENDED; see the notes above and in
+	// named.conf.recursive.
+	allow-recursion { none; };
+	recursion no;
+};
+
+// Example of how to configure a zone for which this server is the master:
+//zone "example.com" IN {
+//	type master;
+//	file "/etc/bind/master/example.com";
+//};
+
+// You can include files:
+// include "/etc/bind/conf.d/*.conf";

includes/etc/supervisor/conf.d/named.conf

@@ -0,0 +1,9 @@
+[program:bind]
+startsecs=0
+stopwaitsecs=55
+command=/usr/sbin/named -c /etc/bind/named.conf
+autorestart=true
+autostart=true
+stdout_logfile=/var/log/supervisor_%(program_name)s.log
+stderr_logfile=/var/log/supervisor_%(program_name)s.log
+retry=3

includes/etc/supervisor/supervisord.conf

@@ -0,0 +1,34 @@
+
+[unix_http_server]
+file=/var/run/supervisor.sock   ; (the path to the socket file)
+chmod=0700                       ; sockef file mode (default 0700)
+
+;[inet_http_server]
+;port = :9001
+; username = user
+; password = 123
+
+[supervisord]
+logfile=/var/log/supervisord.log ; (main log file;default $CWD/supervisord.log)
+pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
+childlogdir=/var/log            ; ('AUTO' child log dir, default $TEMP)
+nodaemon = true
+user=root
+
+; the below section must remain in the config file for RPC
+; (supervisorctl/web interface) to work, additional interfaces may be
+; added by defining them in separate rpcinterface: sections
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///var/run/supervisor.sock ; use a unix:// URL  for a unix socket
+
+; The [include] section can just contain the "files" setting.  This
+; setting can list multiple files (separated by whitespace or
+; newlines).  It can also contain wildcards.  The filenames are
+; interpreted as relative to this file.  Included files *cannot*
+; include files themselves.
+
+[include]
+files = /etc/supervisor/conf.d/*.conf