Skip to content

Docker Deployment

Deploy bindcar using Docker containers.

Prerequisites

  • Docker 20.10 or later
  • Docker Compose (optional)
  • BIND9 container or installation

Quick Start

Pull the Image

docker pull ghcr.io/firestoned/bindcar:latest

Run bindcar

docker run -d \
  --name bindcar \
  -p 8080:8080 \
  -v /var/cache/bind:/var/cache/bind \
  -e RUST_LOG=info \
  -e BIND_ZONE_DIR=/var/cache/bind \
  ghcr.io/firestoned/bindcar:latest

Docker Compose

Complete Stack

version: '3.8'

services:
  bind9:
    image: ubuntu/bind9:latest
    container_name: bind9
    ports:
      - "53:53/tcp"
      - "53:53/udp"
    volumes:
      - zones:/var/cache/bind
      - ./named.conf:/etc/bind/named.conf
    restart: unless-stopped

  bindcar:
    image: ghcr.io/firestoned/bindcar:latest
    container_name: bindcar
    ports:
      - "8080:8080"
    environment:
      - BIND_ZONE_DIR=/var/cache/bind
      - API_PORT=8080
      - RUST_LOG=info
      - DISABLE_AUTH=false
    volumes:
      - zones:/var/cache/bind
    depends_on:
      - bind9
    restart: unless-stopped

volumes:
  zones:

Start the Stack

docker-compose up -d

Verify

# Check containers are running
docker-compose ps

# Check bindcar health
curl http://localhost:8080/api/v1/health

# Check logs
docker-compose logs -f bindcar

Environment Variables

See Environment Variables for complete reference.

Common variables:

BIND_ZONE_DIR=/var/cache/bind
API_PORT=8080
RUST_LOG=info
RNDC_SERVER=127.0.0.1:953
RNDC_ALGORITHM=sha256
RNDC_SECRET=dGVzdC1zZWNyZXQtaGVyZQ==
DISABLE_AUTH=false

Volumes

Zone Directory

Must be shared between BIND9 and bindcar:

-v zones:/var/cache/bind

Options: - Named volume (recommended for production) - Host path (for development) - tmpfs (for testing)

Networking

Bridge Network (Default)

services:
  bind9:
    networks:
      - dns-network
  bindcar:
    networks:
      - dns-network

networks:
  dns-network:
    driver: bridge

Host Network

For direct host access:

docker run --network host \
  ghcr.io/firestoned/bindcar:latest

Security

Run as Non-Root

bindcar runs as UID 1000 by default:

USER bindcar

Read-Only Root Filesystem

docker run --read-only \
  -v /var/cache/bind:/var/cache/bind \
  ghcr.io/firestoned/bindcar:latest

Limit Resources

deploy:
  resources:
    limits:
      cpus: '0.5'
      memory: 512M
    reservations:
      cpus: '0.25'
      memory: 256M

Health Checks

healthcheck:
  test: ["CMD", "curl", "-f", "http://localhost:8080/api/v1/health"]
  interval: 30s
  timeout: 3s
  retries: 3
  start_period: 5s

Troubleshooting

Container Won't Start

# Check logs
docker logs bindcar

# Check permissions
docker exec bindcar ls -la /var/cache/bind

Cannot Connect to API

# Check port binding
docker port bindcar

# Check firewall
sudo ufw status

RNDC Command Fails

# Verify rndc is accessible
docker exec bindcar which rndc

# Test rndc
docker exec bind9 rndc status

Next Steps