Docker Deployment¶

Deploy bindcar using Docker containers.

Prerequisites¶

Docker 20.10 or later
Docker Compose (optional)
BIND9 container or installation

Quick Start¶

Pull the Image¶

docker pull ghcr.io/firestoned/bindcar:latest

Run bindcar¶

docker run -d \
  --name bindcar \
  -p 8080:8080 \
  -v /var/cache/bind:/var/cache/bind \
  -e RUST_LOG=info \
  -e BIND_ZONE_DIR=/var/cache/bind \
  ghcr.io/firestoned/bindcar:latest

Docker Compose¶

Complete Stack¶

version: '3.8'

services:
  bind9:
    image: ubuntu/bind9:latest
    container_name: bind9
    ports:
      - "53:53/tcp"
      - "53:53/udp"
    volumes:
      - zones:/var/cache/bind
      - ./named.conf:/etc/bind/named.conf
    restart: unless-stopped

  bindcar:
    image: ghcr.io/firestoned/bindcar:latest
    container_name: bindcar
    ports:
      - "8080:8080"
    environment:
      - BIND_ZONE_DIR=/var/cache/bind
      - API_PORT=8080
      - RUST_LOG=info
      - DISABLE_AUTH=false
    volumes:
      - zones:/var/cache/bind
    depends_on:
      - bind9
    restart: unless-stopped

volumes:
  zones:

Start the Stack¶

docker-compose up -d

Verify¶

# Check containers are running
docker-compose ps

# Check bindcar health
curl http://localhost:8080/api/v1/health

# Check logs
docker-compose logs -f bindcar

Environment Variables¶

See Environment Variables for complete reference.

Common variables:

BIND_ZONE_DIR=/var/cache/bind
API_PORT=8080
RUST_LOG=info
RNDC_SERVER=127.0.0.1:953
RNDC_ALGORITHM=sha256
RNDC_SECRET=dGVzdC1zZWNyZXQtaGVyZQ==
DISABLE_AUTH=false

Volumes¶

Zone Directory¶

Must be shared between BIND9 and bindcar:

-v zones:/var/cache/bind

Options: - Named volume (recommended for production) - Host path (for development) - tmpfs (for testing)

Networking¶

Bridge Network (Default)¶

services:
  bind9:
    networks:
      - dns-network
  bindcar:
    networks:
      - dns-network

networks:
  dns-network:
    driver: bridge

Host Network¶

For direct host access:

docker run --network host \
  ghcr.io/firestoned/bindcar:latest

Security¶

Run as Non-Root¶

bindcar runs as UID 1000 by default:

USER bindcar

Read-Only Root Filesystem¶

docker run --read-only \
  -v /var/cache/bind:/var/cache/bind \
  ghcr.io/firestoned/bindcar:latest

Limit Resources¶

deploy:
  resources:
    limits:
      cpus: '0.5'
      memory: 512M
    reservations:
      cpus: '0.25'
      memory: 256M

Health Checks¶

healthcheck:
  test: ["CMD", "curl", "-f", "http://localhost:8080/api/v1/health"]
  interval: 30s
  timeout: 3s
  retries: 3
  start_period: 5s

Troubleshooting¶

Container Won't Start¶

# Check logs
docker logs bindcar

# Check permissions
docker exec bindcar ls -la /var/cache/bind

Cannot Connect to API¶

# Check port binding
docker port bindcar

# Check firewall
sudo ufw status

RNDC Command Fails¶

# Verify rndc is accessible
docker exec bindcar which rndc

# Test rndc
docker exec bind9 rndc status

Next Steps¶

Kubernetes Deployment - Deploy to Kubernetes
Configuration - Advanced configuration
Monitoring - Monitor your deployment