# BIND9 DNS Server on Alpine Linux
FROM git.esculta.es/aesculta/alpine-base:latest

# Environment variables
ENV BIND_USER=named \
    BIND_UID=53 \
    BIND_GID=53 \
    BIND_VERSION=9.18 \
    RNDC_KEY=supersecretkey \
    TZ=UTC

# Install BIND and tools
RUN apk add --no-cache \
    bind~${BIND_VERSION} \
    bind-tools~${BIND_VERSION} \
    tzdata \
    libcap \
    && rm -rf /var/cache/apk/*
# Configure BIND
#COPY --chown=named:named config/named.conf /etc/bind/
#COPY --chown=named:named config/zones/ /etc/bind/zones/

# Configure logging
RUN mkdir -p /var/log/named \
    && touch /var/log/named/named.log \
    && chown -R ${BIND_USER}:${BIND_USER} /var/log/named

# Set capabilities for non-root port binding
RUN setcap 'cap_net_bind_service=+ep' /usr/sbin/named

# Expose DNS ports
EXPOSE 53/tcp 53/udp


# Switch to named user
USER ${BIND_USER}

# Entrypoint script
COPY entrypoint.sh /
#RUN chmod +x /entrypoint.sh

ENTRYPOINT ["/entrypoint.sh"]
CMD ["named", "-g", "-u", "named"]