Install
Clone Docker Toolkit (Optional)
If not already done clone the docker toolkit repo
git clone https://gitlab.com/D3vbd/docker-toolkit.git ~/docker-toolkit
This will setup the toolkit in the folder ~/docker-toolkit
.
We will be using the technitium
folder.
~/docker-toolkit/technitium
Configure
In the environment variables section you can set some base configuration.
environment:
- DNS_SERVER_DOMAIN=dns.d3vbd #The primary domain name used by this DNS Server to identify itself.
# - DNS_SERVER_ADMIN_PASSWORD=Password #DNS web console admin user password.
- DNS_SERVER_ADMIN_PASSWORD_FILE=/password.txt #The path to a file that contains a plain text password for the DNS web console admin user.
# - DNS_SERVER_PREFER_IPV6=false #DNS Server will use IPv6 for querying whenever possible with this option enabled.
- DNS_SERVER_WEB_SERVICE_LOCAL_ADDRESSES=172.17.0.1,127.0.0.1,0.0.0.0 #Comma separated list of network interface IP addresses that you want the web service to listen on for requests. The "172.17.0.1" address is the built-in Docker bridge. The "[::]" is the default value if not specified. Note! This must be used only with "host" network mode.
# - DNS_SERVER_WEB_SERVICE_HTTP_PORT=5380 #The TCP port number for the DNS web console over HTTP protocol.
# - DNS_SERVER_WEB_SERVICE_HTTPS_PORT=53443 #The TCP port number for the DNS web console over HTTPS protocol.
# - DNS_SERVER_WEB_SERVICE_ENABLE_HTTPS=false #Enables HTTPS for the DNS web console.
# - DNS_SERVER_WEB_SERVICE_USE_SELF_SIGNED_CERT=false #Enables self signed TLS certificate for the DNS web console.
# - DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP=false #Enables DNS server optional protocol DNS-over-HTTP on TCP port 8053 to be used with a TLS terminating reverse proxy like nginx.
- DNS_SERVER_RECURSION=Allow #Recursion options: Allow, Deny, AllowOnlyForPrivateNetworks, UseSpecifiedNetworks.
# - DNS_SERVER_RECURSION_DENIED_NETWORKS=1.1.1.0/24 #Comma separated list of IP addresses or network addresses to deny recursion. Valid only for `UseSpecifiedNetworks` recursion option.
# - DNS_SERVER_RECURSION_ALLOWED_NETWORKS=127.0.0.1, 192.168.1.0/24 #Comma separated list of IP addresses or network addresses to allow recursion. Valid only for `UseSpecifiedNetworks` recursion option.
# - DNS_SERVER_ENABLE_BLOCKING=false #Sets the DNS server to block domain names using Blocked Zone and Block List Zone.
# - DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT=false #Specifies if the DNS Server should respond with TXT records containing a blocked domain report for TXT type requests.
# - DNS_SERVER_BLOCK_LIST_URLS= #A comma separated list of block list URLs.
- DNS_SERVER_FORWARDERS=1.1.1.1,1.0.0.1 #Comma separated list of forwarder addresses.
Set your DNS server domain using the DNS_SERVER_DOMAIN
environment variable.
By default this will forward requests to Cloudflare
.
Admin Password
By default the startup will create an admin user with the username admin
.
To set the password, enter it in the password.txt file.
You can update the admin password later in the UI and create additional users.
Start UP
To deploy the DNS application run
sudo docker-compose up
This will fail because we need to disable the stub listener.
Im using Ubuntu Server so you may need to figure this out if using a different Operating System.
Disable Stub Listener
It is important the container is already pulled...
If you disable the stub listener before you pull the container you wont be able to resolve domains and it will faill.
PULL FIRST.
Then edit your config at /etc/systemd/resolve.conf.
DNSStubListener=no
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free
# Software Foundation; either version 2.1 of the License, or (at your option)
# any later version.
#
# Entries in this file show the compile time defaults. Local configuration
# should be created by either modifying this file, or by creating "drop-ins" in
# the resolved.conf.d/ subdirectory. The latter is generally recommended.
# Defaults can be restored by simply deleting this file and all drop-ins.
#
# Use 'systemd-analyze cat-config systemd/resolved.conf' to display the full config.
#
# See resolved.conf(5) for details.
[Resolve]
# Some examples of DNS servers which may be used for DNS= and FallbackDNS=:
# Cloudflare: 1.1.1.1#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com 2606:4700:4700::1111#cloudflare-dns.com 2606:4700:4700::1001#cloudflare-dns.com
# Google: 8.8.8.8#dns.google 8.8.4.4#dns.google 2001:4860:4860::8888#dns.google 2001:4860:4860::8844#dns.google
# Quad9: 9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
#DNS=
#FallbackDNS=
#Domains=
#DNSSEC=no
#DNSOverTLS=no
#MulticastDNS=no
#LLMNR=no
#Cache=no-negative
#CacheFromLocalhost=no
DNSStubListener=no
#DNSStubListenerExtra=
#ReadEtcHosts=yes
#ResolveUnicastSingleLabel=no
Start
Now it should be ready to bind port 53
sudo docker compose up -d
Now visit the browser.
For example I made a VM with ip 10.10.60.60 so I would connect
Login with username admin
and the password you set in password.txt
Change Password
Click on your username in the top right corner and click change password
Set your new password.
Backup Server
To hve a backup just repeat the steps on another IP and get the server ready!