Docker bind9 dns 服务器“失败:权限”

问题描述 投票:0回答:2

遇到权限问题。我确实意识到我可以按照 https://hub.docker.com/r/internetsystemsconsortium/bind9 上的说明进行操作,并以 

docker run
的方式附加卷,但我想将这些文件夹本地存储在自定义 /home 中/ 目录。不幸的是,它给了我一个权限问题。可能需要运行 
chmod
chown

docker-compose.yml:

version: '3.8'
services:

    bind9:
        image: internetsystemsconsortium/bind9:9.16
        container_name: bind9
        ports:
        - 53:53/udp
        - 53:53/tcp
        - 127.0.0.1:953:953/tcp
        volumes:
        - ./etc:/etc/bind
        - ./cache:/var/cache/bind
        - ./lib:/var/lib/bind
        - ./log:/var/log


docker logs bind9
揭示了以下内容:

...
bind9    | 27-Dec-2021 14:34:19.139 loading configuration from '/etc/bind/named.conf'
bind9    | 27-Dec-2021 14:34:19.139 directory '/var/cache/bind' is not writable
bind9    | 27-Dec-2021 14:34:19.139 /etc/bind/named.conf:2: parsing failed: permission denied
bind9    | 27-Dec-2021 14:34:19.139 loading configuration: permission denied
bind9    | 27-Dec-2021 14:34:19.139 exiting (due to fatal error)
bind9 exited with code 1
docker dns permissions bind9
2个回答
1
投票

来源:https://www.reddit.com/r/docker/comments/rpyr4f/dockercompose_folder_permissions_bind9/

sudo chown 106:260 -R ./etc/
sudo chown 105:106 -R ./cache/
sudo chown 105:106 -R ./lib/
sudo chown 0:198 -R ./log/
0
投票

我就是这样做的,每个文件一个文件,没有权限问题:

注意我的 docker compose 处于 macvlan 模式,但不查看网络 我有一个 ./data/etc/ 拥有所有配置文件 还有一个 ./data/log/ 拥有 default.log

docker-compose.yml

名称:bind9

services:
  bind9:
    image: internetsystemsconsortium/bind9:9.20
    container_name: bind9
    restart: unless-stopped
    hostname: bind9
    networks:
      LB-net:
        ipv4_address: 192.168.0.214

    environment:
      TZ: Europe/Paris

    volumes:
      - /var/cache/bind
      - /var/lib/bind
      - /var/log
      
      - ./data/etc/named.conf:/etc/bind/named.conf
      - ./data/etc/named.conf.local:/etc/bind/named.conf.local
      - ./data/etc/named.conf.logging:/etc/bind/named.conf.logging

      - ./data/log/default.log:/var/log/bind/default.log

      - ./data/etc/db.dd.veesix.net:/etc/bind/db.my-domain.com



networks:
  LB-net:
    name: 'LB-net'
    external: 'true'
name: bind9


services:
  bind9:
    image: internetsystemsconsortium/bind9:9.20
    container_name: bind9
    restart: unless-stopped
    hostname: bind9
    networks:
      LB-net:
        ipv4_address: 192.168.0.214


    environment:
      TZ: Europe/Paris


    volumes:
      #- ./data/cache:/var/cache/bind
      #- ./data/lib:/var/lib/bind
      #- ./data/log:/var/log


      #- /etc/bind
      - /var/cache/bind
      - /var/lib/bind
      - /var/log
      
      - ./data/etc/named.conf:/etc/bind/named.conf
      - ./data/etc/named.conf.local:/etc/bind/named.conf.local
      - ./data/etc/named.conf.logging:/etc/bind/named.conf.logging


      - ./data/log/default.log:/var/log/bind/default.log


      - ./data/etc/db.dd.veesix.net:/etc/bind/db.my-domain.com




networks:
  LB-net:
    name: 'LB-net'
    external: 'true'

命名.conf

http local {
        endpoints { "/dns-query"; };
};

options {
        directory "/var/cache/bind";

        listen-on { any; };
        listen-on-v6 { any; };
        listen-on tls ephemeral { any; };
        listen-on-v6 tls ephemeral { any; };
        listen-on tls ephemeral http local { any; };
        listen-on-v6 tls ephemeral http local { any; };

        version "we got 2.22 gigowatts Marty";

        allow-query { any; };
        allow-query-cache { none; };
        allow-recursion {
                none;
        };
        allow-transfer {
                none;
        };
        allow-update {
                none;
        };
};

include "/etc/bind/named.conf.logging";

include "/etc/bind/named.conf.local";

注意这里我包含了其他文件

named.conf.local

// It is recommended to create a key and configure Bind to listen to commands
// sent via rndc. However, it will function just fine without the following
// four lines.
//include "/etc/bind/local-config/rndc.key";
//controls {
//    inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
//};

// Then configure some standard zones.
//include "/etc/bind/named.conf.default-zones";
// If you intend to respond with IP addresses within the private ranges you
// need to remove the following line, else Bind will return empty responses
// for any IP inside the private ranges.
//include "/etc/bind/zones.rfc1918";
// Below here you can then add your own zones or whatever you like.

zone "dd.my-domain.com" {
        type primary;
        file "/etc/bind/db.my-domain.com";
        notify explicit;
};

named.conf.logging

logging {

    // Output really verbose logs to stderr (i.e. the console).
    channel std_err {
        stderr;

        // The most verbose is "debug 3", but that becomes really spammy.
        severity debug 1;

        // You probably always want these.
        print-time yes;
        print-severity yes;
        print-category yes;
    };

    // Write to a log file. But here we limit the severity level somewhat.
    channel std_log {
        // We write to a single file that may become 4 megabytes in size before
        // it is rotated, and a single copy will be maintained as history.
        file "/var/log/bind/default.log" versions 1 size 4m;

        severity info;

        print-time yes;
        print-severity yes;
        print-category yes;
    };

    // All categories which are not explicitly defined (or disabled by default)
    // will be caught by the "default" category, and then sent to all the
    // channels listed here.
    category default {
        std_err;
        std_log;
    };
};

最后是带有区域文件的 db.my-domain.com

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.