This is a repository which builds a "minimalistic" (500M) OpenDNSSEC + SoftHSM instance
to sign zone files. The image will start ods-enforcerd and ods-signerd in
the background and then use syslog in foreground as PID 1. The image is based on Alpine Linux.
To run an instance of the container with OpenDNSSEC and SoftHSM just start a container with the image.
docker run --name opendnssec -d bombsimon/opendnssec-softhsmZones found in /var/opendnssec/unsigned on startup will be added automatically
and the zone will be named the same as the file found.
If the container was started without any zones mounted to above mentioned path you can add them manually. For details, see the OpenDNSSEC reference. An example with the example.com zone in this repository would look like this:
docker cp example.com opendnssec:/var/opendnssec/unsigned
docker exec opendnssec ods-enforcer zone add -z example.com -p labSigned zones are located in /var/opendnssec/signed.
The container will build four packages from source which makes the container building a bit slow. The reason for this is to avoid deep dependencies and support deployment on an Alpine Linux.
First of all we build gost engine since it's no longer bundled with SSL >=
1.1.1 but is required for SoftHSM. We then build ldns from source so we can
compile it with openssl instead of libressl which the package in the apk
repository is built upon.
When we've built ldns we will first build softhsm and then opendnssec. To
build a new version of the container run
docker build --no-cache -t opendnssec-softhsm .| Software | Version |
|---|---|
| Alpine Linux | 3.11 |
| GOST Engine | 1.1.0.3 |
| LDNS | 1.7.1 |
| OpenDNSSEC | 2.1.6 |
| OpenSSL | 1.1.1d-r3 |
| SoftHSM | 2.5.0 |