MultiDirectoryLab · iyashnov · Dec 24, 2025 · Dec 24, 2025 · Dec 24, 2025 · Dec 24, 2025
diff --git a/.dns/dns_api.py b/.dns/dns_api.py
diff --git a/.dns/entrypoint.sh b/.dns/entrypoint.sh
diff --git a/.dns/templates/zone.template b/.dns/templates/zone.template
diff --git a/.dns/templates/zone_options.template b/.dns/templates/zone_options.template
diff --git a/.docker/bind9.Dockerfile b/.docker/bind9.Dockerfile
diff --git a/.docker/pdns_auth.Dockerfile b/.docker/pdns_auth.Dockerfile
@@ -0,0 +1,68 @@
+FROM alpine:3.20 AS builder
+
+RUN apk add --no-cache --virtual .build-deps \
+      build-base \
+      lmdb-dev \
+      openssl-dev \
+      boost-dev \
+      autoconf automake libtool \
+      git ragel bison flex \
+      lua5.4-dev \
+      curl-dev
+
+RUN apk add --no-cache \
+      lua \
+      lua-dev \
+      lmdb \
+      boost-libs \
+      openssl-libs-static \
+      curl \
+      libstdc++
+
+RUN git clone https://github.com/PowerDNS/pdns.git /pdns
+WORKDIR /pdns
+
+RUN git submodule init &&\
+    git submodule update &&\
+    git checkout auth-5.0.1
+
+RUN autoreconf -vi
+
+RUN mkdir /build && \
+    ./configure \
+      --sysconfdir=/etc/powerdns \
+      --enable-option-checking=fatal \
+      --with-dynmodules='lmdb' \
+      --with-modules='' \
+      --with-unixodbc-lib=/usr/lib/$(dpkg-architecture -q DEB_BUILD_GNU_TYPE) && \
+    make clean && \
+    make $MAKEFLAGS -C ext &&\
+    make $MAKEFLAGS -C modules &&\
+    make $MAKEFLAGS -C pdns && \
+    make -C pdns install DESTDIR=/build &&\ 
+    make -C modules install DESTDIR=/build &&\ 
+    make clean && \
+    strip /build/usr/local/bin/* /build/usr/local/sbin/* /build/usr/local/lib/pdns/*.so
+
+# ====================================================================================================
+
+FROM alpine:3.20 AS runtime
+
+COPY --from=builder /build /
+
+RUN apk add --no-cache \
+    lua \
+    lua-dev \
+    lmdb \
+    boost-libs \
+    openssl-libs-static \
+    curl \
+    libstdc++
+
+RUN mkdir -p /etc/powerdns/pdns.d /var/run/pdns /var/lib/powerdns /etc/powerdns/templates.d /var/lib/pdns-lmdb
+
+COPY ./pdns.conf /etc/powerdns/pdns.conf
+
+EXPOSE 8082/tcp
+
+CMD ["/usr/local/sbin/pdns_server"]
diff --git a/.github/workflows/build-beta.yml b/.github/workflows/build-beta.yml
@@ -155,7 +155,7 @@ jobs:
             --build-arg BUILDKIT_INLINE_CACHE=1 \
             --build-arg VERSION=beta
 
-  build-bind9:
+  build-pdns_auth:
     runs-on: ubuntu-latest
     needs: [build-tests, run-ssh-test, run-tests]
     steps:
@@ -172,14 +172,14 @@ jobs:
 
       - name: Build docker image
         env:
-          TAG: ghcr.io/${{ env.REPO }}_bind9:beta
+          TAG: ghcr.io/${{ env.REPO }}_pdns_auth:beta
           DOCKER_BUILDKIT: '1'
         run: |
           echo $TAG
           docker build \
             --push \
             --target=runtime \
-            -f .docker/bind9.Dockerfile . \
+            -f .docker/pdns_auth.Dockerfile . \
             -t $TAG \
             --cache-to type=gha,mode=max \
             --cache-from $TAG \

diff --git a/.github/workflows/build-docker-image.yml b/.github/workflows/build-docker-image.yml
@@ -176,7 +176,7 @@ jobs:
             --build-arg BUILDKIT_INLINE_CACHE=1 \
             --build-arg VERSION=latest
 
-  build-bind9:
+  build-pdns_auth:
     runs-on: ubuntu-latest
     needs: [build-tests, run-ssh-test, run-tests]
     steps:
@@ -193,14 +193,14 @@ jobs:
 
       - name: Build docker image
         env:
-          TAG: ghcr.io/${{ env.REPO }}_bind9:latest
+          TAG: ghcr.io/${{ env.REPO }}_pdns_auth:latest
           DOCKER_BUILDKIT: '1'
         run: |
           echo $TAG
           docker build \
             --push \
             --target=runtime \
-            -f .docker/bind9.Dockerfile . \
+            -f .docker/pdns_auth.Dockerfile . \
             -t $TAG \
             --cache-to type=gha,mode=max \
             --cache-from $TAG \

diff --git a/.package/docker-compose.yml b/.package/docker-compose.yml
@@ -296,27 +296,32 @@ services:
       - traefik.tcp.routers.kpasswd.service=kpasswd
       - traefik.tcp.services.kpasswd.loadbalancer.server.port=464
 
-  bind_dns:
-    image: ghcr.io/multidirectorylab/multidirectory_bind9:${VERSION:-latest}
-    container_name: bind9
-    hostname: bind9
-    restart: unless-stopped
+  pdns_auth:
+    image: ghcr.io/multidirectorylab/multidirectory_pdns_auth:${VERSION:-latest}
+    container_name: pdns_auth
+    expose:
+      - 8082
+      - 53
     volumes:
-      - dns_server_file:/opt/
-      - dns_server_config:/etc/bind/
-    tty: true
-    env_file:
-      - .env
-    environment:
-      - USE_CONFIG_FILE_LOGGING=true
-    depends_on:
-      ldap_server:
-        condition: service_healthy
-        restart: true
+      - dns_lmdb:/var/lib/pdns-lmdb
+      - dns_config:/etc/powerdns
+
+
+  pdns_recursor:
+    image: powerdns/pdns-recursor-51:5.1.7
+    container_name: pdns_recursor
+    expose:
+      - 8083
+    ports:
+      - "53:53/udp"
+      - "53:53/tcp"
+    volumes:
+      - ./recursor.conf:/etc/powerdns/recursor.conf
+      - forward_zones:/etc/powerdns/recursor.d/
     labels:
       - traefik.enable=true
-      - traefik.udp.routers.bind_dns_udp.entrypoints=bind_dns_udp
-      - traefik.udp.services.bind_dns_udp.loadbalancer.server.port=53
+      - traefik.udp.routers.power_dns_recursor_udp.entrypoints=power_dns_recursor_udp
+      - traefik.udp.services.power_dns_recursor_udp.loadbalancer.server.port=53
 
   kea_dhcp4:
     image: ghcr.io/multidirectorylab/multidirectory_dhcp4:${VERSION:-latest}
@@ -427,3 +432,6 @@ volumes:
   leases:
   sockets:
   dhcp:
+  dns_lmdb:
+  dns_config:
+  forward_zones:
diff --git a/.package/traefik.yml b/.package/traefik.yml
@@ -32,7 +32,7 @@ entryPoints:
     address: ":749"
   kpasswd:
     address: ":464"
-  bind_dns_udp:
+  power_dns_recursor_udp:
     address: ":53/udp"
   websecure:
     address: ":443"