I've managed to set up a highly efficient MikroTik-friendly DNS resolver server with blacklist, DNSSEC, and many other new DNS features in an ARM64 container. It's been working exceptionally well with very low memory usage and impressive speed. I'd like to share the details with the community for those who may benefit from it.
Note: This is not dns forwarder or proxy.
I've tested this setup on an RB5009 with an external disk connected to the USB port. I highly recommend using an external disk for containers.
The server I'm referring to is called sdns. It's open-source, and the repository can be found at GitHub. You can either build the container from the source or pull it from Docker Hub (c1982/sdns). The Docker Hub version has over 10k pulls and is updated automatically through GitHub actions, which makes it quite reliable. Moreover, the container is incredibly lightweight at only 5MB, based on Alpine Linux. Upon startup, it utilizes only ~1MB of memory.![:shock:]( "Shocked")
Additionally, the logging feature is very useful.
Here's how I set it up:
After the first start, sdns generates sdns.conf under the disk1/sdns-db folder. You can fetch sdns.conf via SCP or SFTP, edit blacklists or other configurations, and restart the container.
Here are the logs from the first start:
SDNS also has an API, which can be docs found here. However, you'll need to modify the API address in the configuration. Changed this line to: I don't recommend using heavy, extensive blacklists as they consume a significant amount of memory.
If you have any question ping me up.
Note: This is not dns forwarder or proxy.
I've tested this setup on an RB5009 with an external disk connected to the USB port. I highly recommend using an external disk for containers.
The server I'm referring to is called sdns. It's open-source, and the repository can be found at GitHub. You can either build the container from the source or pull it from Docker Hub (c1982/sdns). The Docker Hub version has over 10k pulls and is updated automatically through GitHub actions, which makes it quite reliable. Moreover, the container is incredibly lightweight at only 5MB, based on Alpine Linux. Upon startup, it utilizes only ~1MB of memory.
Additionally, the logging feature is very useful.Here's how I set it up:
Code:
/container/mounts/add name=sdns src=disk1/sdns-db dst=/db/container/add remote-image=c1982/sdns:latest cmd="-c db/sdns.conf" hostname=sdns interface=veth1 mounts=sdns root-dir=disk1/sdns start-on-boot=yes logging=yesHere are the logs from the first start:
Code:
/log/print 12:05:43 container,info,debug importing remote image: c1982/sdns, tag: latest 12:05:45 container,info,debug getting layer sha256:c7f4faa3cf6577680f0e22f85b6c93cc9a37f739545a2354553d6a976fc3b5eb 12:05:47 container,info,debug layer sha256:c7f4faa3cf6577680f0e22f85b6c93cc9a37f739545a2354553d6a976fc3b5eb downloaded 12:05:47 container,info,debug getting layer sha256:1f4de22d3c9c535608f0f3a0e32b7477b3d56ac970648537756a8febdfb939f5 12:05:48 container,info,debug layer sha256:1f4de22d3c9c535608f0f3a0e32b7477b3d56ac970648537756a8febdfb939f5 downloaded 12:05:48 container,info,debug import successful, container 006e0278-feac-4d01-a9b4-3afabf2dab64 12:05:52 container,info,debug t=2024-02-16T09:05:52+0000 lvl=info msg="Starting sdns..." version=1.3.6 12:05:52 container,info,debug t=2024-02-16T09:05:52+0000 lvl=info msg="Default config file generated" config=/db/sdns.conf 12:05:52 container,info,debug t=2024-02-16T09:05:52+0000 lvl=info msg="Loading config file..." path=db/sdns.conf 12:05:52 container,info,debug t=2024-02-16T09:05:52+0000 lvl=info msg="Working directory" path=db 12:05:52 container,info,debug t=2024-02-16T09:05:52+0000 lvl=info msg="Empty zones loaded" zones=99 12:05:52 container,info,debug t=2024-02-16T09:05:52+0000 lvl=info msg="API server listening..." addr=127.0.0.1:8080 12:05:52 container,info,debug t=2024-02-16T09:05:52+0000 lvl=info msg="DNS server listening..." net=tcp addr=:53 12:05:52 container,info,debug t=2024-02-16T09:05:52+0000 lvl=info msg="DNS server listening..." net=udp addr=:53 12:05:52 container,info,debug t=2024-02-16T09:05:52+0000 lvl=warn msg="No trust anchor state file found or the state corrupted! New one will be generate." path=db/trust-anchor.db 12:05:52 container,info,debug t=2024-02-16T09:05:52+0000 lvl=info msg="Trust anchor status" keytag=20326 state=VALID firstseen="Fri Feb 16 09:05:52 UTC 2024" 12:05:52 container,info,debug t=2024-02-16T09:05:52+0000 lvl=info msg="Trust anchors refreshed" path=db/trust-anchor.db nextrefresh="Fri Feb 16 21:05:52 UTC 2024" 12:05:53 container,info,debug t=2024-02-16T09:05:53+0000 lvl=info msg="Loading blocked domains..." path=db/blacklists 12:05:53 container,info,debug t=2024-02-16T09:05:53+0000 lvl=info msg="Blocked domains loaded" total=0Code:
api = ":8080"If you have any question ping me up.
Statistics: Posted by blanx — Fri Feb 16, 2024 12:14 pm