rsp2k/coredns
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
coredns/coredns/Dockerfile
Ryan Malloy 48cddc91cf Phase 0 scaffolding: RFC 2136 plugin groundwork (inactive) 
Lays the groundwork for a future CoreDNS rfc2136 plugin that will accept
TSIG-authenticated dynamic DNS updates from Caddy (via caddy-dns/rfc2136),
enabling self-hosted ACME DNS-01 cert automation without depending on
registrar APIs.

Nothing in this commit is active at runtime:
- Corefile additions are commented out
- coredns/Dockerfile references a plugin repo that doesn't exist yet
- scripts/acme-add-domain.sh just appends CNAME glue but has nothing
  to talk to until the plugin is built

Architecture and implementation plan:
  ~/.claude/plans/dood-does-coredns-offer-enumerated-piglet.md

Secret management: TSIG key generated and stored in .env.local
(gitignored). .env.local.example documents the expected shape.
2026-05-20 18:20:43 -06:00

42 lines
1.7 KiB
Docker
Raw Blame History

# Custom CoreDNS image that bakes in the rfc2136 plugin for accepting
# RFC 2136 dynamic updates (TSIG-authenticated). The upstream
# coredns/coredns image does NOT include this plugin — CoreDNS itself
# has no plugin for accepting dynamic updates anywhere in its ecosystem
# as of v1.12.2, so we ship our own.
#
# Stage 1: build CoreDNS from source with our plugin appended to
# plugin.cfg. Stage 2: distroless runtime image.
#
# Plugin source: <REPO_URL_PLACEHOLDER>
# This Dockerfile is currently SCAFFOLDING ONLY — the plugin repo does
# not yet exist. Building this image will fail until Phase 1 ships.
# ─── Stage 1: builder ──────────────────────────────────────────────
FROM golang:1.22-alpine AS builder
RUN apk add --no-cache git make
WORKDIR /build
ARG COREDNS_REF=v1.12.2
RUN git clone --depth 1 --branch ${COREDNS_REF} https://github.com/coredns/coredns.git .
# Inject our plugin into plugin.cfg. Must come BEFORE the `cache` plugin
# so authoritative answers from rfc2136 aren't intercepted by cache.
ARG PLUGIN_REPO=git.supportedsystems.net/rpm/coredns-rfc2136
ARG PLUGIN_REF=latest
RUN sed -i "/^cache:cache$/i rfc2136:${PLUGIN_REPO}" plugin.cfg && \
go get ${PLUGIN_REPO}@${PLUGIN_REF}
RUN make GOFLAGS="-ldflags=-w -s"
# ─── Stage 2: runtime ──────────────────────────────────────────────
FROM gcr.io/distroless/static-debian12
COPY --from=builder /build/coredns /coredns
# Match upstream's exposed ports.
EXPOSE 53 53/udp 853 443 9153 8080
ENTRYPOINT ["/coredns"]
CMD ["-conf", "/etc/coredns/Corefile"]
Reference in New Issue View Git Blame Copy Permalink