# Run CoreDNS with Podman Pod on Ubuntu ### 0. ubuntu 關閉 systemd-resolved 監聽 `127.0.0.53:53` * ubuntu 預設有開啟 `systemd-resolved` 服務，負責處理 Linux 系統中的「名稱解析」工作，但他會霸佔本機 53 port。 * 停用 systemd-resolved 的 stub listener（只讓它不再監聽 127.0.0.53:53） ``` $ sudoedit /etc/systemd/resolved.conf [Resolve] ...... DNSStubListener=no ...... ``` ``` $ sudo systemctl restart systemd-resolved ``` ### 1. 下載 podman ``` $ curl -fsSL -o podman-linux-amd64.tar.gz https://github.com/mgoltzsche/podman-static/releases/latest/download/podman-linux-amd64.tar.gz $ tar -zxvf podman-linux-amd64.tar.gz;cd podman-linux-amd64 ``` * 使用 rsync 複製 podman 執行檔案，並且會把原本會被覆寫的檔案移到備份目錄 ``` $ sudo rsync -aHAX --numeric-ids --info=progress2 \ --backup --backup-dir="/root/usr-backup-$(date +%F_%H%M%S)" \ ./usr/ /usr/ ``` ``` $ sudo mkdir -p /etc/containers $ sudo rsync -aHAX --no-o --no-g --info=progress2 \ --backup --backup-dir="/root/etc-containers-backup-$(date +%F_%H%M%S)}" \ ./etc/containers/ /etc/containers/ ``` ``` $ which podman /usr/local/bin/podman $ sudo podman version Client: Podman Engine Version: 5.6.0 API Version: 5.6.0 Go Version: go1.24.6 Built: Thu Jan 1 08:00:00 1970 OS/Arch: linux/amd64 ``` ### 2. 設定 Corefile，作為 CoreDNS Server 的設定檔 ``` $ mkdir -p "$HOME"/dns/{config,yaml} $ nano "$HOME"/dns/config/Corefile .:53 { forward . 8.8.8.8 log errors } andy.com:53 { file /root/andy.db log errors } ``` ### 3. 設定 DNS zone file ``` $ nano "$HOME"/dns/config/andy.db andy.com. IN SOA dns.andy.com. robbmanes.andy.com. 2015082541 7200 3600 1209600 3600 test.andy.com. IN A 192.168.80.21 ``` * `andy.com.` refers to the zone in which this DNS server is responsible for. * `SOA` refers to the type of record; in this case, a "Start of Authority" * `dns.andy.com` refers to the name of this DNS server * `robbmanes.andy.com` refers to the email of the administrator of this DNS server. Note that the `@` sign is simply noted with a period; this is not a mistake, but how it is formatted. * `2015082541` refers to the serial number. This can be whatever you like, so long as it is a serial number that is not reused in this configuration or otherwise has invalid characters. There are usually rules to follow concerning how to set this, notably by setting a valid date concerning the last modifications, like `2019020822` for February 08, 2019, at 22:00 hours. * `7200` refers to the Refresh rate in seconds; after this amount of time, the client should re-retrieve an SOA. * `3600` is the Retry rate in seconds; after this, any Refresh that failed should be retried. * `1209600` refers to the amount of time in seconds that passes before a client should no longer consider this zone as "authoritative". The information in this SOA expires ater this time. * `3600` refers to the Time-To-Live in seconds, which is the default for all records in the zone. * An A record indicates a name, in this case `test.andy.com`, which can be canonically mapped directly to an IP address, 192.168.80.21. ### 4. 編輯與設定 CoreDNS Pod YAML 檔 ``` ## spec.volumes.hostpath.path 每個環境會不同，需要修改。 $ nano ${HOME}/dns/yaml/coredns-pod.yaml apiVersion: v1 kind: Pod metadata: labels: app: coredns-pod name: coredns-pod spec: containers: - args: - -conf - /root/Corefile image: docker.io/coredns/coredns:latest name: coredns volumeMounts: - mountPath: /root/ name: config hostNetwork: true volumes: - hostPath: path: /home/bigred/dns/config type: Directory name: config ``` ### 5. podman 啟動 CoreDNS Pod ``` $ sudo podman kube play ${HOME}/dns/yaml/coredns-pod.yaml Pod: cd21bbdee88d877ca4c8501867ef620b3de166d606cf1bcd0825195c9b4768a5 Container: e214119e505edebd3f7ee001fc788d58fa4b1f1f6a13978347d79ffa4b1617df ``` ### 6. 檢查 STATUS 是否為 Up ``` $ sudo podman ps -a --pod CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES POD ID PODNAME 8758ac9989d3 localhost/podman-pause:5.0.3-1720373660 2 minutes ago Up About a minute cd21bbdee88d-infra cd21bbdee88d coredns-pod e214119e505e docker.io/coredns/coredns:latest -conf /root/Coref... About a minute ago Up About a minute coredns-pod-coredns cd21bbdee88d coredns-pod ``` ### 7. 使用本機 ip 測試查詢 A record ``` $ dig @172.20.7.50 test.andy.com +short 192.168.80.21 ``` ### 8. 設定 auto start pod after boot ``` ## The following is systemd service $ sudo nano /usr/lib/systemd/system/coredns.service # pod-coredns-pod.service # autogenerated by Podman 4.9.5 # Fri Jan 10 15:24:22 CST 2025 [Unit] Description=Podman pod-coredns-pod.service Documentation=man:podman-generate-systemd(1) Wants=network-online.target After=network-online.target [Service] Type=oneshot RemainAfterExit=yes Environment=PODMAN_SYSTEMD_UNIT=%n Restart=no TimeoutStopSec=70 # 注意自己的 podman path ExecStart=/usr/local/bin/podman pod start coredns-pod ExecStop=/usr/local/bin/podman pod stop coredns-pod [Install] WantedBy=default.target ``` ### 9. Enable Service ``` # 賦予執行權限 $ sudo chmod +x /usr/lib/systemd/system/coredns.service $ sudo systemctl enable coredns.service # 測試 Reboot $ sudo reboot # Check Pod Status $ sudo podman ps -a --pod CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES POD ID PODNAME a2e5acb3a1fd localhost/podman-pause:4.9.3-0 6 minutes ago Up 34 seconds 456479de0dc3-infra 456479de0dc3 coredns-pod 592b9591004d docker.io/coredns/coredns:latest -conf /root/Coref... 6 minutes ago Up 34 seconds coredns-pod-coredns 456479de0dc3 coredns-pod ``` ## 參考 https://hackmd.io/@QI-AN/Run-CoreDNS-with-Podman-Pod