Public | Automated Build

Last pushed: a year ago
Short Description
Master NS server
Full Description

#Docker ns-master

Knot-based master DNS server for my DNS zones.
Zones are located in zones/ folder.




  • ZONES_DNSSEC: list of dns zone to automagically sign
  • TSIG_KEYS: tsig keys to allow transfers. syntax: "id:alg:secret". id will be prefixed by "key_"
  • TSIG_SLAVES: slaves. syntax: id:allowed_ip:tsig_key_id
  • TSIG_UPDATES: those keys are allowed to update all zones. syntax: id:allowed_ip:tsig_key_id
  • DNSTAP_SOCKET: dnstap socket path. Disabled if empty.


Spawn a Knot DNS Server hosting the "example.invalid" zone, and déclares 2 TSIG keys.

One will be allowed to transfert the zone from, and the other will be allowed to update the zone using for example nsupdate.

docker run -it -e 'ZONES_DNSSEC=example.invalid' -e 'TSIG_KEYS=1:hmac-sha512:blablalblabla 2:hmac-sha512:blablalbalblabla' -e 'TSIG_SLAVES=1:' -e 'TSIG_UPDATES=2:'


This project can be tested with testinfra (, by running make test.

Testinfra is configured to spawn a docker container for each test, and to remove it after.

Launch configuration (environment var) are passed by pytest parameters.


  • Clean the testinfra configuration (I don't like all the mess around docker run in
  • Test DNSSEC signature (before, and after updating the zone)
Docker Pull Command
Source Repository