33 lines
928 B
Docker
33 lines
928 B
Docker
# Stage 1: build CoreDNS with minimal plugin set
|
|
FROM golang:1.25-alpine AS build
|
|
|
|
RUN apk add --no-cache git make bash
|
|
|
|
WORKDIR /src
|
|
RUN git clone --depth 1 --branch v1.12.1 \
|
|
https://github.com/coredns/coredns .
|
|
|
|
# Overwrite plugin.cfg with our trimmed list before compilation
|
|
COPY plugin.cfg .
|
|
|
|
RUN go generate && make
|
|
|
|
# Stage 2: extract CA certificates from a full image
|
|
FROM debian:stable-slim AS certs
|
|
RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
ca-certificates && rm -rf /var/lib/apt/lists/*
|
|
|
|
# Stage 3: minimal runtime — scratch + binary + certs only
|
|
FROM scratch
|
|
|
|
COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
|
|
COPY --from=build /src/coredns /coredns
|
|
COPY Corefile /Corefile
|
|
|
|
# 53: DNS (UDP + TCP)
|
|
# 8080: health endpoint
|
|
EXPOSE 53/udp 53/tcp 8080/tcp
|
|
|
|
# RouterOS requires root to bind port 53 — no USER directive
|
|
ENTRYPOINT ["/coredns", "-conf", "/Corefile"]
|