Last active
May 6, 2025 15:35
-
-
Save mortn/05cefaa71d44b5d5df4c06876c19178e to your computer and use it in GitHub Desktop.
HickoryDNS Podman Quadlet (rootless, yea baby!)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # .config/containers/systemd/hickorydns.container | |
| [Container] | |
| ContainerName=hickorydns | |
| Image=docker.io/hickorydns/hickory-dns:latest | |
| PublishPort=53:53/udp | |
| UserNS=keep-id:uid=100,gid=100 | |
| Volume=%h/hickory/etc:/etc:ro | |
| Volume=%h/hickory/zones:/var/named:ro | |
| AutoUpdate=registry | |
| AddCapability=NET_BIND_SERVICE | |
| Pull=newer | |
| [Install] | |
| WantedBy=default.target |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # .config/systemd/user/hickorydns.service | |
| # Here you need to build/fetch the hickory-dns binary yourself. | |
| [Unit] | |
| Description=Hickory DNS Server | |
| Documentation=https://github.com/hickory-dns/hickory-dns | |
| After=network.target | |
| [Service] | |
| Type=simple | |
| Environment="CONFIG=%h/hickory/etc/named.toml" | |
| Environment="ZONES=%h/hickory/zones/" | |
| ExecStart=%h/hickory/bin/hickory-dns -c ${CONFIG} -z ${ZONES} | |
| Restart=on-failure | |
| TimeoutStopSec=30 | |
| # Security options | |
| ProtectSystem=full | |
| ProtectHome=read-only | |
| PrivateTmp=true | |
| NoNewPrivileges=true | |
| [Install] | |
| WantedBy=default.target |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Get HickoryDNS ❤️ up and running in a jiff on most Linux hosts!
NB! You only need one of these files! Either you run this as a quadlet (podman user space container) or as a systemd service
Podman quadlet quick start:
loginctl enable-linger# This is to allow your processes to not just halt when you log off. NB!mkdir -p ~/.config/containers/systemd# Dir to hold all your awesome quadlets/user-space containersecho 'net.ipv4.ip_unprivileged_port_start=53' | sudo tee /etc/sysctl.d/net.conf# Allow non-root users to expose ports on port 53 and upwards.Setup HickoryDNS
~/hickory/etcand~/hickory/zones~/hickory/etc~/hickory/zonesStart the container (first time or new version will do an implicit pull):
systemctl --user start hickorydnsDebug with
journalctl --user -fu hickorydnsRun
systemctl --user daemon-reloadif you change the hickorydns.container fileBlocklists
This config shows how to configure blocklists:
https://github.com/hickory-dns/hickory-dns/blob/main/tests/test-data/test_configs/chained_blocklist.toml
Fetch the blocklist you like from https://github.com/hagezi/dns-blocklists. For HickoryDNS you want the wildcard version.