Important: There is no official YADIFA Docker image on Docker Hub. You must build your own container from source using the Dockerfile provided below.
This guide shows how to build and run YADIFA in a Docker container.
mkdir -p /opt/yadifa/{config,zones,logs}
cd /opt/yadifa
YADIFA requires building from source. Create a Dockerfile:
FROM debian:bookworm-slim
LABEL maintainer="Your Name <your@email.com>"
LABEL description="YADIFA DNS Server"
# Install build dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
build-essential \
autoconf \
automake \
libtool \
libssl-dev \
liblmdb-dev \
libxml2-dev \
pkg-config \
curl \
ca-certificates \
&& rm -rf /var/lib/apt/lists/*
# Set YADIFA version
ARG YADIFA_VERSION=3.0.2
# Download and build YADIFA
RUN curl -fsSL "https://downloads.yadifa.eu/releases/yadifa-${YADIFA_VERSION}.tar.gz" -o /tmp/yadifa.tar.gz \
&& tar -xzf /tmp/yadifa.tar.gz -C /tmp \
&& cd /tmp/yadifa-${YADIFA_VERSION} \
&& ./bootstrap.sh \
&& ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var \
&& make -j$(nproc) \
&& make install \
&& rm -rf /tmp/yadifa* \
&& apt-get purge -y --auto-remove \
build-essential \
autoconf \
automake \
libtool \
pkg-config \
curl \
&& rm -rf /var/lib/apt/lists/*
# Create yadifa user and directories
RUN useradd --system --no-create-home --shell /usr/sbin/nologin yadifa \
&& mkdir -p /etc/yadifa /var/lib/yadifa/zones /var/log/yadifa /run/yadifa \
&& chown -R yadifa:yadifa /etc/yadifa /var/lib/yadifa /var/log/yadifa /run/yadifa
# Expose DNS ports
EXPOSE 53/udp 53/tcp
# Switch to yadifa user
USER yadifa
# Run YADIFA in foreground mode
CMD ["/usr/sbin/yadifad", "--nodaemon", "-c", "/etc/yadifa/yadifad.conf"]
Create config/yadifad.conf:
# YADIFA minimal configuration
directory "/var/lib/yadifa/zones"
pid-file "/run/yadifa/yadifa.pid"
# Listen on all interfaces
local-address 0.0.0.0
local-port 53
# Logging
loglevel info
# Include zone files
# include "/etc/yadifa/zones.conf"
Create config/zones.conf with your zones:
# Example zone configuration
# zone example.com master {
# type master
# zonefile "example.com.zone"
# }
Create docker-compose.yml:
version: '3.8'
services:
yadifa:
build:
context: .
dockerfile: Dockerfile
container_name: yadifa
restart: unless-stopped
ports:
- "53:53/udp"
- "53:53/tcp"
cap_add:
- NET_BIND_SERVICE
volumes:
- ./config:/etc/yadifa:ro
- ./zones:/var/lib/yadifa/zones
- ./logs:/var/log/yadifa
networks:
- dns-net
healthcheck:
test: ["CMD", "drill", "@127.0.0.1", "localhost", "SOA"]
interval: 30s
timeout: 10s
retries: 3
start_period: 10s
networks:
dns-net:
driver: bridge
# Navigate to project directory
cd /opt/yadifa
# Build the Docker image
docker compose build
# Start the container
docker compose up -d
# Check status
docker compose ps
# View logs
docker compose logs -f yadifa
Docker containers cannot bind to privileged ports (<1024) by default. The compose file above uses cap_add: NET_BIND_SERVICE to allow binding to port 53.
Alternative options:
Run as root (not recommended):
user: root
Use non-privileged port (e.g., 5353):
ports:
- "5353:5353/udp"
- "5353:5353/tcp"
Then update yadifad.conf with local-port 5353.
Create a zone file in zones/example.com.zone:
$TTL 3600
@ IN SOA ns1.example.com. hostmaster.example.com. (
2026022201 ; Serial
3600 ; Refresh
1800 ; Retry
604800 ; Expire
86400 ) ; Minimum TTL
; Name servers
@ IN NS ns1.example.com.
@ IN NS ns2.example.com.
; A records
@ IN A 192.0.2.1
ns1 IN A 192.0.2.1
ns2 IN A 192.0.2.2
www IN A 192.0.2.1
Add to config/zones.conf:
zone example.com master {
type master
zonefile "example.com.zone"
}
Reload YADIFA to pick up new zones:
docker compose exec yadifa yadifa_control zone_reload
You can customize the build with build arguments:
services:
yadifa:
build:
context: .
dockerfile: Dockerfile
args:
YADIFA_VERSION: "3.0.2"
Mount your configuration files:
volumes:
- ./config/yadifad.conf:/etc/yadifa/yadifad.conf:ro
- ./config/zones.conf:/etc/yadifa/zones.conf:ro
- ./zones:/var/lib/yadifa/zones:ro
- ./logs:/var/log/yadifa
Use specific image tags for reproducibility:
ARG YADIFA_VERSION=3.0.2
Run as non-root user (already configured in Dockerfile):
USER yadifa
Read-only configuration:
volumes:
- ./config:/etc/yadifa:ro
Security hardening (add to compose file):
security_opt:
- no-new-privileges:true
read_only: true
tmpfs:
- /run
- /tmp
Check container health:
docker compose ps
docker inspect --format='{{json .State.Health}}' yadifa | jq
View logs:
docker compose logs -f yadifa
docker compose logs --tail=100 yadifa
Backup zone files and configuration:
# Backup configuration
tar -czf yadifa-config-$(date +%Y%m%d).tar.gz config/
# Backup zone files
docker cp yadifa:/var/lib/yadifa/zones ./zones-backup-$(date +%Y%m%d)
To update to a newer version:
# Update YADIFA_VERSION in Dockerfile
# Then rebuild and restart
docker compose build --no-cache
docker compose down
docker compose up -d
Tip: Always backup your configuration and zone files before updating. Test updates in a staging environment first.
Port 53 already in use:
# Check what's using port 53
sudo ss -tulnp | grep :53
# Stop systemd-resolved if needed
sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved
Permission denied binding to port 53:
# Ensure NET_BIND_SERVICE capability is added
cap_add:
- NET_BIND_SERVICE
Container won’t start:
# Check container logs
docker compose logs yadifa
# Run interactively for debugging
docker compose run --rm yadifa /bin/bash
Configuration errors:
# Validate configuration from inside container
docker compose exec yadifa yadifa-checkconf /etc/yadifa/yadifad.conf
Zone loading failures:
# Check zone file permissions
docker compose exec yadifa ls -la /var/lib/yadifa/zones/
# Check zone file syntax
docker compose exec yadifa yadifa-checkzone example.com /var/lib/yadifa/zones/example.com.zone
Some community-maintained images may be available on Docker Hub. Search for yadifa and verify the source before use:
docker search yadifa
Warning: Community images are not officially supported. Always review the Dockerfile and verify security before using in production.
Running YADIFA in containers for production? We help with:
Need help? office@linux-server-admin.com or Contact Us