update to 9.18.13

amd64.dockerfile

@@ -1,5 +1,6 @@
 # :: Header
-	FROM alpine:3.16
+FROM alpine:latest
+ENV binVersion=9.18.13-r0
 
 # :: Run
 	USER root
@@ -10,12 +11,15 @@
 			mkdir -p /bind/etc \
 			mkdir -p /bind/var;
 
+	# :: install
 		RUN set -ex; \
 			apk add --update --no-cache \
 				bash \
-                bind>=9.16.29 \
+				bind>=${binVersion} \
+				bind-tools \
 				shadow;
 
+	# :: configure
 		RUN set -ex; \
 			addgroup --gid 1000 -S bind; \
 			adduser --uid 1000 -D -S -h /bind -s /sbin/nologin -G bind bind;
@@ -29,13 +33,14 @@
 			/bind \
 			/var/run/named;
 
-    # :: Version
-        RUN set -ex; \
-            echo "CI/CD{{$(named -v 2>&1)}}";
-
 # :: Volumes
 	VOLUME ["/bind/etc", "/bind/var"]
 
+# :: Monitor
+	RUN set -ex; chmod +x /usr/local/bin/healthcheck.sh
+	HEALTHCHECK CMD /usr/local/bin/healthcheck.sh || exit 1
+
 # :: Start
+	RUN set -ex; chmod +x /usr/local/bin/entrypoint.sh
 	USER bind
-	CMD ["/usr/sbin/named", "-fg", "-c", "/bind/etc/named.conf", "-u", "bind"]
+	ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]	

rootfs/bind/etc/named.conf

@@ -9,6 +9,8 @@ options {
   max-cache-size 256m;
 };
 
+server ::/0 { bogus yes; };
+
 acl acl-internal {
 	10.0.0.0/8;
 	172.16.0.0/12;

rootfs/bind/etc/zones.conf

@@ -1,7 +1,9 @@
 view "internal" {
+	recursion yes;
 	match-clients { acl-internal; };
 	allow-query { acl-internal; };
-	recursion yes;
+	allow-recursion { acl-internal; };
+	zone "." { type hint; file "/bind/var/root.db"; };
 };
 
 view "external" {

rootfs/usr/local/bin/entrypoint.sh

@@ -0,0 +1,9 @@
+#!/bin/ash
+  if [ -z "${1}" ]; then
+    set -- "named" \
+      -fg \
+      -c "/bind/etc/named.conf"  \
+      -u bind
+  fi
+
+  exec "$@"

rootfs/usr/local/bin/healthcheck.sh

@@ -0,0 +1,2 @@
+#!/bin/ash
+	dig . NS @localhost || exit 1