Comment 2 for bug 1955680

Hi Timothy, Nicholas, and anyone else affected,

While working on reproducing this, I noticed 2 issues with our current image:

- Our tests were not trying to verify if bind was indeed listening on port 53. I proposed a fix in https://github.com/canonical/server-test-scripts/pull/145.

- The Dockerfile for the image, which IMHO also server as documentation for the image, only exposes port 53 for TCP. Bind needs it to be exposed for UDP as well.

Then, I tried reproducing the issue with the following steps, from a fresh Ubuntu 20.04 install:

# apt update
# apt install -y docker.io
# docker pull docker.io/ubuntu/bind9:latest
# docker run -d --rm -p 5053:53/udp -p 5053:53/tcp docker.io/ubuntu/bind9:latest
# dig @127.0.0.1 -p 5053 ubuntu.com > /dev/null && echo PASSED || echo FAILED

Which outputs the expected result.

I also tried the minimal configuration file provided in this bug report:

# cat <<EOF > named.conf
options {
        directory "/var/cache/bind";

        forwarders {
                8.8.8.8;
                8.8.4.4;
        };

        dnssec-validation auto;

        // Configure the IPs to listen on here.
        listen-on { any; };
        listen-on-v6 { none; };

        // If you want to allow only specific hosts to use the DNS server:
        allow-query { any; };

};
EOF

# docker run --rm -it -p 5053:53/udp -p 5053:53/tcp -v ${PWD}/named.conf:/etc/bind/named.conf docker.io/ubuntu/bind9:latest

# dig @127.0.0.1 -p 5053 ubuntu.com > /dev/null && echo PASSED || echo FAILED

Which also did output the expected results.

Would you mind sharing the version of docker.io you are using and whether it is the deb package available in Ubuntu archives, the snap, or from any other sources?