Deployment Options

nx9-dns-server supports multiple deployment methods to fit your infrastructure needs. This page covers both traditional and containerized deployment options.

Traditional Deployment

Traditional deployment involves running nx9-dns-server directly on a host system, typically managed by systemd.

Prerequisites

Linux system with systemd
Appropriate permissions for binding to port 53 (DNS)
SQLite database access

Step-by-Step Deployment

Prepare the Directory Structure

bash sudo mkdir -p /var/nx9-dns-server sudo mkdir -p /var/log/nx9-dns-server sudo useradd -r -s /sbin/nologin dnsuser sudo chown -R dnsuser:dnsuser /var/nx9-dns-server /var/log/nx9-dns-server

Copy the Binary and Configuration Files

bash sudo cp target/release/dns_server /var/nx9-dns-server/ sudo cp conf/dns_records.sql /var/nx9-dns-server/ sudo cp scripts/preprocess-key.sh /var/nx9-dns-server/ sudo cp scripts/soa-update.sh /var/nx9-dns-server/ sudo chmod +x /var/nx9-dns-server/*.sh

Prepare the DNS Database

bash sudo sqlite3 /var/nx9-dns-server/dns.db < /var/nx9-dns-server/dns_records.sql sudo chown dnsuser:dnsuser /var/nx9-dns-server/dns.db

Create a Systemd Service File

Create /etc/systemd/system/dns-server.service:

```ini [Unit] Description=nx9 DNS Server After=network.target

[Service] Type=simple User=dnsuser Group=dnsuser WorkingDirectory=/var/nx9-dns-server ExecStart=/var/nx9-dns-server/dns_server Restart=on-failure RestartSec=5 LimitNOFILE=65536

# Environment variables Environment="DNS_BIND=0.0.0.0:53" Environment="DNS_DB_PATH=/var/nx9-dns-server/dns.db" Environment="DNSSEC_KEY_FILE=/var/nx9-dns-server/Kanydomain.tld.key" Environment="DNS_FORWARDERS=8.8.8.8:53,1.1.1.1:53" Environment="DNS_NS_RECORDS=ns1.anydomain.tld.,ns2.anydomain.tld." Environment="RUST_LOG=info"

# Security NoNewPrivileges=yes PrivateTmp=yes ProtectSystem=full ProtectHome=yes ReadWritePaths=/var/nx9-dns-server /var/log/nx9-dns-server CapabilityBoundingSet=CAP_NET_BIND_SERVICE AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install] WantedBy=multi-user.target ```

Enable and Start the Service

bash sudo systemctl daemon-reload sudo systemctl enable dns-server.service sudo systemctl start dns-server.service

Check Service Status

bash sudo systemctl status dns-server.service journalctl -u dns-server.service

Automated Deployment Script

For convenience, use the provided deploy.sh script:

```bash

!/bin/bash

set -e

SRC_BIN="/home/youruser/apps/your-ddns/dns_server" DEST_DIR="/var/nx9-dns-server" DEST_BIN="$DEST_DIR/dns_server" PREPROCESS_SCRIPT="$DEST_DIR/preprocess-key.sh" SOA_UPDATE_SCRIPT="$DEST_DIR/soa-update.sh"

echo "🔐 Fixing permissions and running preprocess..." sudo chmod +x "$PREPROCESS_SCRIPT" sudo -u dnsuser "$PREPROCESS_SCRIPT"

echo "🛠 Updating SOA record..." sudo chown dnsuser:dnsuser "$SOA_UPDATE_SCRIPT" sudo chmod +x "$SOA_UPDATE_SCRIPT" sudo -u dnsuser "$SOA_UPDATE_SCRIPT"

echo "📄 Verifying processed.key content..." sudo cat "$DEST_DIR/processed.key"

echo "🛑 Stopping DNS server..." sudo systemctl stop dns-server.service

echo "📦 Deploying new dns_server binary..." sudo cp "$SRC_BIN" "$DEST_BIN" sudo chown dnsuser:dnsuser "$DEST_DIR"

echo "🔁 Reloading systemd and restarting service..." sudo systemctl daemon-reload sudo systemctl restart dns-server.service

echo "📈 Checking service status..." sudo systemctl status dns-server.service ```

Docker Deployment

Docker deployment offers a containerized approach with minimal host system requirements.

Prerequisites

Docker Engine
Docker Compose (optional, for more complex deployments)

Basic Docker Deployment

Build the Docker Image

```bash # Clone the repository git clone https://github.com/thakares/nx9-dns-server.git cd nx9-dns-server

# Build the Docker image docker build -t nx9-dns-server:latest . ```

Run the Container

```bash # Create directories for persistent data mkdir -p ./data ./keys ./logs

# Run with basic configuration docker run -d --name nx9-dns \ -p 53:53/udp -p 53:53/tcp \ -p 8080:8080 -p 8081:8081 \ -v $(pwd)/data/dns.db:/var/nx9-dns-server/dns.db \ -v $(pwd)/keys:/etc/nx9-dns-server/keys \ -v $(pwd)/logs:/