Re: Deleting a key
The DS for the new key is only rumored. I believe you want a `rndc dnssec -checkds -key 48266 published` and maybe another to withdraw the 50277 key. Peter -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Updated Docker images (9.18, 9.20, 9.21) - now based on Alpine Linux
For what it's worth this is how we build our dockers, with a builder and then the runner. IMO it's cleaner that way and not much more complicated. We'll continue to roll our own though so no real dog in this fight. Peter On Tue, Aug 27, 2024 at 1:28 PM Ondřej Surý wrote: > > > On 27. 8. 2024, at 18:57, Marc wrote: > > > > Afaik apk del \ does not free up space still. > > Right. That was not really my intention though. I wanted to reduce > the amount of cruft installed in the image. The less binary stuff > around, the less possible attack surface. > > But apk --no-cache should work I guess. > > > If you work with builder phase, you can probably shave of some MB's > > > I think that's too complicated to use two phases, but I think the next update > should reduce the image size a little bit. It was ~170 MB before and the > reduced (compressed) size is 130 MB. > > But I get it - the base alpine:latest is only 3 MB, that's quite a difference. > > Ondrej > -- > Ondřej Surý (He/Him) > ond...@isc.org > > My working hours and your working hours may be different. Please do not feel > obligated to reply outside your normal working hours. > > > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Updated Docker images (9.18, 9.20, 9.21) - now based on Alpine Linux
> Having said that, I wonder if people have some preference or even policy > which mandates specific base image? Yes. We're using a certified ubi8-minimal image for the finalized docker by mandate and a bit of preference. Base image is 90M deployed with BIND 9.18.29 is 258M (uncompressed). In this case we use Rockylinux as the builder and copy it over to ubi8 for the final image. To me this is less about the size and more about cleanliness. Rather than making sure everything is removed we just start fresh and only install / copy what we need. I don't think it's a significant effort to do what we are doing and happy to contribute but just to note we have no objections to how ISC is doing it and appreciate that these are being produced. I use them anytime my custom ones are not available. Peter > > Alpine is popular for small images, but is it good enough in "one size > fits all" sense? > > -- > Petr Špaček > Internet Systems Consortium > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
