I am going to use deSEC as dns provider with docker-compose but I have some questions


I have some questions about the setup since this is not completely clear to me in terms of the environment:

  • What /16 net do you want to have in this var DESECSTACK_IPV4_REAR_PREFIX16? The starting part of the IP of my server or the inner-server docker-ip-range?

  • Should I create those domains as subdomains of my own for DESECSTACK_NS?

  • Can I freely choose the port for DESECSTACK_PORT_XFR

Those are not clear for me to begin with.

Maybe somebody here knows an answer or can provide a working example of the env-file with docker-compose (especially for the ipv4 part).

Thank you

Hi przla,

Thanks for your question, and welcome to deSEC! :slight_smile:

That’s the Docker-internal range (“rear network”). I use 172.16, and it should also work fine for you, unless you use that subnet for something else.

That variable is the default set of NS records. We use ns1.desec.io ns2.desec.org.

Yes. In certain testing environments (where you don’t have root permission), you may have to use a value above 1024, like 1053. – This value is the port number where secondary servers can do AXFR zone transfers. If you don’t use that feature, the port number does not really matter (but you need to specify one).

Stay secure,