Install NetoDNS (container)

Installing NetoDNS is part of the steps to ingest Infoblox NIOS DNS Logs via NetoDNS syslog

Deployment Options

NetoDNS is available as a Docker-compatible container or a Linux software package.

To deploy the Linux software package, see: Install NetoDNS (Linux package)

Supported Platforms

Docker-compatible container built for linux/amd64hosted on Netography's public container registry

The container can be run on other platforms using Docker's cross-platform compatibility (e.g. to run it locally on a Mac with Apple silicon). However, this has a significant performance impact, so it is not recommended for production deployments.

⚖️ Selecting a deployment option
Netography recommends deploying the container for most customers. Containers provide isolation that ensures NetoDNS will operate properly and simplifies the deployment process. The software package is best suited for organizations with a standard Linux build that meets your internal security and compliance requirements.

Installing the NetoDNS Container

📘 Documentation is specific to Docker, but the container image is portable
For simplicity, all instructions in the NetoDNS documentation are specific to using Docker to pull and run the NetoDNS container. However, the container is portable across container orchestration systems. Follow the standard instructions for the container orchestration platform you are using to pull, configure, and execute in this case.

Container Image

The container image is hosted on Netography's public container registry.

For a specific version:

public.ecr.aws/netography/netodns:VERSION_NUMBER

For the most recently released version:

public.ecr.aws/netography/netodns:latest

To get a listing of the available versions (tags) for this container image, go to:

https://gallery.ecr.aws/netography/netodns

Step 1. Pull the container image (optional)

You don't need to pull the container image with docker pull unless you want to ensure it is downloaded or validate the container before running it.

For a production deployment, you should use a specific version instead of latest. This ensures consistency and stability, as latest may change over time, while a versioned image guarantees the same environment across deployments.

Step 2. Configure NetoDNS (optional)

You can run NetoDNS by setting configuration in environment variables.

Refer to Configure NetoDNS for details on configuration options.

2a. Create a Fusion API key

You will need to Create a Fusion API key in the Fusion Portal, using the neto_flowrole or another role with the Send NetoDNS permission. Copy the netosecret value provided when creating the key.

🚧 Using a secrets vault is the most secure approach for storing this secret.
For production deployments, you should store this value in a secrets vault and have it set the value to this environment variableNETO_NETOSECRET

2b. Create `netodns.env` environment file

You can run the following commands in a shell to create netodns.confand set this file to be used to load environment variables when running the netodns container. This is one method to set configuration in the environment.

tee netodns.env > /dev/null <<EOF
NETO_NETOSECRET=REPLACEME
NETO_DATASRC=infoblox-nios  
# NETO_PORT=514  
# NETO_INTERVAL=30  
# NETO_EXCLUDE_QUERIES=  
# NETO_EXCLUDE_QUERIES_RE=  
EOF

Environment variables mapping

The correct environment variable names to set for each configuration item is shown below. You can copy these values into a local filenetodns.env, or pass these environment variables directly to the container when running it.

NETO_NETOSECRET=REPLACEME
NETO_DATASRC=infoblox-nios  
NETO_PORT=514  
NETO_INTERVAL=30  
NETO_EXCLUDE_QUERIES=  
NETO_EXCLUDE_QUERIES_RE=

Step 3. Run the container

The following configuration options are commonly used when running the container with docker run:

-p 514:514 - This maps the default port netodns listens for syslog from your container to your host so you can direct syslog to the host IP.
-p 8080:8080 - This maps the default port netodns hosts the statistics API on for retrieving stats from netodns. If you do not need anyone outside your host to access these statistics, you can omit this.
-e NETO_NETOSECRET=$NETO_NETOSECRET - Assuming you have set the netosecret API secret on your host in the NETO_NETOSECRET environment variable, this will pass that value to the configuration setting it is read from by netodns.
--platform linux/amd64 - This can be used to run the container on non-x86 systems (eg to test it locally on a Mac with Apple silicon). Using platform emulation in Docker can significantly impact performance, so this is not recommended for production usage.
--name netodns- Gives the container a more easily accessible name. If you are initially configuring netodns, you need to remove the container using docker rm netodns after it exits before re-running it, or you can add the --rm argument to your docker run to have it automatically removed after it exits.
-e NETO_SECTION__KEY=value - Sets the environment variable to a value, for passing individual configuration settings to the container via environment variables.
--env-file netodns.env - Reads all the environment variables in the file netodns.env and sets them in the container.

`docker run` example: default configuration, pass secret from host `NETO_NETOSECRET` environment variable

docker run --pull=always --rm -e NETO_NETOSECRET="$NETO_NETOSECRET" \
  -p 514:514 -p 8080:8080 --name netodns --platform linux/amd64 \
  public.ecr.aws/netography/netodns:latest

`docker run` example: all configuration is set in `netodns.env` in your local directory

docker run \
  --pull=always --rm  -p 514:514 -p 8080:8080 \
  --platform linux/amd64 --name netodns --env-file netodns.env \
  public.ecr.aws/netography/netodns:latest

PreviousConfigure NetoDNS NextInstall NetoDNS (Linux package)

Last updated 3 days ago

Good afternoon