services:
  technitium:
    image: technitium/dns-server:latest
    container_name: dns01
    hostname: dns01
    mem_limit: 2g
    cpu_shares: 768
    security_opt:
      - no-new-privileges:true
    ports:
      - "53:53/udp"
      - "53:53/tcp"
      - "5380:5380/tcp"   # HTTP console
      - "53443:53443/tcp" # HTTPS console
      # DNS over TLS, HTTPS, QUIC
      #  - "853:853/udp"    # DNS-over-QUIC
      #  - "853:853/tcp"    # DNS-over-TLS
      #  - "443:443/udp"    # DNS-over-HTTPS (HTTP/3)
      #  - "443:443/tcp"    # DNS-over-HTTPS
      #  - "80:80/tcp"      # DNS-over-HTTP
      #  - "8053:8053/tcp"  # DNS-over-HTTPS (alt port)
      # DHCP
      #  - "67:67/udp"      # DHCP
    volumes:
      - /volume1/docker/technitium/config:/etc/dns:rw
    environment:
      - DNS_SERVER_DOMAIN=dns01.dns-cluster.internal
      - DNS_SERVER_ADMIN_PASSWORD=admin
      - DNS_SERVER_WEB_SERVICE_ENABLE_HTTPS=true
      - DNS_SERVER_WEB_SERVICE_HTTPS_PORT=53443
      - DNS_SERVER_WEB_SERVICE_USE_SELF_SIGNED_CERT=true
      - TZ=America/Los_Angeles
    sysctls:
      - net.ipv4.ip_local_port_range=1024 65535
    restart: unless-stopped