failed VM relied upon Subversion for updating configuration and zone files.
In the containerized world, you'd run Subversion on the container
build host, which would do an "svn up" to pull fresh zone files, then build a container against them.
Each time you update the zone files, there are two major paths depending on where you stored those zone files on the container runner:
- You baked the zone files into the container itself as Amm0 recommended above, requiring you to rebuild and redeploy that container.
- You mounted a volume into the container as I recommended, so you merely need to scp the new zone files to that volume and restart the container to get it to see the new data.
In neither case do you need sshd inside the container. Under the first plan, the zone files get uploaded to the router along with a fresh copy of BIND when either one changes. In the second plan, it's RouterOS running the SSH server that receives the scp'd zone files when they change, since it is the host for the volume mounted into the container.
for hAP ax3 the plan is slave those zones so updating zone files becomes fully automated.
Yes. Ship the container with a minimal configuration that merely knows how to talk to the primary DNS servers to pull its data, then keep it up to date. It will store its cached copy inside the container, which is perfectly fine in this case. You don't need volumes for this. If you have to burn down the container and redeploy, it will simply pull the zone again and re-cache it.
No need at all for svn or sshd.
since by then, you may want to update BIND as well.
The image APT package manager will be useful keeping BIND 9 current.
That's VM thinking. The containerized way is to rebuild and redeploy the container to upgrade the software inside.
For something super-common like BIND, you shouldn't even be building your own containers. Simply find one that's well-maintained and compact, then inject your own local configuration on each redeployment.
I haven't gone looking, but I'd be surprised if you can't find one that fits on the internal flash. You should still put it on a USB stick since that's far easier to replace in case of chip failure, but you shouldn't need more than tens of megs here. If you're measuring a BIND container in gigs, you've done something highly suboptimal.