usulnet v26.2.7: Open-Source Docker Infrastructure with Embedded DNS and WireGuard

usulnet v26.2.7 — open-source Docker infrastructure platform

usulnet v26.2.7 is a self-hosted Docker infrastructure platform that consolidates orchestration, security, and networking into a single Go-based binary. This release represents its largest update to date, delivering 11 new features and 17 critical bug fixes.

Why This Matters

Modern infrastructure often suffers from tooling sprawl, requiring separate installations for DNS, VPNs, firewalls, and monitoring. usulnet addresses this technical reality by providing a unified binary that eliminates external dependencies and vendor lock-in, significantly reducing the operational overhead of managing multi-node Docker environments. By standardizing on a single Nginx backend and removing 6,000 lines of redundant code, the platform prioritizes architectural simplicity over the maintenance of multiple proxy abstractions.

Key Insights

• Embedded authoritative DNS server powered by miekg/dns (the library behind CoreDNS) supports 10 record types with AES-256-GCM encrypted TSIG keys.
• DNS Service Discovery automatically registers running containers as A and SRV records via Docker event stream callbacks for real-time name resolution.
• Integrated WireGuard VPN management allows for interface creation and peer configuration directly via the web UI, including QR code generation for clients.
• Backup integrity is guaranteed through automated verification methods including container mounting and database restoration to temporary instances.
• Security architecture includes Trivy-based CVE scanning, RBAC with 46 granular permissions, and CIS Docker Benchmark compliance reporting.

Working Examples

Configuration for the new embedded DNS and service discovery module.

dns:
  enabled: true
  listen_addr: ":53"
  service_discovery:
    enabled: true
    domain: "containers.local"
    create_srv: true

Standard one-liner deployment script for usulnet infrastructure.

curl -fsSL https://raw.githubusercontent.com/fr4nsys/usulnet/main/deploy/install.sh | sudo bash

Practical Applications

• Use Case: Automating service discovery in Docker environments using the containers.local domain to resolve container IPs via SRV records. Pitfall: Relying on manual DNS entries instead of event-driven reconciliation leads to stale records when containers fail.
• Use Case: Visualizing complex network architectures using the D3.js force-directed topology graph to identify bridge vs. overlay network bottlenecks. Pitfall: Misconfiguring iptables without a visual manager often results in orphaned rules in the DOCKER-USER chain.
• Use Case: Implementing SSL Labs-style monitoring via the SSL Observatory to track certificate expiration and cipher suite health across all endpoints. Pitfall: Ignoring OCSP stapling and HSTS configurations can lower security grades despite valid certificates.

References:

• https://github.com/fr4nsys/usulnet
• https://usulnet.com
• https://docs.usulnet.com