version: "3.2"

services:
  coredns:
    image: coredns/coredns
    command: -conf /data/Corefile
    ports:
      - "53:53/udp"
      - "53:53/tcp"
      - "9153:9153/tcp"
    volumes:
      - coredns:/data:ro
    cap_drop:
      - ALL
    cap_add:
      - NET_BIND_SERVICE
    read_only: true
    deploy:
      mode: global
      placement:
        constraints:
          - "node.labels.iface != extern"
      restart_policy:
        condition: on-failure

volumes:
  coredns:
    external: true