diff --git a/docker.bind.service b/docker.bind.service
new file mode 100644
index 0000000..4be0d59
--- /dev/null
+++ b/docker.bind.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=BIND9 Container
+After=docker.service
+Requires=docker.service
+
+[Service]
+TimeoutStartSec=0
+Restart=always
+ExecStartPre=-/usr/bin/docker stop bind9
+ExecStartPre=-/usr/bin/docker rm bind9
+# note: this container is actually provding DNS service, so when that is missing, the pull fails.
+# ExecStartPre=/usr/bin/docker pull docker.io/internetsystemsconsortium/bind9:9.18
+ExecStart=/etc/bind/run_bind_container.sh
+
+[Install]
+WantedBy=multi-user.target
diff --git a/run_bind_podman_mac.sh b/run_bind_podman_mac.sh
new file mode 100755
index 0000000..db7c9cc
--- /dev/null
+++ b/run_bind_podman_mac.sh
@@ -0,0 +1,19 @@
+#! /bin/bash
+
+BASE_CONF_DIR=/Users/davidb/src/docker_bind
+: "${DNS_PORT:=1053}"
+: "${RNDC_PORT:=1953}"
+CMD="/usr/sbin/named -f -4 -u davidb"
+[ "$1" = "interactive" ] && ARGS="-ti --entrypoint=/bin/bash" && CMD=""
+podman run $ARGS \
+    --rm \
+    --arch=amd64 \
+    --name=bind9 \
+    --publish $RNDC_PORT:953/tcp \
+    --publish $DNS_PORT:53/udp \
+    --publish $DNS_PORT:53/tcp \
+    -v $BASE_CONF_DIR/cfg:/etc/bind \
+    -v $BASE_CONF_DIR/cache:/var/cache/bind \
+    -v $BASE_CONF_DIR/zones:/var/lib/bind \
+    -v $BASE_CONF_DIR/log:/var/log \
+    localhost/blacka/bind9:9.18 $CMD
diff --git a/setup_docker.sh b/setup_docker.sh
new file mode 100755
index 0000000..a0bb5ec
--- /dev/null
+++ b/setup_docker.sh
@@ -0,0 +1,31 @@
+#! /bin/bash
+
+set -e
+
+# NOTE: groupadd and useradd require root.
+[ "$EUID" -ne 0 ] &&  echo "Must be run by root" && exit 1
+
+IMAGE="docker.io/internetsystemsconsortium/bind9:9.18"
+
+# determine current uid and gid
+uidgid=$(docker run --rm --entrypoint=/bin/sh "$IMAGE" -c "/usr/bin/id -u bind; /usr/bin/id -g bind")
+read -d '' -r uid gid <<< "$uidgid" || :
+
+# create the group and user
+id -g bind >/dev/null 2>&1 || groupadd -f -g "$gid" bind
+id -u bind >/dev/null 2>&1 || useradd -u "$uid" -g "$gid" -M --no-log-init bind
+
+# create our main directory setup
+install -d -o bind -g bind -m 0755 /etc/bind/cfg /etc/bind/cache /etc/bind/zones /etc/bind/log/named
+# copy over our config and data without overwriting anything, hopefully.
+for d in cfg cache zones; do
+    rsync -av --chown bind:bind --ignore-existing ./$d/ /etc/bind/$d/
+done
+
+if [ -f docker.named.service ]; then
+    install -m 0644 docker.named.service /etc/systemd/system/docker.named.service
+fi
+
+systemctl try-restart docker.named.service
+
+exit 0