diff --git a/Dockerfile-kaniko b/Dockerfile-kaniko
deleted file mode 100644
index 7a2941c..0000000
--- a/Dockerfile-kaniko
+++ /dev/null
@@ -1,20 +0,0 @@
-FROM alpine:3.11
-
-ENV DOCKER_CONFIG='/kaniko/.docker'
-ENV GOOGLE_APPLICATION_CREDENTIALS='/kaniko/.docker/config.json'
-ENV PATH=/kaniko:$PATH
-ENV SSL_CERT_DIR=/kaniko/ssl/certs
-
-RUN apk --no-cache add \
-      bash \
-      git \
-      grep \
-      openssh-client \
-      perl \
-      rsync \
-      sed \
-      tree
-
-COPY --from=gcr.io/kaniko-project/executor /kaniko /kaniko
-
-ENTRYPOINT ["/kaniko/executor"]
diff --git a/README.md b/README.md
index e4b2656..a306714 100644
--- a/README.md
+++ b/README.md
@@ -243,3 +243,37 @@ For example, if the base image you use upgrades the compiler, the compiled outpu
 will likely change.
 
 
+## Custom Kaniko Image for PDNS Builder
+
+https://hub.docker.com/repository/docker/powerdns/kaniko-pdns-builder/
+
+A custom Kaniko image for PDNS Builder, because the official Kaniko debug image only offers Busybox and the PDNS Builder also needs Bash, Git, Perl, rsync and perhaps more.
+
+### Deprecation Warning
+
+Eventually we want to get rid of Kaniko in our build systems, so do not depend too hard on this image.
+
+### Building
+
+- `docker build -f Dockerfile-kaniko-pdns-builder -t powerdns/kaniko-pdns-builder:1.0.0 .`
+
+### Distributing
+
+- `docker tag powerdns/kaniko-pdns-builder:1.0.0 powerdns/kaniko-pdns-builder:latest`
+- `docker push powerdns/kaniko-pdns-builder:1.0.0`
+- `docker push powerdns/kaniko-pdns-builder:latest`
+
+### Running
+
+- `docker run -it --entrypoint warmer powerdns/kaniko-pdns-builder:1.0.0 bash`
+- `docker run -it powerdns/kaniko-pdns-builder:1.0.0`
+
+### Resources
+
+From:
+
+- https://github.com/GoogleContainerTools/kaniko/blob/main/deploy/Dockerfile
+- https://hub.docker.com/r/pernodricard/kaniko-alpine/dockerfile
+- https://stackoverflow.com/a/69251129
+
+- `curl --silent https://gcr.io/v2/kaniko-project/executor/tags/list | jq .`
diff --git a/docker/Dockerfile-kaniko-pdns-builder b/docker/Dockerfile-kaniko-pdns-builder
new file mode 100644
index 0000000..4af2625
--- /dev/null
+++ b/docker/Dockerfile-kaniko-pdns-builder
@@ -0,0 +1,20 @@
+FROM gcr.io/kaniko-project/executor:v1.12.0-debug AS kaniko
+
+# XXX 3.11 is EOL since 2021, update to 3.18
+FROM alpine:3.11
+
+RUN apk --no-cache add bash binutils coreutils git grep openssh-client perl rsync sed tree
+
+COPY --from=kaniko /kaniko /kaniko
+COPY --from=kaniko /etc/nsswitch.conf /etc/nsswitch.conf
+COPY --from=busybox:musl /bin /busybox
+
+ENV HOME /root
+ENV USER root
+ENV PATH $PATH:/kaniko:/busybox
+ENV SSL_CERT_DIR /kaniko/ssl/certs
+ENV DOCKER_CONFIG /kaniko/.docker/
+ENV DOCKER_CREDENTIAL_GCR_CONFIG /kaniko/.config/gcloud/docker_credential_gcr_config.json
+ENV GOOGLE_APPLICATION_CREDENTIALS='/kaniko/.docker/config.json'
+
+ENTRYPOINT ["/kaniko/executor"]