diff --git a/Dockerfile b/Dockerfile
index 47ee5fd7..2b0b78bb 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,23 +1,28 @@
-FROM golang:1.13-alpine AS builder
+FROM golang:1-alpine AS builder
 LABEL maintainer="joona@kuori.org"
 
 RUN apk add --update gcc musl-dev git
 
-ENV GOPATH /tmp/buildcache
-RUN git clone https://github.com/joohoi/acme-dns /tmp/acme-dns
+RUN git clone --depth=1 https://github.com/joohoi/acme-dns /tmp/acme-dns
+
+ENV GOPATH       /tmp/buildcache
+ENV CGO_ENABLED  1
 WORKDIR /tmp/acme-dns
-RUN CGO_ENABLED=1 go build
+RUN go build -ldflags="-extldflags=-static"
+
+# assemble the release ready to copy to the image.
+RUN mkdir -p /tmp/release/bin
+RUN mkdir -p /tmp/release/etc/acme-dns
+RUN mkdir -p /tmp/release/var/lib/acme-dns
+RUN cp /tmp/acme-dns/acme-dns /tmp/release/bin/acme-dns
+
 
-FROM alpine:latest
+FROM gcr.io/distroless/static
 
-WORKDIR /root/
-COPY --from=builder /tmp/acme-dns .
-RUN mkdir -p /etc/acme-dns
-RUN mkdir -p /var/lib/acme-dns
-RUN rm -rf ./config.cfg
-RUN apk --no-cache add ca-certificates && update-ca-certificates
+WORKDIR /
+COPY --from=builder /tmp/release .
 
 VOLUME ["/etc/acme-dns", "/var/lib/acme-dns"]
-ENTRYPOINT ["./acme-dns"]
+ENTRYPOINT ["/bin/acme-dns"]
 EXPOSE 53 80 443
 EXPOSE 53/udp