diff --git a/dnclient/Dockerfile b/dnclient/Dockerfile
index f874e68..762aa62 100644
--- a/dnclient/Dockerfile
+++ b/dnclient/Dockerfile
@@ -1,6 +1,12 @@
 ARG BUILD_FROM=definednet/dnclient:latest
-FROM ${BUILD_FROM}
 
+# Extract dnclient binary from official image (avoids inheriting its VOLUME)
+FROM ${BUILD_FROM} AS source
+
+FROM alpine:3.21
+RUN apk add --no-cache iptables ip6tables ca-certificates
+
+COPY --from=source /usr/bin/dnclient /usr/bin/dnclient
 COPY run.sh /
 RUN chmod a+x /run.sh
 
diff --git a/dnclient/run.sh b/dnclient/run.sh
index 890ac92..7e0554e 100644
--- a/dnclient/run.sh
+++ b/dnclient/run.sh
@@ -2,35 +2,19 @@
 set -e
 
 PERSIST_DIR="/data/defined"
-SYSTEM_DIR="/etc/defined"
 
-# Ensure persistent directory exists
+# Ensure persistent directory exists and symlink /etc/defined to it
 mkdir -p "${PERSIST_DIR}"
-
-# Restore persisted config if it exists
-if [ -f "${PERSIST_DIR}/config.yml" ]; then
-    cp -a "${PERSIST_DIR}/." "${SYSTEM_DIR}/"
-    echo "Restored persisted dnclient config."
-fi
+ln -sfn "${PERSIST_DIR}" /etc/defined
 
 # Read enrollment code from HA options
 ENROLLMENT_CODE="$(cat /data/options.json | sed -n 's/.*"enrollment_code" *: *"\([^"]*\)".*/\1/p')"
 
 # Only set enrollment code if non-empty and host is not already enrolled
-if [ -n "${ENROLLMENT_CODE}" ] && [ ! -f "${SYSTEM_DIR}/config.yml" ]; then
+if [ -n "${ENROLLMENT_CODE}" ] && [ ! -f "${PERSIST_DIR}/config.yml" ]; then
     export DN_ENROLLMENT_CODE="${ENROLLMENT_CODE}"
     echo "Enrolling host with provided enrollment code..."
 fi
 
-# Persist config on shutdown
-trap 'echo "Persisting config..."; cp -a "${SYSTEM_DIR}/." "${PERSIST_DIR}/"; exit 0' TERM INT
-
 echo "Starting dnclient..."
-dnclient &
-DNCLIENT_PID=$!
-
-# Wait a moment for enrollment to complete, then persist
-sleep 5
-cp -a "${SYSTEM_DIR}/." "${PERSIST_DIR}/" 2>/dev/null || true
-
-wait ${DNCLIENT_PID}
+exec dnclient