Running Docker inside Docker lets you build images and start containers within an already containerized environment.

If your use case means you absolutely require dind, there is a safer way to deploy it. The modern Sysbox project is a dedicated container runtime that can nest other runtimes without using privileged mode. Sysbox containers become VM-like so they're able to support software that's usually run bare-metal on a physical or virtual machine. This includes Docker and Kubernetes without any special configuration.

Bind mounting your host's daemon socket is safer, more flexible, and just as feature-complete as starting a dind container.

Docker-in-Docker via dind has historically been widely used in CI environments. It means the "inner" containers have a layer of isolation from the host. A single CI runner container supports every pipeline container without polluting the host's Docker daemon.

While it often works, this is fraught with side effects and not the intended use case for dind. It was added to ease the development of Docker itself, not provide end user support for nested Docker installations.

but we think that it’s simpler, as well as easier to write and to maintain, to go with the single actor model of Docker.

Docker eventually sold out to (I believe) Bell and the professors did just fine.