Updated Unbound to version `1.22.0` and improved Docker setup

CHANGELOG.md

@@ -3,6 +3,12 @@ All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
 
+## [1.22.0]
+- Updated Unbound to version `1.22.0`
+- Fixed configuration for local healthcheck record
+- Added `bootstrap-image.sh` to clean up the `Dockerfile`
+- Moved the entrypoint definition inline within the `Dockerfile`
+
 ## [1.21.0]
 - Updated Unbound to version `1.21.0`
 

Dockerfile

@@ -1,29 +1,11 @@
 FROM alpine:3.15.5
+ARG UNBOUND_VERSION=1.22.0
 
-ARG UNBOUND_VERSION=1.21.0
+COPY bootstrap-image.sh /tmp/
+RUN sh /tmp/bootstrap-image.sh -x && rm -rf /tmp/*
 
-# Install dependencies and build unbound, clean up after
-RUN apk --update add --no-cache alpine-sdk bison dns-root-hints expat-dev flex git openssl-dev && \
-    # Clone at given tag and build Unbound from source (https://github.com/NLnetLabs/unbound)
-    git clone --depth 1 --branch "release-${UNBOUND_VERSION}" https://github.com/NLnetLabs/unbound.git /tmp/unbound && \
-    cd /tmp/unbound && \
-    ./configure && \
-    make && \
-    make install && \
-    # Clean up build dependencies
-    make clean && \
-    cd /srv && \
-    rm -rf /tmp/* && \
-    apk del alpine-sdk bison expat-dev flex git openssl-dev
-
-# Prepare image
-COPY entrypoint.sh /srv/
 COPY healthcheck.sh /srv/
-
-# Prepare unbound
-RUN addgroup -S unbound && adduser -S -G unbound unbound
-RUN mkdir -p /srv/unbound/conf
 COPY unbound.conf /srv/unbound/unbound.conf
 
-HEALTHCHECK --interval=10s --timeout=1s --retries=1 CMD sh /srv/healthcheck.sh
-ENTRYPOINT ["sh", "/srv/entrypoint.sh"]
+HEALTHCHECK --interval=10s --timeout=1s --retries=1 CMD ["sh", "/srv/healthcheck.sh"]
+ENTRYPOINT ["sh", "-c", "unbound -V && unbound -c /srv/unbound/unbound.conf -d"]

README.md

@@ -6,4 +6,4 @@ When starting a container, `cap_add` `NET_ADMIN` might be needed to allow the in
 
 Options:
 - Add additional config files to the `/srv/unbound/conf` container directory
-- Override the default config by mounting a `/srv/unbound/unbound.conf` file
+- Override the default config by mounting a `/srv/unbound/unbound.conf` file

bootstrap-image.sh

@@ -0,0 +1,30 @@
+#!/bin/sh
+
+set -e
+
+# Refuse to run without -x
+if [ "$1" != "-x" ]; then
+  exit 1
+fi
+
+# Upgrade packages & install dependencies
+apk --no-cache update && apk --no-cache upgrade
+apk --no-cache add alpine-sdk bison dns-root-hints expat-dev flex git openssl-dev
+
+# Clone Unbound source at given tag
+git clone --depth 1 --branch "release-${UNBOUND_VERSION}" https://github.com/NLnetLabs/unbound.git /tmp/unbound
+cd /tmp/unbound
+
+# Build Unbound
+sh configure
+make
+make install
+
+# Clean up dependencies
+make clean
+apk --purge del -r alpine-sdk bison expat-dev flex git openssl-dev
+
+# Prepare Unbound
+addgroup -S unbound
+adduser -S -G unbound unbound
+mkdir -p /srv/unbound/conf

entrypoint.sh

@@ -1,5 +0,0 @@
-#!/bin/sh
-
-echo 'Starting unbound...'
-unbound -V
-unbound -c /srv/unbound/unbound.conf -d

unbound.conf

@@ -59,5 +59,5 @@ server:
     access-control: 0.0.0.0/0 allow
 
     # Record used for container healthcheck
-    local-zone: "healthrecord.unbound" nodefault
+    local-zone: "healthcheck.unbound" nodefault
     local-data: "healthcheck.unbound. A 127.0.0.1"