docker
/
unbound
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 4 Activity

Cleanup

pull/1/head
Gertjan Krol 2022-01-23 22:59:17 +01:00
parent 954f05043b
commit 9eda05afec
3 changed files with 16 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
Dockerfile
View File

@ -1,7 +1,7 @@
FROM alpine:3.15.0 FROM alpine:3.15.0
# Install required dependencies and build unbound (and install bind-tools for dig in healthcheck) # Install required dependencies and build unbound (and install bind-tools for dig in healthcheck), clean up after
RUN apk --update add --no-cache alpine-sdk bind-tools expat-dev git openssl-dev && \ RUN apk --update add --no-cache alpine-sdk bind-tools dns-root-hints expat-dev git openssl-dev && \
# Clone and build unbound source (https://github.com/NLnetLabs/unbound) # Clone and build unbound source (https://github.com/NLnetLabs/unbound)
git clone --depth 1 --branch 'release-1.14.0' https://github.com/NLnetLabs/unbound.git /tmp/unbound && \ git clone --depth 1 --branch 'release-1.14.0' https://github.com/NLnetLabs/unbound.git /tmp/unbound && \
cd /tmp/unbound && \ cd /tmp/unbound && \
@ -13,16 +13,12 @@ RUN apk --update add --no-cache alpine-sdk bind-tools expat-dev git openssl-dev
rm -rf /tmp/* && \ rm -rf /tmp/* && \
apk del alpine-sdk expat-dev git openssl-dev apk del alpine-sdk expat-dev git openssl-dev
# Prepare unbound files # Prepare image
COPY entrypoint.sh / COPY entrypoint.sh /
RUN mkdir -p /srv/unbound RUN addgroup -S unbound
RUN adduser -S -G unbound unbound
RUN mkdir -p /srv/unbound/conf
COPY unbound.conf /srv/unbound/unbound.conf COPY unbound.conf /srv/unbound/unbound.conf
# Prepare HEALTHCHECK --interval=60s --timeout=3s --retries=2 CMD dig ns1.gkcld.net @127.0.0.1 +dnssec || exit 1
RUN adduser -S unbound --disabled-password
# Health
HEALTHCHECK --interval=60s --timeout=3s --retries=2 \
CMD dig ns1.gkcld.net @127.0.0.1 +dnssec || exit 1
ENTRYPOINT ["sh", "/entrypoint.sh"] ENTRYPOINT ["sh", "/entrypoint.sh"]

6
README.md
View File

@ -1,3 +1,9 @@
# A recursive, caching DNS resolver with some optimizations # A recursive, caching DNS resolver with some optimizations
Needs to run with `--privileged` to allow increased cache size Needs to run with `--privileged` to allow increased cache size
Pull a new version of the image every 3-6 months to keep the provided root hints up to date
Options:
- Add additional config files to the `/srv/unbound/conf` container directory
- Override the default config by mounting a `/srv/unbound/unbound.conf` file

6
unbound.conf
View File

@ -1,4 +1,6 @@
# https://docs.pi-hole.net/guides/dns/unbound/#configure-unbound # https://docs.pi-hole.net/guides/dns/unbound/#configure-unbound
include: /srv/unbound/conf/*.conf
server: server:
# If no logfile is specified, syslog is used # If no logfile is specified, syslog is used
#logfile: "/var/log/unbound/unbound.log" #logfile: "/var/log/unbound/unbound.log"
@ -15,10 +17,6 @@ server:
# Terredo tunnels your web browser should favor IPv4 for the same reasons # Terredo tunnels your web browser should favor IPv4 for the same reasons
prefer-ip6: no prefer-ip6: no
# Use this when you want to maually add/update the root.hints file
# Otherwise, the hints included in the unbound package at the time the image was built will be used
#root-hints: "/var/lib/unbound/root.hints"
# Trust glue only if it is within the server's authority # Trust glue only if it is within the server's authority
harden-glue: yes harden-glue: yes