docker
/
unbound
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 4 Activity

- Updated Unbound to version `1.16.2` 

- Added local healthcheck record and new healthcheck script
pull/1/head
Gertjan Krol 2022-08-09 20:36:54 +02:00
parent 7dcb50370f
commit b9902b8c94
5 changed files with 27 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Dockerfile
View File

@ -1,9 +1,9 @@
FROM alpine:3.15.5
ARG UNBOUND_VERSION=1.16.1
ARG UNBOUND_VERSION=1.16.2
# Install dependencies and build unbound (and install bind-tools for dig in healthcheck), clean up after
RUN apk --update add --no-cache alpine-sdk bind-tools dns-root-hints expat-dev git openssl-dev && \
# Install dependencies and build unbound, clean up after
RUN apk --update add --no-cache alpine-sdk dns-root-hints expat-dev git openssl-dev && \
# Clone tag and build unbound source (https://github.com/NLnetLabs/unbound)
git clone --depth 1 --branch "release-${UNBOUND_VERSION}" https://github.com/NLnetLabs/unbound.git /tmp/unbound && \
cd /tmp/unbound && \
@ -17,10 +17,13 @@ RUN apk --update add --no-cache alpine-sdk bind-tools dns-root-hints expat-dev g
# Prepare image
COPY entrypoint.sh /
COPY healthcheck.sh /srv/
## Prepare unbound
RUN addgroup -S unbound
RUN adduser -S -G unbound unbound
RUN mkdir -p /srv/unbound/conf
COPY unbound.conf /srv/unbound/unbound.conf
HEALTHCHECK --interval=60s --timeout=3s --retries=2 CMD dig ns1.gkcld.net @127.0.0.1 +dnssec || exit 1
HEALTHCHECK --interval=30s --timeout=2s --retries=1 CMD sh /srv/healthcheck.sh
ENTRYPOINT ["sh", "/entrypoint.sh"]

4
changelog.md
View File

@ -3,6 +3,10 @@ All notable changes to this project will be documented in this file.
## [Unreleased]
## [1.16.2]
- Updated Unbound to version `1.16.2`
- Added local healthcheck record and new healthcheck script
## [1.16.1]
- Updated Unbound to version `1.16.1`

2
entrypoint.sh
View File

@ -1,4 +1,4 @@
#!/bin/bash
#!/bin/sh
echo 'Starting unbound...'
unbound -V

12
healthcheck.sh Normal file
View File

@ -0,0 +1,12 @@
#!/bin/sh
HEALTHCHECK_RECORD=healthcheck-record.gkcld
EXPECTED_VALUE=10.10.10.10
RESOLVED_IP=$(nslookup "${HEALTHCHECK_RECORD}" 127.0.0.1 | awk -F':' '/^Address: / { matched = 1 } matched { print $2}' | xargs)
if [ "${RESOLVED_IP}" != "${EXPECTED_VALUE}" ]; then
echo "[ERR] ${HEALTHCHECK_RECORD} lookup failed"
exit 1
fi
echo "[OK] ${HEALTHCHECK_RECORD} == ${RESOLVED_IP}"

3
unbound.conf
View File

@ -51,3 +51,6 @@ server:
# Allow from adguard subnet (see docker-compose adguard network)
access-control: 0.0.0.0/0 allow
# Local A record used for container healthcheck
local-data: "healthcheck-record.gkcld. A 10.10.10.10"