diff --git a/healthcheck.sh b/healthcheck.sh index 746b7bf..1818ea9 100644 --- a/healthcheck.sh +++ b/healthcheck.sh @@ -1,7 +1,7 @@ #!/bin/sh -HEALTHCHECK_RECORD=healthcheck-record.gkcld -EXPECTED_VALUE=10.10.10.10 +HEALTHCHECK_RECORD=healthcheck.unbound +EXPECTED_VALUE=127.0.0.1 RESOLVED_IP=$(nslookup "${HEALTHCHECK_RECORD}" 127.0.0.1 | awk -F':' '/^Address: / { matched = 1 } matched { print $2}' | xargs) if [ "${RESOLVED_IP}" != "${EXPECTED_VALUE}" ]; then diff --git a/unbound.conf b/unbound.conf index f215518..1b7bb97 100644 --- a/unbound.conf +++ b/unbound.conf @@ -2,6 +2,8 @@ include: /srv/unbound/conf/*.conf server: + do-daemonize: no + # If no logfile is specified, syslog is used #logfile: "/var/log/unbound/unbound.log" verbosity: 0 @@ -13,6 +15,10 @@ server: do-udp: yes do-tcp: yes + private-address: 10.0.0.0/8 + private-address: 172.16.0.0/12 + private-address: 192.168.0.0/16 + # You want to leave this to no unless you have *native* IPv6. With 6to4 and # Terredo tunnels your web browser should favor IPv4 for the same reasons prefer-ip6: no @@ -52,5 +58,6 @@ server: # Allow from adguard subnet (see docker-compose adguard network) access-control: 0.0.0.0/0 allow - # Local A record used for container healthcheck - local-data: "healthcheck-record.gkcld. A 10.10.10.10" \ No newline at end of file + # Record used for container healthcheck + local-zone: "healthrecord.unbound" nodefault + local-data: "healthcheck.unbound. A 127.0.0.1" \ No newline at end of file