Comments (8)
Hi and thanks for reaching out to me.
Why do you want to mount the iana.d
folder? It's not recommended to map this volume:
The "internic" files are downloaded at buildtime, the only reason to connect this volume would be manually updating these files. If you manually copied the files into the folder for a reason, just correct ownership and permissions. Anyway, you shouldn't need this mapping at all.
Edit: Yeah, that folder is still mapped in the examples, will fix that fixed.
from unbound-docker.
One more thing: you only need to connect the folders if you want to use splitted configs or need the log. The image also runs fine without. In this case, only your customized unbound.conf needs to be mapped, if necessary at all. The image is already adapted to recursive
mode, some say "hyperlocal" and has various optimizations for performance and security already.
from unbound-docker.
thank you very much for the info.
I removed now the volumes-part in the docker compose. Now it works, but I get this warning. Is there an additional step necessary to solve this warning?
Apr 26 15:11:06 unbound[1:0] notice: init module 0: validator
Apr 26 15:11:06 unbound[1:0] notice: init module 1: iterator
Apr 26 15:11:06 unbound[1:0] warning: auth zone .: ZONEMD verification failed: verify DNSKEY RRset with trust anchor failed
Apr 26 15:11:06 unbound[1:0] info: start of service (unbound 1.19.3).
Apr 26 15:11:12 unbound[1:0] info: generate keytag query _ta-4f66. NULL IN
from unbound-docker.
Did you completely down and up the compose stack docker-compose down && docker-compose up -d
? If it still shows this warning, I'd need your unbound config(s) then please. Thank you.
from unbound-docker.
I used portainer to create a stack and used the docker compose file from above but without the volumes. So I also did not specify a dedicated conf-file (and using the default)
from unbound-docker.
OK, then please mount the iana.d
folder again (sorry) and put the fresh downloaded root files (iana.org
root.key
and root.zone
) in there.
You'll surely need to correct ownership and the permissions afterwards using chown -R YourUNBOUND_UID:YourUNBOUND_GID /VOLUME1/.../YourUnboundFolder
and chmod -r 770 /VOLUME1/.../YourUnboundFolder
(sudo
may apply).
You maybe also need to set additional permissions via Synology File Manager or Windows ACLs on your Unbound share.
Thank you.
from unbound-docker.
now it works without an error/warning in the log.
What I did:
- Use all the files in my first post
- Create an additional emtpy root.key file and put this in the iana.d folder
- Synology -> give rights for writing and reading for the unbound-folder and all files below
- use the docker compose from first post
Thank you for your help and this great docker image! From my side we can close this ticket.
from unbound-docker.
It was a pleasure to me. Thanks for choosing my image, glad it works for you! If there's anything else, feel free to reopen the issue or to file a new one.
Cheers.
from unbound-docker.
Related Issues (20)
- Could not open xxx: Permission denied" on Synology NAS HOT 2
- New commits but no new release? HOT 2
- Container requires root under the rootless podman/docker container HOT 5
- Unable to start unbound container HOT 16
- healthcheck funktioniert nicht mehr HOT 3
- [Bug] fatal error: unable to chroot to /usr/local/unbound: Operation not permitted HOT 24
- [Bug] container unable to start without providing ubound.conf HOT 7
- The container reports "unhealthy" HOT 3
- [Bug] unbound is already running / unable to chroot HOT 10
- Help with redis configuration and a persistent cachedb.d volume HOT 36
- [Bug] Not enough permissions for /iana.d/ if default configuration is used HOT 2
- [Bug] healthcheck.sh will check container DNS, not unbound HOT 3
- unbound with redis cache does not start sucessfully on host server reboot HOT 3
- Help with healthcheck on redis container HOT 6
- [Planned] Making DNS diagnostic tools available soonβ’ HOT 2
- Container doesn't start on Port 53 with any version newer than 1.19.1-0 using Synology Container Manager HOT 26
- SERVFAIL for some domains HOT 10
- [Bug] What is the purpose of UNBOUND_UID and UNBOUND_GID, when you do not set anything else other than 1000 (default) in the container ? HOT 6
- OCI runtime create failed: runc create failed HOT 18
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from unbound-docker.