obi12341 / docker-unbound Goto Github PK

View Code? Open in Web Editor NEW

54.0 5.0 37.0 96 KB

unbound DNS Resolver running in a Docker Container with DNSSEC enabled

License: Apache License 2.0

Shell 54.18% Ruby 19.30% Dockerfile 26.52%

unbound resolver docker docker-image dockerfile

docker-unbound's Introduction

Unbound (with DNSSEC validation)

Running

Just use this command to start the container. Unbound will listen on port 53/udp.

docker run --name unbound -d -p 53:53/udp -p 53:53 mobilistics/unbound:1.19.1

(optional) If you want to override the nameserver in the unbound container, you can use:

docker run --name unbound -d -p 53:53/udp -p 53:53 --dns="127.0.0.1" mobilistics/unbound:1.19.1

Configuration

These options can be set via the environment variable -e flag:

DO_IPV6: Enable or disable ipv6. (Default: "yes", Possible Values: "yes, no")
DO_IPV4: Enable or disable ipv4. (Default: "yes", Possible Values: "yes, no")
DO_UDP: Enable or disable udp. (Default: "yes", Possible Values: "yes, no")
DO_TCP: Enable or disable tcp. (Default: "yes", Possible Values: "yes, no")
VERBOSITY: Verbosity number, 0 is least verbose. (Default: "0", Possible Values: "")
NUM_THREADS: Number of threads to create. 1 disables threading. (Default: "1", Possible Values: "")
SO_RCVBUFF: Buffer size for UDP port 53 incoming. Use 4m to catch query spikes for busy servers. (Default: "0", Possible Values: "")
SO_SNDBUF: Buffer size for UDP port 53 outgoing. Use 4m to handle spikes on very busy servers. (Default: "0", Possible Values: "")
SO_REUSEPORT: Use SO_REUSEPORT to distribute queries over threads. (Default: "no", Possible Values: "yes, no")
EDNS_BUFFER_SIZE: EDNS reassembly buffer to advertise to UDP peers. 1480 can solve fragmentation (timeouts). (Default: "4096", Possible Values: "")
MSG_CACHE_SIZE: The amount of memory to use for the message cache. Plain value in bytes or you can append k, m or G. (Default: "4m", Possible Values: "")
RRSET_CACHE_SIZE: The amount of memory to use for the RRset cache. Plain value in bytes or you can append k, m or G. (Default: "4m", Possible Values: "")
CACHE_MIN_TTL: The time to live (TTL) value lower bound, in seconds. If more than an hour could easily give trouble due to stale data. (Default: "0", Possible Values: "")
CACHE_MAX_TTL: The time to live (TTL) value cap for RRsets and messages in the cache. Items are not cached for longer. In seconds. (Default: "86400", Possible Values: "")
CACHE_MAX_NEGATIVE_TTL: The time to live (TTL) value cap for negative responses in the cache. (Default: "3600", Possible Values: "")
PREFETCH: Enable to automatically re-fetch cached records before they expire. (Default: "no", Possible Values: "yes, no")
HIDE_IDENTITY: Enable to not answer id.server and hostname.bind queries. (Default: "no", Possible Values: "yes, no")
HIDE_VERSION: Enable to not answer version.server and version.bind queries. (Default: "no", Possible Values: "yes, no")
STATISTICS_INTERVAL: print statistics to the log (for every thread) every N seconds. (Default: "0", Possible Values: "0, 1")
STATISTICS_CUMULATIVE: enable cumulative statistics, without clearing them after printing. (Default: "no", Possible Values: "yes, no")
EXTENDED_STATISTICS: enable extended statistics (query types, answer codes, status) printed from unbound-control. (Default: "no", Possible Values: "yes, no")
INTERFACE: Sets the interface to listen on useful when using --net=host (Default 0.0.0.0, Possible Values: "", "@")
REMOTE_CONTROL_ENABLE: Enable the remote control feature (Default "yes", Possible Values: "yes, no")

docker-unbound's People

Contributors

Stargazers

Watchers

docker-unbound's Issues

Is the Dockerfile opensource?

Hi, I want to use your Dockerfile and upload to Docker Hub, off course with the credit.

But there seems to be no LICENSE file, so I am not sure that I can do it.

Could you add LICENSE to the repo please?

Documentation on how to migrate from existing unbound setup - config folder

Hi,

I think there needs to be information about how to migrate an existing unbound - where is the config folder inside the container?

Unbound 1.16.0

Hey there,
just a post to inform you that unbound has been update to 1.16.0. Maybe, if you find time, you could update your docker files as well?
Thanks a lot and best regards!

resolv.conf setting

hi, was using and found i needed to set resolv.conf to 127.0.0.1 in order for requests to be serviced by unbound... thus modified run line became -

docker run --name unbound -d -p 53:53/udp -p 53:53 --dns="127.0.0.1" secns/unbound:1.5.6

Add ENV option to enable QNAME minimisation?

Is it possible to add an option to enable QNAME minimisation?

# See RFC 7816 "DNS Query Name Minimisation to Improve Privacy" for
# details.
qname-minimisation: yes.

Thanks.

support with adguard

Can u help me how to get unbound + adguard setup?

So for adguard dns I would just add 127.0.0.1:5335 for ip4 and [..1]:5335 for ip6

Here my .yml

`version: "3"
services:
unbound:
image: ajoergensen/unbound
container_name: unbound

ports:
  - 53:53/udp
  - 53:53

environment:
  - DO_IPV6=yes
  - DO_IPV4=yes
  - DO_UDP=yes
  - DO_TCP=yes
  - VERBOSITY=0
  - NUM_THREADS=1
  - SO_RCVBUFF=0
  - SO_SNDBUF=0
  - SO_REUSEPORT=no
  - EDNS_BUFFER_SIZE=4096
  - MSG_CACHE_SIZE=4m
  - RRSET_CACHE_SIZE=4m
  - CACHE_MIN_TTL=0
  - CACHE_MAX_TTL=86400
  - CACHE_MAX_NEGATIVE_TTL=3600
  - HIDE_IDENTITY=yes
  - HIDE_VERSION=yes
  - STATISTICS_INTERVAL=0
  - STATISTICS_CUMULATIVE=no
  - EXTENDED_STATISTICS=no

restart: always

adguardhome:
image: adguard/adguardhome:latest
container_name: adguardhome

volumes:
  - ./work:/opt/adguardhome/work
  - ./conf:/opt/adguardhome/conf

ports:
  - 5335:53/tcp
  - 5335:53/udp
  - 380:80/tcp
  - 3000:3000/tcp
  - 367:67/udp
  - 368:68/tcp
  - 368:68/udp
  - 3443:443/tcp
  - 853:853/tcp

Bump to 1.9.4 with fix for CVE-2019-16866

Please check: #13

Kindly update the image to version 1.14.0

Please update the image to use version 1.14.0 :)

PS. Since Docker Hub has removed automatic image building for free accounts, let me know if you need help with setting up building images (for free) on Github and pushing them to Dockerhub.

Ubuntu Bionic out of standard support since 31 May 2023

Used Ubuntu version is EOL (at leased out of standard support) since 31 May 2023.

https://ubuntu.com/18-04

You may consider an upgrade to a new release.

Bump to 1.9.6 with fix for CVE-2019-18934

I made a PR for this, please check :) #15

Setting Authoritative NS'

I can't find your email address nor any way to contact you, so here we are.

I've adapted this into a podman pod, and I see how the internal unbound.conf is set. But there doesn't seem to be any way to set forward requests to for recursion. ('forward-zone')

Sure I could modify unbound.conf or add a file, but I have the container set for auto update and this would be overwritten. What to do?