- Maintained by: Radek Sprta
- Where to get help: Repository Issues
This container is to designed to run Unbound DNS server. It can run as resolver or a simple authoritative server.
The simplest way to run Unbound is the following command:
docker run --name unbound -d -p 53:53 -p 53:53/udp --restart=unless-stopped rsprta/unbound:latestOr using docker-compose.yml:
version: '3'
services:
dns:
container_name: unbound
image: rsprta/unbound
ports:
- "53:53"
- "53:53/udp"
volumes:
- "unbound.conf:/etc/unbound/unbound.conf:ro"
restart: unless-stoppedHowever, in default configuration, it is not too useful. But you can overwrite some key options using volumes and environmental variables.
If you want Unbound to resolve a local domain (such as .local or .lan), you can achieve that by
providing local-zones.conf file. The contents should look like this:
local-data: "desktop.lan. A 192.168.0.100"
local-data: "laptop.lan. A 192.168.0.101"
local-data: "nas.lan. A 192.168.0.102"
local-data-ptr: "192.168.0.100 desktop.local."
local-data-ptr: "192.168.0.101 laptop.local."
local-data-ptr: "192.168.0.102 nas.local."Careful, you need to preserve the leading whitespace!
Afterwards, mount the file as volume:
volumes:
- "local-zones.conf:/etc/unbound/local-zones.conf:ro"To make Unbound forward non-local zone to a recursive DNS resolver, you need to provide a forward-zones.conf
file. If you want to forward all zones, the file might look like this:
forward-zone:
name: "."
# OpenNIC
forward-addr: 78.47.243.3@853#ns21.de.dns.opennic.glue
forward-addr: 62.210.177.189@853#ns3.fr.dns.opennic.glue
# Quad9
forward-addr: 9.9.9.9@853#dns.quad9.net
forward-addr: 149.112.112.112@853#dns.quad9.netMount it as volume:
volumes:
- "forward-zones.conf:/etc/unbound/forward-zones.conf:ro"Unbound can even act as a very simple authoritative server. Again, you can defines this behavior in
auth-zones.conf file.
auth-zone:
name: "example.org"
for-downstream: yes
for-upstream: yes
zonefile: "example.org.zone"And mount both the configuration and the zone file:
volumes:
- "auth-zones.conf:/etc/unbound/auth-zones.conf:ro"
- "example.org.zone:/etc/unbound/example.org.zone:ro"By default, the container answers queries coming from any IP address. If you want to change that, provide
access-control.conf file. It might look like this:
access-control: 192.168.0.0/24 allow
access-control: 10.0.0.0/8 refuseDo not leave out the leading whitespace. Mount the file like this:
volumes:
- "access-control.conf:/etc/unbound/access-control.conf:ro"You can adjust the container's behavior by declaring the following environment variables:
Minimal TTL to use for caching. Defaults to 0
Use IPv6. Defaults to yes.
Use IPv4. Defaults to yes.
Use UDP. Defaults to yes.
Use TCP. Default to yes.
Number of requests per second that an IP address is allowed to perform. Defaults to 0 (disabled).
Which root servers to use. Defaults to ICANN root servers. Alternatively, use opennic.
Reuse ports. Defaults to yes.
Serve expired records from cache while performing a DNS lookup. Defaults to yes.
Statistics gathering interval in seconds. Defaults to 0 (disabled).
Print cumulative statistics. Defaults to no.
Print extended statistics. Defaults to no.
Verbosity level. Defaults to 0 (least verbose).
For information on how to contribute to the project, please check the Contributor's Guide.
mail@radeksprta.eu incoming+radek-sprta/docker-unbound@gitlab.com
GNU General Public License v3
The container was heavily inspired by:
Multi-arch builds are copied from: klutchell/unbound
This package was created with Cookiecutter.