diff --git a/start.sh b/start.sh new file mode 100755 index 0000000..f4eb5d0 --- /dev/null +++ b/start.sh @@ -0,0 +1,9 @@ +docker run \ + -it \ + --rm \ + -v $PWD/etc:/etc/unbound \ + --name unbound \ + -p 53:53/udp \ + -p 53:53/tcp \ + -p 853:853/tcp \ + registry.hottis.de/dockerized/unbound:latest diff --git a/unbound.conf b/unbound.conf index 9839c17..02d7fb8 100644 --- a/unbound.conf +++ b/unbound.conf @@ -1,33 +1,51 @@ server: - interface: 0.0.0.0 + chroot: /etc/unbound + do-ip4: yes do-ip6: no + interface: 0.0.0.0@53 + port: 53 + + # tls-upstream: yes + # tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt + auto-trust-anchor-file: /etc/unbound/autotrust/root.key + + tls-service-key: /etc/unbound/privkey.pem + tls-service-pem: /etc/unbound/pubcert.pem + interface: 0.0.0.0@853 + tls-port: 853 + + num-threads: 2 + + root-hints: /etc/unbound/root.hints + do-daemonize: no verbosity: 1 logfile: "" log-time-ascii: yes - log-queries: yes - log-replies: yes + log-queries: no + log-replies: no access-control: 172.16.0.0/16 allow access-control: 10.200.200.0/24 allow access-control: 172.17.0.0/16 allow local-zone: "nober.de." transparent - local-data: "base.hv.nober.de. IN A 192.0.2.51" - local-data: "api.hv.nober.de. IN A 192.0.2.51" + local-data: "base.hv.nober.de. IN A 172.16.10.41" + local-data: "api.hv.nober.de. IN A 172.16.10.41" local-zone: "hottis.de." transparent local-data: "authservice.hottis.de. IN A 172.16.10.41" local-data: "bitwarden.hottis.de. IN A 172.16.10.41" local-data: "smarthome.hottis.de. IN A 172.16.10.41" local-data: "registry.hottis.de. IN A 172.16.10.41" - local-data: "home.hottis.de. IN A 172.16.1.11" - local-data: "repo.hottis.de. IN A 172.16.1.11" + local-data: "home.hottis.de. IN A 172.16.10.41" local-data: "sink.hottis.de. IN A 172.16.10.42" local-data: "brkrint.hottis.de. IN A 172.16.2.16" + local-data: "vpnhead.hottis.de. IN A 172.16.12.10" + local-data: "syslog.hottis.de. IN A 172.16.11.15" local-zone: "mainscnt.eu." transparent local-data: "grafana.mainscnt.eu. IN A 172.16.10.41"