wn/unbound
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: wn:with_nghttp2
Branches Tags
wn:master wn:publish wn:with_nghttp2
wn:1.0.0
..
compare: wn:1.0.0
Branches Tags
wn:master wn:publish wn:with_nghttp2
wn:1.0.0

3 Commits
with_nghtt ... 1.0.0

Author SHA1 Message Date
Wolfgang Hottgenroth
6ca9c2ad48 add readme 2021-10-27 14:29:30 +02:00
Wolfgang Hottgenroth
c69b4b4fb5 comments in configuration 2021-10-27 14:27:11 +02:00
Wolfgang Hottgenroth
7f9ae80fb8 merged to master again 2021-10-27 13:47:17 +02:00
3 changed files with 43 additions and 7 deletions
Expand all files Collapse all files

6
readme.md Normal file
View File

@ -0,0 +1,6 @@
This project provides a Docker image containing the unbound nameserver
in an Alpine Linux base.
unbound will be build including the DNSSEC and DNS-over-TLS features.

9
start.sh Executable file
View File

@ -0,0 +1,9 @@
docker run \
-it \
--rm \
-v $PWD/etc:/etc/unbound \
--name unbound \
-p 53:53/udp \
-p 53:53/tcp \
-p 853:853/tcp \
registry.hottis.de/dockerized/unbound:latest

35
unbound.conf
View File

@ -1,33 +1,54 @@
server: server:
interface: 0.0.0.0 chroot: /etc/unbound
do-ip4: yes do-ip4: yes
do-ip6: no do-ip6: no
interface: 0.0.0.0@53
port: 53
# tls-upstream: yes
# tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# initially create using unbound-anchor -a /etc/unbound/root.key
auto-trust-anchor-file: /etc/unbound/root.key
tls-service-key: /etc/unbound/privkey.pem
tls-service-pem: /etc/unbound/pubcert.pem
interface: 0.0.0.0@853
tls-port: 853
num-threads: 2
# curl https://www.internic.net/domain/named.root > /etc/unbound/root.hints
root-hints: /etc/unbound/root.hints
do-daemonize: no do-daemonize: no
verbosity: 1 verbosity: 1
logfile: "" logfile: ""
log-time-ascii: yes log-time-ascii: yes
log-queries: yes log-queries: no
log-replies: yes log-replies: no
access-control: 172.16.0.0/16 allow access-control: 172.16.0.0/16 allow
access-control: 10.200.200.0/24 allow access-control: 10.200.200.0/24 allow
access-control: 172.17.0.0/16 allow access-control: 172.17.0.0/16 allow
local-zone: "nober.de." transparent local-zone: "nober.de." transparent
local-data: "base.hv.nober.de. IN A 192.0.2.51" local-data: "base.hv.nober.de. IN A 172.16.10.41"
local-data: "api.hv.nober.de. IN A 192.0.2.51" local-data: "api.hv.nober.de. IN A 172.16.10.41"
local-zone: "hottis.de." transparent local-zone: "hottis.de." transparent
local-data: "authservice.hottis.de. IN A 172.16.10.41" local-data: "authservice.hottis.de. IN A 172.16.10.41"
local-data: "bitwarden.hottis.de. IN A 172.16.10.41" local-data: "bitwarden.hottis.de. IN A 172.16.10.41"
local-data: "smarthome.hottis.de. IN A 172.16.10.41" local-data: "smarthome.hottis.de. IN A 172.16.10.41"
local-data: "registry.hottis.de. IN A 172.16.10.41" local-data: "registry.hottis.de. IN A 172.16.10.41"
local-data: "home.hottis.de. IN A 172.16.1.11" local-data: "home.hottis.de. IN A 172.16.10.41"
local-data: "repo.hottis.de. IN A 172.16.1.11"
local-data: "sink.hottis.de. IN A 172.16.10.42" local-data: "sink.hottis.de. IN A 172.16.10.42"
local-data: "brkrint.hottis.de. IN A 172.16.2.16" local-data: "brkrint.hottis.de. IN A 172.16.2.16"
local-data: "vpnhead.hottis.de. IN A 172.16.12.10"
local-data: "syslog.hottis.de. IN A 172.16.11.15"
local-zone: "mainscnt.eu." transparent local-zone: "mainscnt.eu." transparent
local-data: "grafana.mainscnt.eu. IN A 172.16.10.41" local-data: "grafana.mainscnt.eu. IN A 172.16.10.41"