Public | Automated Build

Last pushed: 7 months ago
Short Description
Unbound is a validating, recursive, and caching DNS resolver.
Full Description

Unbound DNS Server Docker Image

Supported tags and respective Dockerfile links

What is Unbound?

Unbound is a validating, recursive, and caching DNS resolver.

How to use this image

Standard usage

Run this container with the following command:

docker run --name my-unbound -d -p 53:53/udp \
--restart=always mvance/unbound:latest

For a DNS server with lots of short-lived connections, you may wish to consider
adding --net=host to the run command for performance reasons. However, it is
not required and some shared container hosting services may not allow it. You
should also be aware --net=host can be a security risk in some situations. The
Center for Internet Security Docker 1.6

recommends against this mode since it essentially tells Docker to not
containerize the container's networking, thereby giving it full access to the
host machine's network interfaces. It also mentions this option could cause the
container to do unexpected things such as shutting down the Docker host as
referenced in Docker Issue #6401
. For the most secure deployment, unrelated services with confidential data
should not be run on the same host or VPS. In such cases, using --net=host
should have limited impact on security.

Serve Custom DNS Records for Local Network

While Unbound is not a full authoritative name server, it supports resolving
custom entries on a small, private LAN. In other words, you can use Unbound to
resolve fake names such as your-computer.local within your LAN.

To support such custom entries using this image, you need to provide an
a-records.conf file. This conf file is where you will define your custom
entries for forward and reverse resolution.

The a-records.conf file should use the following format:

# A Record
  #local-data: "somecomputer.local. A"
  local-data: “laptop.local. A”

# PTR Record
  #local-data-ptr: " somecomputer.local."
  local-data-ptr: " laptop.local."

Once the file has your entries in it, mount your version of the file as a volume
when starting the container:

docker run --name my-unbound -d -p 53:53/udp -v \
$(pwd)/a-records.conf:/opt/unbound/etc/unbound/a-records.conf:ro \
--restart=always mvance/unbound:latest

Supported Docker versions

This image is tested on Docker version 1.11.2.

Use on older versions at your own risk.

User feedback


Documentation for this image is stored right here in the

Documentation for Unbound is available on the project's website.


If you have any problems with or questions about this image, please contact me
through a GitHub issue.


You are invited to contribute new features, fixes, or updates, large or small. I
imagine the upstream projects would be equally pleased to receive your

Please familiarize yourself with the repository's

before attempting a pull request.

Before you start to code, I recommend discussing your plans through a GitHub
, especially for
more ambitious contributions. This gives other contributors a chance to point
you in the right direction, give you feedback on your design, and help you find
out if someone else is working on the same thing.


The code in this image is heavily influenced by DNSCrypt server Docker image,
though the upstream projects most certainly also deserve credit for making this
all possible.



Unless otherwise specified, all code is released under the MIT License (MIT).
See the repository's LICENSE

Licenses for other components

Docker Pull Command
Source Repository