Unbound DNS Server Docker Image
Supported tags and respective
What is Unbound?
Unbound is a validating, recursive, and caching DNS resolver.
How to use this image
Run this container with the following command:
docker run --name my-unbound -d -p 53:53/udp \ --restart=always mvance/unbound:latest
For a DNS server with lots of short-lived connections, you may wish to consider
--net=host to the run command for performance reasons. However, it is
not required and some shared container hosting services may not allow it. You
should also be aware
--net=host can be a security risk in some situations. The
Center for Internet Security Docker 1.6
recommends against this mode since it essentially tells Docker to not
containerize the container's networking, thereby giving it full access to the
host machine's network interfaces. It also mentions this option could cause the
container to do unexpected things such as shutting down the Docker host as
referenced in Docker Issue #6401
. For the most secure deployment, unrelated services with confidential data
should not be run on the same host or VPS. In such cases, using
should have limited impact on security.
Serve Custom DNS Records for Local Network
While Unbound is not a full authoritative name server, it supports resolving
custom entries on a small, private LAN. In other words, you can use Unbound to
resolve fake names such as your-computer.local within your LAN.
To support such custom entries using this image, you need to provide an
a-records.conf file. This conf file is where you will define your custom
entries for forward and reverse resolution.
a-records.conf file should use the following format:
# A Record #local-data: "somecomputer.local. A 192.168.1.1" local-data: “laptop.local. A 192.168.1.2” # PTR Record #local-data-ptr: "192.168.1.1 somecomputer.local." local-data-ptr: "192.168.1.2 laptop.local."
Once the file has your entries in it, mount your version of the file as a volume
when starting the container:
docker run --name my-unbound -d -p 53:53/udp -v \ $(pwd)/a-records.conf:/opt/unbound/etc/unbound/a-records.conf:ro \ --restart=always mvance/unbound:latest
Documentation for this image is stored right here in the
Documentation for Unbound is available on the project's website.
If you have any problems with or questions about this image, please contact me
through a GitHub issue.
You are invited to contribute new features, fixes, or updates, large or small. I
imagine the upstream projects would be equally pleased to receive your
Please familiarize yourself with the repository's
before attempting a pull request.
Before you start to code, I recommend discussing your plans through a GitHub
issue, especially for
more ambitious contributions. This gives other contributors a chance to point
you in the right direction, give you feedback on your design, and help you find
out if someone else is working on the same thing.
The code in this image is heavily influenced by DNSCrypt server Docker image,
though the upstream projects most certainly also deserve credit for making this
Unless otherwise specified, all code is released under the MIT License (MIT).
See the repository's