Public | Automated Build

Last pushed: 4 months ago
Short Description
Unbound is a validating, recursive, and caching DNS resolver.
Full Description

Unbound DNS Server Docker Image

Supported tags and respective Dockerfile links

What is Unbound?

Unbound is a validating, recursive, and caching DNS resolver.

unbound.net

How to use this image

Standard usage

Run this container with the following command:

docker run --name my-unbound -d -p 53:53/udp \
--restart=always mvance/unbound:latest

For a DNS server with lots of short-lived connections, you may wish to consider
adding --net=host to the run command for performance reasons. However, it is
not required and some shared container hosting services may not allow it. You
should also be aware --net=host can be a security risk in some situations. The
Center for Internet Security Docker 1.6
Benchmark

recommends against this mode since it essentially tells Docker to not
containerize the container's networking, thereby giving it full access to the
host machine's network interfaces. It also mentions this option could cause the
container to do unexpected things such as shutting down the Docker host as
referenced in Docker Issue #6401
. For the most secure deployment, unrelated services with confidential data
should not be run on the same host or VPS. In such cases, using --net=host
should have limited impact on security.

Serve Custom DNS Records for Local Network

While Unbound is not a full authoritative name server, it supports resolving
custom entries on a small, private LAN. In other words, you can use Unbound to
resolve fake names such as your-computer.local within your LAN.

To support such custom entries using this image, you need to provide an
a-records.conf file. This conf file is where you will define your custom
entries for forward and reverse resolution.

The a-records.conf file should use the following format:

# A Record
  #local-data: "somecomputer.local. A 192.168.1.1"
  local-data: “laptop.local. A 192.168.1.2”

# PTR Record
  #local-data-ptr: "192.168.1.1 somecomputer.local."
  local-data-ptr: "192.168.1.2 laptop.local."

Once the file has your entries in it, mount your version of the file as a volume
when starting the container:

docker run --name my-unbound -d -p 53:53/udp -v \
$(pwd)/a-records.conf:/opt/unbound/etc/unbound/a-records.conf:ro \
--restart=always mvance/unbound:latest

Supported Docker versions

This image is tested on Docker version 1.11.2.

Use on older versions at your own risk.

User feedback

Documentation

Documentation for this image is stored right here in the README.md.

Documentation for Unbound is available on the project's website.

Issues

If you have any problems with or questions about this image, please contact me
through a GitHub issue.

Contributing

You are invited to contribute new features, fixes, or updates, large or small. I
imagine the upstream projects would be equally pleased to receive your
contributions.

Please familiarize yourself with the repository's README.md
file

before attempting a pull request.

Before you start to code, I recommend discussing your plans through a GitHub
issue
, especially for
more ambitious contributions. This gives other contributors a chance to point
you in the right direction, give you feedback on your design, and help you find
out if someone else is working on the same thing.

Acknowledgments

The code in this image is heavily influenced by DNSCrypt server Docker image,
though the upstream projects most certainly also deserve credit for making this
all possible.

Licenses

License

Unless otherwise specified, all code is released under the MIT License (MIT).
See the repository's LICENSE
file
for
details.

Licenses for other components

Docker Pull Command
Owner
mvance
Source Repository