diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/unbound/Dockerfile | 8 | ||||
| -rw-r--r-- | src/unbound/VERSION | 1 | ||||
| -rwxr-xr-x | src/unbound/bin/entrypoint.sh | 28 | ||||
| -rw-r--r-- | src/unbound/etc/unbound.base.conf | 70 |
4 files changed, 107 insertions, 0 deletions
diff --git a/src/unbound/Dockerfile b/src/unbound/Dockerfile new file mode 100644 index 0000000..7d3b69b --- /dev/null +++ b/src/unbound/Dockerfile @@ -0,0 +1,8 @@ +ARG BASE_VER=latest +FROM public.ecr.aws/s0f9o2k5/base:${BASE_VER} + +COPY bin/entrypoint.sh /usr/bin/entrypoint.sh +COPY etc/unbound.base.conf /etc/unbound/unbound.conf.d/unbound.base.conf +RUN install_deb unbound + +ENTRYPOINT ["/usr/bin/entrypoint.sh"] diff --git a/src/unbound/VERSION b/src/unbound/VERSION new file mode 100644 index 0000000..45c7a58 --- /dev/null +++ b/src/unbound/VERSION @@ -0,0 +1 @@ +v0.0.1 diff --git a/src/unbound/bin/entrypoint.sh b/src/unbound/bin/entrypoint.sh new file mode 100755 index 0000000..d1b4b3a --- /dev/null +++ b/src/unbound/bin/entrypoint.sh @@ -0,0 +1,28 @@ +#!/bin/bash +set -e + +log() { + echo "[$(date +'%Y-%m-%d %H:%M:%S')] $*" +} + +# Setup chroot environment +log "Setting up chroot environment..." +if /usr/lib/unbound/package-helper chroot_setup; then + log "Chroot setup completed successfully" +else + log "ERROR: Chroot setup failed" + exit 1 +fi + +# Update root trust anchor +log "Updating root trust anchor..." +if /usr/lib/unbound/package-helper root_trust_anchor_update; then + log "Root trust anchor updated successfully" +else + log "ERROR: Root trust anchor update failed" + exit 1 +fi + +# Start unbound in debug mode +log "Starting unbound daemon..." +exec /usr/sbin/unbound -d -p $DOPTS diff --git a/src/unbound/etc/unbound.base.conf b/src/unbound/etc/unbound.base.conf new file mode 100644 index 0000000..f79b9c3 --- /dev/null +++ b/src/unbound/etc/unbound.base.conf @@ -0,0 +1,70 @@ +# Don't allow unbound-control +remote-control: + control-enable: no + +server: + logfile: /dev/stdout + + # Refresh expiring cache entries, if less than 10% of their TTL remains + prefetch: yes + + # Serve stale data if not older than 1 day + serve-expired: yes + serve-expired-ttl: 86400 # one day, in seconds + + # Timeout request and serve stable data if it takes longer than 1.8 seconds + serve-expired-client-timeout: 1800 # 1.8 seconds, in milliseconds + + # Some logging to see what is going on + verbosity: 2 + log-queries: yes + + interface: 0.0.0.0 + # interface: ::0 + port: 5353 + + # Who can use our Unbound server + # access-control: 127.0.0.1/8 allow + # access-control: ::1/64 allow + # access-control: 192.168.0.1/16 allow + access-control: 10.42.0.0/16 allow + # access-control: 10.43.0.0/16 allow + do-ip4: yes + #do-ip6: yes + do-udp: yes + do-tcp: yes + + # Certificates + tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt + + + # private-domain: "bing.c-137.space" + + # Ad-blocking, leave this commented out for now... + #include: /etc/unbound/adservers.conf + + # Local zone entries should be transparent + local-zone: "lan.uctrl.net." transparent + local-zone: "168.192.in-addr.arpa." transparent + #include: /etc/unbound/host_entries.conf + +# Forward all queries to Quad9 and CloudFlare, with DNS over TLS +forward-zone: + name: "." + forward-tls-upstream: yes + + # Quad9 + #forward-addr: 2620:fe::fe@853#dns.quad9.net + forward-addr: 9.9.9.9@853#dns.quad9.net + #forward-addr: 2620:fe::9@853#dns.quad9.net + forward-addr: 149.112.112.112@853#dns.quad9.net + + # Cloudflare DNS + #forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com + forward-addr: 1.1.1.1@853#cloudflare-dns.com + #forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com + forward-addr: 1.0.0.1@853#cloudflare-dns.com + + # OpenDNS + forward-addr: 208.67.222.222 + forward-addr: 208.67.220.220 |