RedXen
/
dns-docker
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Disable UDP and add fallback for Cyberia DNS

This commit is contained in:
caskd 2020-02-26 15:49:26 +01:00
parent cf11fdb7af
commit 3f43013872
No known key found for this signature in database
GPG Key ID: 79DB21404E300A27
4 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
build/Dockerfile
View File

@ -1,6 +1,7 @@
FROM alpine
WORKDIR /etc/unbound
RUN apk add --no-cache --update unbound ca-certificates
COPY certs/a.cyberiadot.invalid.pem /usr/local/share/ca-certificates/a.cyberiadot.invalid.pem
COPY certs/ /usr/local/share/ca-certificates/
RUN update-ca-certificates
ADD unbound.conf /etc/unbound/unbound.conf
ENTRYPOINT ["unbound", "-c", "/etc/unbound/unbound.conf"]

10
build/certs/b.cyberiadot.invalid.pem Normal file
View File

@ -0,0 +1,10 @@
-----BEGIN CERTIFICATE-----
MIIBazCB8QIJAKClsF7wQoxJMAoGCCqGSM49BAMCMB8xHTAbBgNVBAMMFGIuY3li
ZXJpYWRvdC5pbnZhbGlkMB4XDTIwMDIxNDAzMDAxNloXDTMwMDIxMTAzMDAxNlow
HzEdMBsGA1UEAwwUYi5jeWJlcmlhZG90LmludmFsaWQwdjAQBgcqhkjOPQIBBgUr
gQQAIgNiAARd1SLczOZ2IP8SW2o0LxWq7iXXuWc4dhh9fTdpOk7cUXFop9LKYlZ2
I2TKAfc/oaN4G60Lpw5avCMeqeFLhL6n2g6ODw5qVsLlj31LIV3Tz7L3MzZ9XiUa
0rCnKQJp2qIwCgYIKoZIzj0EAwIDaQAwZgIxAMIBJcS0aA+5K2Hc7OJXaSq+CAaP
z3Ukj2qFTWCe+rxwzoRuUbZIF8rL36lisSaxkQIxAOHogJ1L8FhmeFIreWv3I0cE
DkWcoldNslvpaLGpKb0lrwoPa6OAf6jqetJdJqwjWw==
-----END CERTIFICATE-----

8
build/unbound.conf
View File

@ -3,10 +3,7 @@ server:
username: unbound
interface: 0.0.0.0
interface: ::0
do-ip4: yes
do-ip6: yes
do-udp: yes
do-tcp: yes
do-udp: no
access-control: 0.0.0.0/0 allow
root-hints: root.hints
trust-anchor-file: /usr/share/dnssec-root/trusted-key.key
@ -23,7 +20,10 @@ server:
forward-zone:
name: "."
forward-tls-upstream: yes
forward-first: yes
forward-addr: 2a04:c44:e00:32e0:42a:30ff:fe00:e7d@853#a.cyberiadot.invalid
forward-addr: 194.182.165.153@853#a.cyberiadot.invalid
forward-addr: 2a01:4f8:1c17:4d9b::853@853#b.cyberiadot.invalid
forward-addr: 78.47.220.84@853#b.cyberiadot.invalid
forward-addr: 2620:fe::fe@853#dns.quad9.net
forward-addr: 9.9.9.9@853#dns.quad9.net

2
dns.yml
View File

@ -30,6 +30,6 @@ services:
- "/etc/hosts:/etc/hosts:ro"
ports:
- "53:5353/tcp"
# - "53:5353/udp" // See https://www.us-cert.gov/ncas/alerts/TA14-017A
# - "53:5353/udp" # See https://www.us-cert.gov/ncas/alerts/TA14-017A
networks:
- backend