Add host port exposure for IP passthrough instead of overlay IP

2020-03-09 17:56:58 +01:00 · 2020-03-09 17:56:58 +01:00 · d3e5f962fe
commit d3e5f962fe
parent 76fe7241af
2 changed files with 18 additions and 2 deletions
--- a/build/unbound.conf
+++ b/build/unbound.conf
@ -18,6 +18,10 @@ server:
 	cache-min-ttl: 60
 	cache-max-ttl: 960
 	harden-glue: yes
+remote-control:
+	control-enable: yes
+	control-use-cert: no
+	control-interface: 0.0.0.0
 forward-zone:
 	name: "."
 	forward-tls-upstream: yes
--- a/dns.yml
+++ b/dns.yml
@ -7,6 +7,10 @@ x-logging: &json-log
    max-file: '5'

 networks:
+  tig_monitoring:
+    external: true
+  #host:
+  #  external: true
  backend:
    driver: overlay
    attachable: true
@ -29,7 +33,15 @@ services:
    volumes:
      - "/etc/hosts:/etc/hosts:ro"
    ports:
-      - "53:5353/tcp"
-      - "53:5353/udp" # Potentially vulnerable without any ratelimits, see https://www.us-cert.gov/ncas/alerts/TA14-017A
+      - target: 5353
+        published: 53
+        protocol: tcp
+        mode: host
+      - target: 5353
+        published: 53
+        protocol: udp # Potentially vulnerable without any ratelimits, see https://www.us-cert.gov/ncas/alerts/TA14-017A
+        mode: host
    networks:
+        #- host
      - backend
+      - tig_monitoring