Disable UDP and add fallback for Cyberia DNS
This commit is contained in:
parent
cf11fdb7af
commit
3f43013872
|
@ -1,6 +1,7 @@
|
||||||
FROM alpine
|
FROM alpine
|
||||||
|
WORKDIR /etc/unbound
|
||||||
RUN apk add --no-cache --update unbound ca-certificates
|
RUN apk add --no-cache --update unbound ca-certificates
|
||||||
COPY certs/a.cyberiadot.invalid.pem /usr/local/share/ca-certificates/a.cyberiadot.invalid.pem
|
COPY certs/ /usr/local/share/ca-certificates/
|
||||||
RUN update-ca-certificates
|
RUN update-ca-certificates
|
||||||
ADD unbound.conf /etc/unbound/unbound.conf
|
ADD unbound.conf /etc/unbound/unbound.conf
|
||||||
ENTRYPOINT ["unbound", "-c", "/etc/unbound/unbound.conf"]
|
ENTRYPOINT ["unbound", "-c", "/etc/unbound/unbound.conf"]
|
||||||
|
|
|
@ -0,0 +1,10 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIBazCB8QIJAKClsF7wQoxJMAoGCCqGSM49BAMCMB8xHTAbBgNVBAMMFGIuY3li
|
||||||
|
ZXJpYWRvdC5pbnZhbGlkMB4XDTIwMDIxNDAzMDAxNloXDTMwMDIxMTAzMDAxNlow
|
||||||
|
HzEdMBsGA1UEAwwUYi5jeWJlcmlhZG90LmludmFsaWQwdjAQBgcqhkjOPQIBBgUr
|
||||||
|
gQQAIgNiAARd1SLczOZ2IP8SW2o0LxWq7iXXuWc4dhh9fTdpOk7cUXFop9LKYlZ2
|
||||||
|
I2TKAfc/oaN4G60Lpw5avCMeqeFLhL6n2g6ODw5qVsLlj31LIV3Tz7L3MzZ9XiUa
|
||||||
|
0rCnKQJp2qIwCgYIKoZIzj0EAwIDaQAwZgIxAMIBJcS0aA+5K2Hc7OJXaSq+CAaP
|
||||||
|
z3Ukj2qFTWCe+rxwzoRuUbZIF8rL36lisSaxkQIxAOHogJ1L8FhmeFIreWv3I0cE
|
||||||
|
DkWcoldNslvpaLGpKb0lrwoPa6OAf6jqetJdJqwjWw==
|
||||||
|
-----END CERTIFICATE-----
|
|
@ -3,10 +3,7 @@ server:
|
||||||
username: unbound
|
username: unbound
|
||||||
interface: 0.0.0.0
|
interface: 0.0.0.0
|
||||||
interface: ::0
|
interface: ::0
|
||||||
do-ip4: yes
|
do-udp: no
|
||||||
do-ip6: yes
|
|
||||||
do-udp: yes
|
|
||||||
do-tcp: yes
|
|
||||||
access-control: 0.0.0.0/0 allow
|
access-control: 0.0.0.0/0 allow
|
||||||
root-hints: root.hints
|
root-hints: root.hints
|
||||||
trust-anchor-file: /usr/share/dnssec-root/trusted-key.key
|
trust-anchor-file: /usr/share/dnssec-root/trusted-key.key
|
||||||
|
@ -23,7 +20,10 @@ server:
|
||||||
forward-zone:
|
forward-zone:
|
||||||
name: "."
|
name: "."
|
||||||
forward-tls-upstream: yes
|
forward-tls-upstream: yes
|
||||||
|
forward-first: yes
|
||||||
forward-addr: 2a04:c44:e00:32e0:42a:30ff:fe00:e7d@853#a.cyberiadot.invalid
|
forward-addr: 2a04:c44:e00:32e0:42a:30ff:fe00:e7d@853#a.cyberiadot.invalid
|
||||||
forward-addr: 194.182.165.153@853#a.cyberiadot.invalid
|
forward-addr: 194.182.165.153@853#a.cyberiadot.invalid
|
||||||
|
forward-addr: 2a01:4f8:1c17:4d9b::853@853#b.cyberiadot.invalid
|
||||||
|
forward-addr: 78.47.220.84@853#b.cyberiadot.invalid
|
||||||
forward-addr: 2620:fe::fe@853#dns.quad9.net
|
forward-addr: 2620:fe::fe@853#dns.quad9.net
|
||||||
forward-addr: 9.9.9.9@853#dns.quad9.net
|
forward-addr: 9.9.9.9@853#dns.quad9.net
|
||||||
|
|
2
dns.yml
2
dns.yml
|
@ -30,6 +30,6 @@ services:
|
||||||
- "/etc/hosts:/etc/hosts:ro"
|
- "/etc/hosts:/etc/hosts:ro"
|
||||||
ports:
|
ports:
|
||||||
- "53:5353/tcp"
|
- "53:5353/tcp"
|
||||||
# - "53:5353/udp" // See https://www.us-cert.gov/ncas/alerts/TA14-017A
|
# - "53:5353/udp" # See https://www.us-cert.gov/ncas/alerts/TA14-017A
|
||||||
networks:
|
networks:
|
||||||
- backend
|
- backend
|
||||||
|
|
Reference in New Issue