Initial commit

build/Dockerfile

@@ -0,0 +1,6 @@
+FROM alpine
+RUN apk add --no-cache --update unbound ca-certificates
+RUN update-ca-certificates
+ADD unbound.conf /etc/unbound/unbound.conf
+ENTRYPOINT ["unbound", "-c", "/etc/unbound/unbound.conf"]
+EXPOSE 5353/udp 5353/tcp

build/unbound.conf

@@ -0,0 +1,21 @@
+server:
+	directory: "/etc/unbound"
+	username: unbound
+	interface: 0.0.0.0
+	interface: ::0
+	root-hints: root.hints
+	trust-anchor-file: /usr/share/dnssec-root/trusted-key.key
+	tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
+	port: 5353
+	prefetch: yes
+	prefetch-key: yes
+	do-daemonize: no
+	log-queries: yes
+	logfile: ""
+	cache-min-ttl: 60
+	cache-max-ttl: 960
+	harden-glue: yes
+forward-zone:
+	name: "."
+	forward-tls-upstream: yes
+	forward-addr: 1.1.1.1@853#cloudflare-dns.com

dns.yml

@@ -0,0 +1,33 @@
+version: '3.7'
+
+x-logging: &json-log
+  driver: 'json-file'
+  options:
+    max-size: 20m
+    max-file: '5'
+
+networks:
+  backend:
+    driver: overlay
+    attachable: true
+    driver_opts:
+      encrypted: "true"
+
+services:
+  unbound:
+    image: localhost:5000/unbound:latest
+    deploy:
+      mode: global
+      restart_policy:
+        condition: any
+      update_config:
+        parallelism: 2
+        delay: 5s
+        order: start-first
+        failure_action: rollback
+    logging: *json-log
+    ports:
+      - '5353:5353/tcp'
+      - '5353:5353/udp'
+    networks:
+      - backend