From d3e5f962fedcacf845616c2d454d78a0a448b94a Mon Sep 17 00:00:00 2001
From: caskd <caskd@420blaze.it>
Date: Mon, 9 Mar 2020 17:56:58 +0100
Subject: [PATCH] Add host port exposure for IP passthrough instead of overlay
 IP

---
 build/unbound.conf |  4 ++++
 dns.yml            | 16 ++++++++++++++--
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/build/unbound.conf b/build/unbound.conf
index 5132d9b..3c2eb3d 100644
--- a/build/unbound.conf
+++ b/build/unbound.conf
@@ -18,6 +18,10 @@ server:
 	cache-min-ttl: 60
 	cache-max-ttl: 960
 	harden-glue: yes
+remote-control:
+	control-enable: yes
+	control-use-cert: no
+	control-interface: 0.0.0.0
 forward-zone:
 	name: "."
 	forward-tls-upstream: yes
diff --git a/dns.yml b/dns.yml
index acf1821..684b2a7 100644
--- a/dns.yml
+++ b/dns.yml
@@ -7,6 +7,10 @@ x-logging: &json-log
     max-file: '5'
 
 networks:
+  tig_monitoring:
+    external: true
+  #host:
+  #  external: true
   backend:
     driver: overlay
     attachable: true
@@ -29,7 +33,15 @@ services:
     volumes:
       - "/etc/hosts:/etc/hosts:ro"
     ports:
-      - "53:5353/tcp"
-      - "53:5353/udp" # Potentially vulnerable without any ratelimits, see https://www.us-cert.gov/ncas/alerts/TA14-017A
+      - target: 5353
+        published: 53
+        protocol: tcp
+        mode: host
+      - target: 5353
+        published: 53
+        protocol: udp # Potentially vulnerable without any ratelimits, see https://www.us-cert.gov/ncas/alerts/TA14-017A
+        mode: host
     networks:
+        #- host
       - backend
+      - tig_monitoring