From 9117c499efe0e53ce5f237124afff01d4a8bef97 Mon Sep 17 00:00:00 2001 From: andryyy Date: Sun, 18 Jun 2017 20:57:26 +0200 Subject: [PATCH] Do not break DNS replies.... --- data/Dockerfiles/unbound/Dockerfile | 2 -- data/Dockerfiles/unbound/unbound.conf | 27 --------------------------- data/conf/unbound/unbound.conf | 26 ++++++++++++++++++++++++++ 3 files changed, 26 insertions(+), 29 deletions(-) delete mode 100644 data/Dockerfiles/unbound/unbound.conf create mode 100644 data/conf/unbound/unbound.conf diff --git a/data/Dockerfiles/unbound/Dockerfile b/data/Dockerfiles/unbound/Dockerfile index 3a9d11af..72e86bc0 100644 --- a/data/Dockerfiles/unbound/Dockerfile +++ b/data/Dockerfiles/unbound/Dockerfile @@ -12,8 +12,6 @@ RUN apk add --update --no-cache \ && chown root:unbound /etc/unbound \ && chmod 775 /etc/unbound -COPY unbound.conf /etc/unbound/unbound.conf - EXPOSE 53/udp 53/tcp COPY docker-entrypoint.sh /docker-entrypoint.sh diff --git a/data/Dockerfiles/unbound/unbound.conf b/data/Dockerfiles/unbound/unbound.conf deleted file mode 100644 index 42202bc5..00000000 --- a/data/Dockerfiles/unbound/unbound.conf +++ /dev/null @@ -1,27 +0,0 @@ -server: - verbosity: 1 - interface: 0.0.0.0 - interface: ::0 - logfile: /dev/stdout - do-ip4: yes - do-ip6: yes - do-udp: yes - do-tcp: yes - do-daemonize: no - access-control: 172.22.1.0/24 allow - access-control: fd4d:6169:6c63:6f77::/64 allow - directory: "/etc/unbound" - username: unbound - auto-trust-anchor-file: trusted-key.key - private-address: 10.0.0.0/8 - private-address: 172.16.0.0/12 - private-address: 192.168.0.0/16 - private-address: 169.254.0.0/16 - private-address: fd00::/8 - private-address: fe80::/10 - root-hints: "/etc/unbound/root.hints" - hide-identity: yes - hide-version: yes - qname-minimisation: yes - minimal-responses: yes - num-threads: 3 diff --git a/data/conf/unbound/unbound.conf b/data/conf/unbound/unbound.conf new file mode 100644 index 00000000..6babf4d0 --- /dev/null +++ b/data/conf/unbound/unbound.conf @@ -0,0 +1,26 @@ +server: + verbosity: 5 + interface: 0.0.0.0 + interface: ::0 + logfile: /dev/stdout + do-ip4: yes + do-ip6: yes + do-udp: yes + do-tcp: yes + do-daemonize: no + access-control: 172.22.1.0/24 allow + access-control: fd4d:6169:6c63:6f77::/64 allow + directory: "/etc/unbound" + username: unbound + auto-trust-anchor-file: trusted-key.key + private-address: 10.0.0.0/8 + private-address: 172.16.0.0/12 + private-address: 192.168.0.0/16 + private-address: 169.254.0.0/16 + private-address: fd00::/8 + private-address: fe80::/10 + root-hints: "/etc/unbound/root.hints" + hide-identity: yes + hide-version: yes + max-udp-size: 4096 + msg-buffer-size: 65552