Add unbound

Signed-off-by: Christian Richter <crichter@owncloud.com>

.drone.star

@@ -57,22 +57,16 @@ def notify(ctx):
                         "docker-build-motsognir-arm64", 
                         "docker-build-webtest-amd64",
                         "docker-build-webtest-arm64",                  
-                        "docker-build-unbound-amd64",
-                        "docker-build-unbound-arm64",                  
 
                         "docker-publish-motsognir-amd64", 
                         "docker-publish-motsognir-arm64", 
                         "docker-publish-webtest-amd64",
                         "docker-publish-webtest-arm64",                  
-                        "docker-publish-unbound-amd64",
-                        "docker-publish-unbound-arm64",                  
 
                         "docker-publish-weekly-motsognir-amd64", 
                         "docker-publish-weekly-motsognir-arm64", 
                         "docker-publish-weekly-webtest-amd64",
                         "docker-publish-weekly-webtest-arm64",                  
-                        "docker-publish-weekly-unbound-amd64",
-                        "docker-publish-weekly-unbound-arm64",                  
                       ],
         "trigger": {
             "ref": [

unbound/Dockerfile

@@ -1,8 +1,5 @@
 FROM debian:latest
 LABEL maintainer="dragonchaser <autobuilds@datenschmutz.space>"
-EXPOSE 5335/udp
 RUN apt-get update \
-  && apt-get -y install unbound netcat-traditional
-COPY unbound/config.conf /etc/unbound/unbound.conf.d/
-COPY unbound/entrypoint.sh /
-ENTRYPOINT /entrypoint.sh
+  && apt-get -y install unbound netcat
+CMD ["unbound-checkconf", "&&", "unbound -d"]

unbound/README.md

@@ -22,8 +22,5 @@ $> docker run \
     -v /path/to/you/local/unboundfolder/conf:/etc/unbound \
     -v /path/to/you/local/unboundfolder/lib:/var/lib/unbound \
     dragonchaser/unbound:latest-arm64 
-``**
+```
 
-***Note:***
-
-The container will expose the dns port on 5335.

unbound/config.conf

@@ -1,48 +0,0 @@
-server:
-  access-control: 0.0.0.0/0 allow
-  interface: 0.0.0.0
-  port: 5335
-  do-ip6: no
-  do-ip4: yes
-  do-udp: yes
-  do-tcp: yes
-  # Set number of threads to use
-  num-threads: 8
-  # Hide DNS Server info
-  hide-identity: yes
-  hide-version: yes
-  # Limit DNS Fraud and use DNSSEC
-  harden-glue: yes
-  harden-dnssec-stripped: yes
-  harden-referral-path: yes
-  use-caps-for-id: yes
-  harden-algo-downgrade: yes
-  qname-minimisation: yes
-  aggressive-nsec: yes
-  rrset-roundrobin: yes
-  # Minimum lifetime of cache entries in seconds
-  cache-min-ttl: 300
-  # Configure TTL of Cache
-  cache-max-ttl: 14400
-  # Optimizations
-  msg-cache-slabs: 8
-  rrset-cache-slabs: 8
-  infra-cache-slabs: 8
-  key-cache-slabs: 8
-  serve-expired: yes
-  serve-expired-ttl: 3600
-  edns-buffer-size: 1232
-  prefetch: yes
-  prefetch-key: yes
-  unwanted-reply-threshold: 10000000
-  # Set cache size
-  rrset-cache-size: 256m
-  msg-cache-size: 128m
-  # increase buffer size so that no messages are lost in traffic spikes
-  #so-rcvbuf: 1m
-  private-address: 192.168.0.0/16
-  private-address: 169.254.0.0/16
-  private-address: 172.16.0.0/12
-  private-address: 10.0.0.0/8
-  private-address: fd00::/8
-  private-address: fe80::/10

unbound/entrypoint.sh

@@ -1,3 +0,0 @@
-#!/bin/bash
-unbound-checkconf
-unbound -d