1
1
mirror of https://github.com/dnscrypt/dnscrypt-server-docker synced 2024-11-26 06:13:49 +01:00

Added /opt/unbound/etc/unbound/zones directory and a section in the README discussing how to customize Unbound

This commit is contained in:
Matthew Sojourner Newton 2016-08-24 15:42:13 -07:00
parent 4ee775ee64
commit fb203db38c
2 changed files with 52 additions and 1 deletions

@ -61,6 +61,53 @@ edit the [dnscrypt.csv](https://github.com/jedisct1/dnscrypt-proxy/blob/master/d
file to add your resolver's informations, and submit a pull request to have it
included in the list of public DNSCrypt resolvers!
Customizing Unbound
============
To add new configuration to Unbound, add files to the `/opt/unbound/etc/unbound/zones`
directory. All files ending in `.conf` will be processed. In this manner, you
can add any directives to the `server:` section of the Unbound configuration.
Serve custom DNS records on a local network
------------------------------------------
While Unbound is not a full authoritative name server, it supports resolving
custom entries in a way that is serviceable on a small, private LAN. You can use
unbound to resolve private hostnames such as `my-computer.example.com` within
your LAN.
To support such custom entries using this image, first map a volume to the zones
directory. Add this to your `docker run` line:
-v /myconfig/zones:/opt/unbound/etc/unbound/zones
The whole command to create and initialize a container would look something like
this:
$ docker run --name=dnscrypt-server \
-v /myconfig/zones:/opt/unbound/etc/unbound/zones \
-p 443:443/udp -p 443:443/tcp --net=host \
jedisct1/unbound-dnscrypt-server init -N example.com
Create a new `.conf` file:
$ touch /myconfig/zones/example.conf
Now, add one or more unbound directives to the file, such as:
local-zone: "example.com." static
local-data: "my-computer.example.com. IN A 10.0.0.1"
local-data: "other-computer.example.com. IN A 10.0.0.2"
Troubleshooting
---------------
If Unbound doesn't like one of the newly added directives, it
will probably not respond over the network. In that case, here are some commands
to work out what is wrong:
$ docker logs dnscrypt
$ docker exec dnscrypt /opt/unbound/sbin/unbound-checkconf
Details
=======

@ -1,6 +1,7 @@
#! /bin/sh
KEYS_DIR="/opt/dnscrypt-wrapper/etc/keys"
ZONES_DIR="/opt/unbound/etc/unbound/zones"
reserved=12582912
availableMemory=$((1024 * $( (fgrep MemAvailable /proc/meminfo || fgrep MemTotal /proc/meminfo) | sed 's/[^0-9]//g' ) ))
@ -25,6 +26,7 @@ sed \
-e "s/@PROVIDER_NAME@/${provider_name}/" \
-e "s/@RR_CACHE_SIZE@/${rr_cache_size}/" \
-e "s/@THREADS@/${threads}/" \
-e "s/@ZONES_DIR@/${ZONES_DIR}" \
> /opt/unbound/etc/unbound/unbound.conf << EOT
server:
verbosity: 1
@ -77,7 +79,7 @@ server:
local-zone: "test." static
local-zone: "@PROVIDER_NAME@." refuse
include: "/opt/unbound/etc/unbound/zones/*.conf"
include: "@ZONES_DIR@/*.conf"
remote-control:
control-enable: yes
@ -96,4 +98,6 @@ if [ ! -f /opt/unbound/etc/unbound/unbound_control.pem ]; then
/opt/unbound/sbin/unbound-control-setup
fi
mkdir -p /opt/unbound/etc/unbound/zones
exec /opt/unbound/sbin/unbound