mirror of
https://github.com/dnscrypt/dnscrypt-server-docker
synced 2024-11-26 10:23:48 +01:00
Added /opt/unbound/etc/unbound/zones directory and a section in the README discussing how to customize Unbound
This commit is contained in:
parent
4ee775ee64
commit
fb203db38c
47
README.md
47
README.md
@ -61,6 +61,53 @@ edit the [dnscrypt.csv](https://github.com/jedisct1/dnscrypt-proxy/blob/master/d
|
||||
file to add your resolver's informations, and submit a pull request to have it
|
||||
included in the list of public DNSCrypt resolvers!
|
||||
|
||||
Customizing Unbound
|
||||
============
|
||||
|
||||
To add new configuration to Unbound, add files to the `/opt/unbound/etc/unbound/zones`
|
||||
directory. All files ending in `.conf` will be processed. In this manner, you
|
||||
can add any directives to the `server:` section of the Unbound configuration.
|
||||
|
||||
Serve custom DNS records on a local network
|
||||
------------------------------------------
|
||||
While Unbound is not a full authoritative name server, it supports resolving
|
||||
custom entries in a way that is serviceable on a small, private LAN. You can use
|
||||
unbound to resolve private hostnames such as `my-computer.example.com` within
|
||||
your LAN.
|
||||
|
||||
To support such custom entries using this image, first map a volume to the zones
|
||||
directory. Add this to your `docker run` line:
|
||||
|
||||
-v /myconfig/zones:/opt/unbound/etc/unbound/zones
|
||||
|
||||
The whole command to create and initialize a container would look something like
|
||||
this:
|
||||
|
||||
$ docker run --name=dnscrypt-server \
|
||||
-v /myconfig/zones:/opt/unbound/etc/unbound/zones \
|
||||
-p 443:443/udp -p 443:443/tcp --net=host \
|
||||
jedisct1/unbound-dnscrypt-server init -N example.com
|
||||
|
||||
Create a new `.conf` file:
|
||||
|
||||
$ touch /myconfig/zones/example.conf
|
||||
|
||||
Now, add one or more unbound directives to the file, such as:
|
||||
|
||||
local-zone: "example.com." static
|
||||
local-data: "my-computer.example.com. IN A 10.0.0.1"
|
||||
local-data: "other-computer.example.com. IN A 10.0.0.2"
|
||||
|
||||
Troubleshooting
|
||||
---------------
|
||||
|
||||
If Unbound doesn't like one of the newly added directives, it
|
||||
will probably not respond over the network. In that case, here are some commands
|
||||
to work out what is wrong:
|
||||
|
||||
$ docker logs dnscrypt
|
||||
$ docker exec dnscrypt /opt/unbound/sbin/unbound-checkconf
|
||||
|
||||
Details
|
||||
=======
|
||||
|
||||
|
@ -1,6 +1,7 @@
|
||||
#! /bin/sh
|
||||
|
||||
KEYS_DIR="/opt/dnscrypt-wrapper/etc/keys"
|
||||
ZONES_DIR="/opt/unbound/etc/unbound/zones"
|
||||
|
||||
reserved=12582912
|
||||
availableMemory=$((1024 * $( (fgrep MemAvailable /proc/meminfo || fgrep MemTotal /proc/meminfo) | sed 's/[^0-9]//g' ) ))
|
||||
@ -25,6 +26,7 @@ sed \
|
||||
-e "s/@PROVIDER_NAME@/${provider_name}/" \
|
||||
-e "s/@RR_CACHE_SIZE@/${rr_cache_size}/" \
|
||||
-e "s/@THREADS@/${threads}/" \
|
||||
-e "s/@ZONES_DIR@/${ZONES_DIR}" \
|
||||
> /opt/unbound/etc/unbound/unbound.conf << EOT
|
||||
server:
|
||||
verbosity: 1
|
||||
@ -77,7 +79,7 @@ server:
|
||||
local-zone: "test." static
|
||||
local-zone: "@PROVIDER_NAME@." refuse
|
||||
|
||||
include: "/opt/unbound/etc/unbound/zones/*.conf"
|
||||
include: "@ZONES_DIR@/*.conf"
|
||||
|
||||
remote-control:
|
||||
control-enable: yes
|
||||
@ -96,4 +98,6 @@ if [ ! -f /opt/unbound/etc/unbound/unbound_control.pem ]; then
|
||||
/opt/unbound/sbin/unbound-control-setup
|
||||
fi
|
||||
|
||||
mkdir -p /opt/unbound/etc/unbound/zones
|
||||
|
||||
exec /opt/unbound/sbin/unbound
|
||||
|
Loading…
Reference in New Issue
Block a user