Create version as a recursive resolver

[churchofnoise]

Hi Matthew,

I was wondering if you'd consider buidling a docker image of your rpi version of Unbound that acts as a recursive resolver instead of as a forwarding resolver?

Thanks for considering!

[MatthewVance]

I don’t have any plans to do that. The current version will work in that manner because it supports loading custom configs.

On Mar 14, 2022, at 3:09 PM, churchofnoise @.***> wrote:

 Hi Matthew,

I was wondering if you'd consider buidling a docker image of your rpi version of Unbound that acts as a recursive resolver instead of as a forwarding resolver?

Thanks for considering!

— Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android. You are receiving this because you are subscribed to this thread.

[jrgiacone]

I have trouble when I specify a custom volume directory such as /home/user/unbound:/opt/unbound/etc/unbound/ This works great when I comment out the roots-hint line, however, if I try to specify the location of the file as "/home/user/unbound/root.hints". It does not work and continues to restart, or if I put it as "root.hints" it also fails and the container keeps restarting. I'mt not sure if it is an issue, but when I check the opt/ directory, nothing from docker is mounted there? If i comment out the root hints line is it still acting in recursive mode my worry is it will get out of date? Or is the container reading the file automatically with the line commented out as long as root.hints is located in the same folder as the config?

[MatthewVance]

Unless you have a specific reason to provide root.hints, I'd skip that part. By default a list of builtin root hints is used by Unbound. Providing your own file is supported for Unbound in the event you need to provide a more up-to-date list. If the package stays updated, that shouldn't be necessary. https://wiki.archlinux.org/index.php/unbound#Root_hints https://nlnetlabs.nl/documentation/unbound/unbound-anchor/

If you do need to provide it, you'll need to make sure it's in the right format and gets mounted to the right location with the correct permissions.

An alternative to providing a full config if you want to keep some of the defaults: https://github.com/MatthewVance/unbound-docker-rpi#append-customizations-to-the-provided-unbound-configuration. However, you'll need to uncomment this line and re-build.

[MatthewVance]

@jrgiacone let's keep the roots.hint discussion in https://github.com/MatthewVance/unbound-docker-rpi/issues/28.

[Gatsby-Lee]

well. based on what I read, the root.hints are changed, but not very often. if the unbound is installed by pkg manager, then the pkg manager might update the list in root.hints when pkg update unbound. In our case ( unbound-docker-rpi ), the default root.hints will be out-dated since the image has the root.hints at the moment when the image was built.

Logically speaking, ( and it is how I am going to do it ) the unbound.sh script ( with the current structure ) should have a logic to pull the root.hints from the source and set into the container. And, the container should be restarted every 6mo. Only concern ( or optimization ) I'd like to do is reloading unbound in the container without messing up the cached DNS to prevent performance degradation from flushing cache.

Since the current unbound.sh is more focusing on forwarding DNS, I am going to build my own unbound.sh and mount it to container, so I can change the behavior during the initializing the container.

[Gatsby-Lee]

I setup the Unbound as DNS Resolver ( Iterative DNS ). https://medium.com/p/6048d5072276