Closed jrgiacone closed 1 year ago
Yes. If you're mounting a volume, you have to provide configuration files. Those files will
If your customized configuration is located at /home/user/unbound and that's what you're mounting as your volume path, you'll need the following file at minimum: -- unbound.conf
This explains it further: https://github.com/MatthewVance/unbound-docker-rpi#use-a-fully-customize-unbound-configuration
If you don't mount a volume, the default configs get put in /opt/unbound/etc/unbound/
.
Mathew, appreciate it, my issue runs when i try to link the root.hints file which is also located within my home/user/unbound folder, the container constantly restarts.
I can see that my file system in the container shows:
root@98968548a32b:/opt/unbound/etcroot@98968548a32b:/opt/unbound/etc/unbound# ls
dev root.hints unbound-working.conf unbound.conf unbound.pid var/unbound# ls
However, when uncomment the line for /opt/unbound/etc/unbound/root.hints the container continually restarts
Can you show the relevant parts of your unbound.sh and also the docker-compose or docker run command?
sure thing here is my unbound.conf
server:
# If no logfile is specified, syslog is used
# logfile: "/var/log/unbound/unbound.log"
verbosity: 0
access-control: 172.16.0.0/12 allow
access-control: 127.0.0.0/8 allow
access-control: 10.0.0.0/8 allow
access-control: 192.168.0.0/16 allow
interface: 0.0.0.0
#port: 5335
do-ip4: yes
do-udp: yes
do-tcp: yes
# May be set to yes if you have IPv6 connectivity
do-ip6: no
# You want to leave this to no unless you have *native* IPv6. With 6to4 and
# Terredo tunnels your web browser should favor IPv4 for the same reasons
prefer-ip6: no
# Use this only when you downloaded the list of primary root servers!
# If you use the default dns-root-data package, unbound will find it automatically
# I have to quote out this root-hints, as it causing container endless restarting for a new installation. You can add root-hints back after first run.
#root-hints: “/opt/unbound/etc/unbound/root.hints”
# Trust glue only if it is within the server's authority
harden-glue: yes
# Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
harden-dnssec-stripped: yes
# Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes
# see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
use-caps-for-id: no
# Reduce EDNS reassembly buffer size.
# Suggested by the unbound man page to reduce fragmentation reassembly problems
edns-buffer-size: 1232
# Perform prefetching of close to expired message cache entries
# This only applies to domains that have been frequently queried
prefetch: yes
# One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.
num-threads: 1
# Ensure kernel buffer is large enough to not lose messages in traffic spikes
so-rcvbuf: 1m
# Ensure privacy of local IP ranges
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
private-address: 172.16.0.0/12
private-address: 10.0.0.0/8
private-address: fd00::/8
private-address: fe80::/10
here is my docker-compose:
unbound:
container_name: unbound
image: mvance/unbound-rpi:latest
restart: unless-stopped
volumes:
- /home/[user removed]/unbound:/opt/unbound/etc/unbound/
ports:
- "5053:53/tcp"
- "5053:53/udp"
and I do not have an unbound.sh located in the /opt/unbound/etc/unbound#
it is when I uncomment the root-hints line that the container continually restarts
Looks like curly quotes. Replace ” with ".
Matthew you are a mad man! Thank you, I honestly have no idea how the curly got in there, but it is working now! I was also originally missing the / after unbound in my docker-compose.
Regarding the necessity of the root.hints file, is it necessary? I read on the documentation for unbound via pihole that we would need the file if we were compiling vs from a apt package?
You’re welcome. I may or may not have had something similar happen.
When looking at your config and settings, I was confused at first because everything looked right until I spotted those quotes. Blame your text editor. Some like to convert quotes for you.
On Mar 14, 2022, at 7:51 PM, jrgiacone @.***> wrote:
Matthew you are a mad man! Thank you, I honestly have no idea how the curly got in there, but it is working now! I was also originally missing the / after unbound in my docker-compose
— Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android. You are receiving this because you commented.
also I don't know how important it is but the dnssec check wouldnt work with out var/root.key
Interesting. Could you share how you checked that? I thought that file got auto-created if it doesn't exist per https://www.nlnetlabs.nl/documentation/unbound/unbound-anchor/, but now you have me wondering if it gets created in a default spot or with the wrong permissions causing this not to work.
Closing due to no recent reply. Please reopen if needed.
When building from a custom volume or default with docker-compose (no volume specified) there seems to be no file mounted in the /opt folder. Am I looking in the wrong spot, I only see pivpn in my case. Unbound is running but no config file can be located.
When created with a custom volume path such as /home/user/unbound:/opt/unbound/etc/unbound/ It also runs, but again nothing shows up in the opt/ folder, is this something I need to create?