Closed loeffelpan closed 1 year ago
This code explains why this is expected behavior: https://github.com/MatthewVance/unbound-docker-rpi/blob/9297c82d943eea9c311ab6b9695819b338e8572f/1.17.0/Dockerfile#L133
To check that the container can resolve an address, it has to look up a domain name, not IP addresses.
It's far from a perfect health check (see https://github.com/MatthewVance/unbound-docker/issues/112). By default, it is setup for the Unbound container to query localhost for cloudflare.com (not cloudflared.com). It will either resolve those or forward to another DNS server. With the default config, it forwards those:
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
https://github.com/MatthewVance/unbound-docker-rpi/issues/14 is expected behavior. Forward settings do not change the Docker health check command that tells the container to run drill @127.0.0.1 cloudflare.com.
You can override this by using: https://docs.docker.com/engine/reference/run/#healthcheck
You can re-build the image to use settings you prefer: https://docs.docker.com/engine/reference/builder/#healthcheck
Setting via Docker compose is also an option: https://docs.docker.com/compose/compose-file/compose-file-v3/#healthcheck
Thanks for explaination. I will disable your healhcheck via compose file.
Describe the bug Unbound queries
cloudflare.com
every 30 seconds via pihole (seen in piholes query logs). Pihole is configured as system-wide dns.To Reproduce Steps to reproduce the behavior:
Customizations (config files):
Expected behavior No constant queries to cloudflare.com.
Additional context Please review also #1 and #14 . In #1 there is Cloudflare configured as forward-dns, but healthcheck should check 1.1.1.1 and 1.0.0.1 and not cloudflared.com. In #14 there's only quad9 configured as forward-dns and also cloudflare.com querys are seen.