Suggestions

[chriexpe]

First of all, thank you for this, it worked flawlessly on my RPI4 and from the get go it was already using Unbound, and most importantly without needing to fuzz with docker-compose and .env files, but there is a few things missing here and there to make it comparable to cbcrowe's version. Inclusion of pi-hole.conf files + unbound.conf.d folder, just like how it's on cbcrowe/pihole-unbound, and not only that but maybe add some extra settings to it like these ones that I got from here:

server:
      # These options should be added to the existing server configuration,
      # overwriting existing values if they're there.

      # This refreshes expiring cache entries if they have been accessed with
      # less than 10% of their TTL remaining
      prefetch: yes

      # This attempts to reduce latency by serving the outdated record before
      # updating it instead of the other way around. Alternative is to increase
      # cache-min-ttl to e.g. 3600.
      cache-min-ttl: 0
      serve-expired: yes
      # I had best success leaving this next entry unset.
      # serve-expired-ttl: 3600 # 0 or not set means unlimited (I think)

      # Use about 2x more for rrset cache, total memory use is about 2-2.5x
      # total cache size. Current setting is way overkill for a small network.
      # Judging from my used cache size you can get away with 8/16 and still
      # have lots of room, but I've got the ram and I'm not using it on anything else.
      # Default is 4m/4m
      msg-cache-size: 128m
      rrset-cache-size: 256m

There is also an recommendation at Pi-hole documentation to use root.hints if the package dns-root-data isn't installed/configured, I don't remember if there is one in your container, if not it might be interesting to run a cron each X weeks of wget https://www.internic.net/domain/named.root -qO- | sudo tee /var/lib/unbound/root.hints.

Disable Pihole's DNSSEC at /etc/dnsmasq.d/01-pihole.conf > cache-size=0

And also most importantly, turn on by default Unbound's recursive DNS by commenting '#' in front of foward-records.conf variable at unbound.conf: #include: /opt/unbound/etc/unbound/forward-records.conf Of course only if you keep the original file and doesn't just use it to point to pi-hole.conf as cbcrowe version. Maybe it's necessary to at least leave these locations as Read-only too, cuz after every reboot or update they probably change back to default (at least this happened with me when using cbcrowe/pihole-unbound).

[rlabinc]

@chriexpe Hi thanks for your suggestions. We're currently busy at the moment so there is NO ETA for this one. Feel free to submit a PR, if everything is okay then we'll happily merge!

[origamiofficial]

@chriexpe Thanks for your valuable suggestions!

Inclusion of pi-hole.conf files + unbound.conf.d folder, just like how it's on cbcrowe/pihole-unbound, and not only that but maybe add some extra settings to it like these ones that I got from here:

If you want to use a custom Unbound config, then mount a directory in a Docker container using the Docker CLI, you can use the -v or --volume flag. This flag allows you to specify a volume or a bind mount, which effectively connects a directory on your host machine to a directory inside the Docker container.

The basic syntax for mounting a directory using the Docker CLI is as follows:

docker run -v /path/on/host:/path/in/container IMAGE_NAME

There is also an recommendation at Pi-hole documentation to use root.hints if the package dns-root-data isn't installed/configured, I don't remember if there is one in your container, if not it might be interesting to run a cron each X weeks of wget https://www.internic.net/domain/named.root -qO- | sudo tee /var/lib/unbound/root.hints.

Yes, the container has already been installed dns-root-data as it is a dependency of Unbound. After pushing the 96941cf04cc4f43d517e8a25554b125485bc6134, the root.hints will be updated automatically when running the container. There is no need to use corn as it updates infrequently.

Disable Pihole's DNSSEC at /etc/dnsmasq.d/01-pihole.conf > cache-size=0

As you can see here, by default Pi-hole's DNSSEC is disabled.

And also most importantly, turn on by default Unbound's recursive DNS by commenting '#' in front of foward-records.conf variable at unbound.conf: #include: /opt/unbound/etc/unbound/forward-records.conf

Disabled after pushing dc65e1a838244dd740988142d34a30524edf1afb

Please note that you'll see the changes after updating the image.

[chriexpe]

@chriexpe Thanks for your valuable suggestions!

Inclusion of pi-hole.conf files + unbound.conf.d folder, just like how it's on cbcrowe/pihole-unbound, and not only that but maybe add some extra settings to it like these ones that I got from here:

If you want to use a custom Unbound config, then mount a directory in a Docker container using the Docker CLI, you can use the -v or --volume flag. This flag allows you to specify a volume or a bind mount, which effectively connects a directory on your host machine to a directory inside the Docker container.

The basic syntax for mounting a directory using the Docker CLI is as follows:

docker run -v /path/on/host:/path/in/container IMAGE_NAME

There is also an recommendation at Pi-hole documentation to use root.hints if the package dns-root-data isn't installed/configured, I don't remember if there is one in your container, if not it might be interesting to run a cron each X weeks of wget https://www.internic.net/domain/named.root -qO- | sudo tee /var/lib/unbound/root.hints.

Yes, the container has already been installed dns-root-data as it is a dependency of Unbound. After pushing the 96941cf, the root.hints will be updated automatically when running the container. There is no need to use corn as it updates infrequently.

Disable Pihole's DNSSEC at /etc/dnsmasq.d/01-pihole.conf > cache-size=0

As you can see here, by default Pi-hole's DNSSEC is disabled.

And also most importantly, turn on by default Unbound's recursive DNS by commenting '#' in front of foward-records.conf variable at unbound.conf: #include: /opt/unbound/etc/unbound/forward-records.conf

Disabled after pushing dc65e1a

Please note that you'll see the changes after updating the image.

Sorry for the late reply, after that suggestion I went to use cbcrowe's image, but yesterday I changed the OS on my RPI and decided to give a try on your image and dang, it's been working flawlessly with everything that I suggested! Thank you!