This is a unbound OCI image built using https://github.com/NLnetLabs/unbound.
This image has a fully setup unbound server that is configured for Recursive Resolution (It does not use any other DNS provider just the dns roots). It also blocks Ad and malware domains. Unbound will run unprivileged in the container and listen port 5353 for UDP and TCP.
Base image is alpine:latest.
The image can be pulled from the following repositories:
Source code and pipeline can be found here
The image is signed using cosign from sigstore.
You can verify the signature with:
cosign verify --key cosign.pub chimbosonic/unbound:latestdocker run -it --rm -p 53:5353/tcp -p 53:5353/udp --name unbound chimbosonic/unbound:latestPlease read docker-compose.yml before running the following
docker-compose up -dThis will build the container.
make buildThe default config inside this container has been made to suit my needs:
- 4 threads
- IPv6 and IPv4 enabled both listenning and for queries
- Blacklists advertising domains and malware domains
- Any IP can make a query !! (This might not be secure in your environment. I use a firewall to block unwanted access)
You can overwite these by mounting /var/unbound/etc and putting in your configs inside the mounted volume. Or changing the config and building the image yourself using make build