{"id":13548207,"url":"https://github.com/crazy-max/docker-unbound","last_synced_at":"2025-04-10T02:28:52.192Z","repository":{"id":38385578,"uuid":"329429458","full_name":"crazy-max/docker-unbound","owner":"crazy-max","description":"Unbound Docker image","archived":false,"fork":false,"pushed_at":"2025-03-28T15:09:34.000Z","size":113,"stargazers_count":58,"open_issues_count":2,"forks_count":11,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-04-03T00:07:48.005Z","etag":null,"topics":["alpine-linux","dns-server","dnssec","docker","unbound"],"latest_commit_sha":null,"homepage":"","language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/crazy-max.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":".github/SUPPORT.md","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"crazy-max","custom":"https://www.paypal.me/crazyws"}},"created_at":"2021-01-13T20:55:57.000Z","updated_at":"2025-03-28T15:09:29.000Z","dependencies_parsed_at":"2024-10-03T12:15:20.595Z","dependency_job_id":"e338fe7d-540b-468f-b41c-9a4dd22e2431","html_url":"https://github.com/crazy-max/docker-unbound","commit_stats":{"total_commits":76,"total_committers":3,"mean_commits":"25.333333333333332","dds":"0.14473684210526316","last_synced_commit":"36434287d424be2af0aab742aaf83c1a3ed7b4f3"},"previous_names":[],"tags_count":14,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crazy-max%2Fdocker-unbound","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crazy-max%2Fdocker-unbound/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crazy-max%2Fdocker-unbound/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crazy-max%2Fdocker-unbound/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/crazy-max","download_url":"https://codeload.github.com/crazy-max/docker-unbound/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248143964,"owners_count":21054855,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["alpine-linux","dns-server","dnssec","docker","unbound"],"created_at":"2024-08-01T12:01:07.159Z","updated_at":"2025-04-10T02:28:52.157Z","avatar_url":"https://github.com/crazy-max.png","language":"Dockerfile","readme":"\u003cp align=\"center\"\u003e\u003ca href=\"https://github.com/crazy-max/docker-unbound\" target=\"_blank\"\u003e\u003cimg height=\"128\" src=\"https://raw.githubusercontent.com/crazy-max/docker-unbound/master/.github/docker-unbound.jpg\"\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://hub.docker.com/r/crazymax/unbound/tags?page=1\u0026ordering=last_updated\"\u003e\u003cimg src=\"https://img.shields.io/github/v/tag/crazy-max/docker-unbound?label=version\u0026style=flat-square\" alt=\"Latest Version\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/crazy-max/docker-unbound/actions?workflow=build\"\u003e\u003cimg src=\"https://img.shields.io/github/actions/workflow/status/crazy-max/docker-unbound/build.yml?branch=master\u0026label=build\u0026logo=github\u0026style=flat-square\" alt=\"Build Status\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://hub.docker.com/r/crazymax/unbound/\"\u003e\u003cimg src=\"https://img.shields.io/docker/stars/crazymax/unbound.svg?style=flat-square\u0026logo=docker\" alt=\"Docker Stars\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://hub.docker.com/r/crazymax/unbound/\"\u003e\u003cimg src=\"https://img.shields.io/docker/pulls/crazymax/unbound.svg?style=flat-square\u0026logo=docker\" alt=\"Docker Pulls\"\u003e\u003c/a\u003e\n  \u003cbr /\u003e\u003ca href=\"https://github.com/sponsors/crazy-max\"\u003e\u003cimg src=\"https://img.shields.io/badge/sponsor-crazy--max-181717.svg?logo=github\u0026style=flat-square\" alt=\"Become a sponsor\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://www.paypal.me/crazyws\"\u003e\u003cimg src=\"https://img.shields.io/badge/donate-paypal-00457c.svg?logo=paypal\u0026style=flat-square\" alt=\"Donate Paypal\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n## About\n\nDocker image for [Unbound](https://unbound.net/), a validating, recursive, and\ncaching DNS resolver.\n\n\u003e [!TIP] \n\u003e Want to be notified of new releases? Check out 🔔 [Diun (Docker Image Update Notifier)](https://github.com/crazy-max/diun)\n\u003e project!\n\n___\n\n* [Features](#features)\n* [Build locally](#build-locally)\n* [Image](#image)\n* [Ports](#ports)\n* [Usage](#usage)\n  * [Docker Compose](#docker-compose)\n  * [Command line](#command-line)\n* [Upgrade](#upgrade)\n* [Notes](#notes)\n  * [Configuration](#configuration)\n  * [Root trust store](#root-trust-store)\n  * [External backend DB as auxiliary cache](#external-backend-db-as-auxiliary-cache)\n* [Contributing](#contributing)\n* [License](#license)\n\n## Features\n\n* Run as non-root user\n* Latest [Unbound](https://nlnetlabs.nl/projects/unbound/download/) release compiled from source\n* Bind to [unprivileged port](#ports)\n* Multi-platform image\n\n## Build locally\n\n```shell\ngit clone https://github.com/crazy-max/docker-unbound.git\ncd docker-unbound\n\n# Build image and output to docker (default)\ndocker buildx bake\n\n# Build multi-platform image\ndocker buildx bake image-all\n```\n\n## Image\n\n| Registry                                                                                           | Image                       |\n|----------------------------------------------------------------------------------------------------|-----------------------------|\n| [Docker Hub](https://hub.docker.com/r/crazymax/unbound/)                                           | `crazymax/unbound`          |\n| [GitHub Container Registry](https://github.com/users/crazy-max/packages/container/package/unbound) | `ghcr.io/crazy-max/unbound` |\n\nFollowing platforms for this image are available:\n\n```\n$ docker buildx imagetools inspect crazymax/unbound --format \"{{json .Manifest}}\" | \\\n  jq -r '.manifests[] | select(.platform.os != null and .platform.os != \"unknown\") | .platform | \"\\(.os)/\\(.architecture)\\(if .variant then \"/\" + .variant else \"\" end)\"'\n\nlinux/amd64\nlinux/arm/v6\nlinux/arm/v7\nlinux/arm64\nlinux/ppc64le\nlinux/s390x\n```\n\n## Volumes\n\n* `/config`: Additional [configuration](#configuration) files\n\n## Ports\n\n* `5053/tcp 5053/udp`: DNS listening port\n\n## Usage\n\n### Docker Compose\n\nDocker compose is the recommended way to run this image. You can use the\nfollowing [docker compose template](examples/compose/compose.yml), then\nrun the container:\n\n```shell\ndocker compose up -d\ndocker compose logs -f\n```\n\n### Command line\n\nYou can also use the following minimal command:\n\n```shell\ndocker run -d -p 5053:5053 --name unbound crazymax/unbound\n```\n\n## Upgrade\n\nRecreate the container whenever I push an update:\n\n```shell\ndocker compose pull\ndocker compose up -d\n```\n\n## Notes\n\n### Configuration\n\nWhen Unbound is started the main configuration [/etc/unbound/unbound.conf](rootfs/etc/unbound/unbound.conf)\nis imported.\n\nIf you want to override settings from the main configuration you have to create\nconfig files (with `.conf` extension) in `/config` folder.\n\nFor example, you can set up [forwarding queries](https://nlnetlabs.nl/documentation/unbound/unbound.conf/#forward-host)\nto the appropriate public DNS server for queries that cannot be answered by\nthis server using a new configuration named `/config/forward-records.conf`:\n\n```text\nforward-zone:\n  name: \".\"\n  forward-tls-upstream: yes\n\n  # cloudflare-dns.com\n  forward-addr: 1.1.1.1@853\n  forward-addr: 1.0.0.1@853\n  #forward-addr: 2606:4700:4700::1111@853\n  #forward-addr: 2606:4700:4700::1001@853\n```\n\nA complete documentation about Ubound configuration can be found on\nNLnet Labs website: https://nlnetlabs.nl/documentation/unbound/unbound.conf/\n\n\u003e [!WARNING]\n\u003e Container has to be restarted to propagate changes\n\n### Root trust store\n\nThis image already embeds a root trust anchor to perform DNSSEC validation.\n\nIf you want to generate a new key, you can use [`unbound-anchor`](https://nlnetlabs.nl/documentation/unbound/unbound-anchor/)\nwhich is available in this image:\n\n```shell\ndocker run -t --rm --entrypoint \"\" -v \"$(pwd):/trust-anchor\" crazymax/unbound:latest \\\n  unbound-anchor -v -a \"/trust-anchor/root.key\"\n```\n\nIf you want to use your own root trust anchor, you can create a new config file\ncalled for example `/config/00-trust-anchor.conf`:\n\n```text\n  auto-trust-anchor-file: \"/root.key\"\n```\n\n\u003e [!NOTE] \n\u003e See [documentation](https://nlnetlabs.nl/documentation/unbound/unbound.conf/#auto-trust-anchor-file)\n\u003e for more info about `auto-trust-anchor-file` setting.\n\nAnd bind mount the key:\n\n```yaml\nservices:\n  unbound:\n    image: crazymax/unbound\n    container_name: unbound\n    ports:\n      - target: 5053\n        published: 5053\n        protocol: tcp\n      - target: 5053\n        published: 5053\n        protocol: udp\n    volumes:\n      - \"./config:/config\"\n      - \"./root.key:/root.key\"\n    restart: always\n```\n\n### External backend DB as auxiliary cache\n\nThe cache DB module is already configured in the [module-config](rootfs/etc/unbound/unbound.conf)\ndirective and compiled into the daemon.\n\nYou just need to create a new Redis service with [persistent storage](https://github.com/docker-library/docs/tree/master/redis#start-with-persistent-storage)\nenabled in your compose file along the Unbound one.\n\n```yaml\nservices:\n  redis:\n    image: redis:6-alpine\n    container_name: unbound-redis\n    command: redis-server --save 60 1\n    volumes:\n      - \"./redis:/data\"\n    restart: always\n\n  unbound:\n    image: crazymax/unbound\n    container_name: unbound\n    depends_on:\n      - redis\n    ports:\n      - target: 5053\n        published: 5053\n        protocol: tcp\n      - target: 5053\n        published: 5053\n        protocol: udp\n    volumes:\n      - \"./config:/config:ro\"\n    restart: always\n```\n\nAnd declare the backend configuration to use this Redis instance in `/config`\nlike `/config/cachedb.conf`:\n\n```text\ncachedb:\n  backend: \"redis\"\n  secret-seed: \"default\"\n  redis-server-host: redis\n  redis-server-port: 6379\n```\n\n## Contributing\n\nWant to contribute? Awesome! The most basic way to show your support is to star\nthe project, or to raise issues. You can also support this project by [**becoming a sponsor on GitHub**](https://github.com/sponsors/crazy-max)\nor by making a [PayPal donation](https://www.paypal.me/crazyws) to ensure this\njourney continues indefinitely!\n\nThanks again for your support, it is much appreciated! :pray:\n\n## License\n\nMIT. See `LICENSE` for more details.\n","funding_links":["https://github.com/sponsors/crazy-max","https://www.paypal.me/crazyws"],"categories":["Dockerfile"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcrazy-max%2Fdocker-unbound","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcrazy-max%2Fdocker-unbound","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcrazy-max%2Fdocker-unbound/lists"}