{"id":31558495,"url":"https://github.com/nfrastack/container-unbound","last_synced_at":"2025-10-05T00:51:45.182Z","repository":{"id":88408100,"uuid":"102299757","full_name":"nfrastack/container-unbound","owner":"nfrastack","description":"Containerized recursive and caching DNS resolver","archived":false,"fork":false,"pushed_at":"2025-10-02T16:32:52.000Z","size":86,"stargazers_count":14,"open_issues_count":0,"forks_count":2,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-10-02T18:29:05.106Z","etag":null,"topics":["alpine","caching","container","dns","docker","ns","resolver","unbound"],"latest_commit_sha":null,"homepage":"","language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nfrastack.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["tiredofit"]}},"created_at":"2017-09-03T23:08:34.000Z","updated_at":"2025-10-02T16:32:57.000Z","dependencies_parsed_at":null,"dependency_job_id":"44982477-802d-4546-90ae-8434ecdd23d1","html_url":"https://github.com/nfrastack/container-unbound","commit_stats":null,"previous_names":[],"tags_count":41,"template":false,"template_full_name":null,"purl":"pkg:github/nfrastack/container-unbound","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nfrastack%2Fcontainer-unbound","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nfrastack%2Fcontainer-unbound/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nfrastack%2Fcontainer-unbound/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nfrastack%2Fcontainer-unbound/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nfrastack","download_url":"https://codeload.github.com/nfrastack/container-unbound/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nfrastack%2Fcontainer-unbound/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278395914,"owners_count":25979691,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-04T02:00:05.491Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["alpine","caching","container","dns","docker","ns","resolver","unbound"],"created_at":"2025-10-05T00:51:43.496Z","updated_at":"2025-10-05T00:51:45.171Z","avatar_url":"https://github.com/nfrastack.png","language":"Dockerfile","funding_links":["https://github.com/sponsors/tiredofit"],"categories":[],"sub_categories":[],"readme":"# nfrastack/container-unbound\n\n## About\n\nThis repository will build a container for [Unbound](https://www.unbound.net). A validating, recursive, caching DNS Resolver.\n\n* Auto Configuration Support\n\n## Maintainer\n\n- [Nfrastack](https://www.nfrastack.com)\n\n## Table of Contents\n\n- [About](#about)\n- [Maintainer](#maintainer)\n- [Table of Contents](#table-of-contents)\n- [Installation](#installation)\n - [Prebuilt Images](#prebuilt-images)\n - [Quick Start](#quick-start)\n - [Persistent Storage](#persistent-storage)\n- [Configuration](#configuration)\n - [Environment Variables](#environment-variables)\n - [Base Images used](#base-images-used)\n - [Core Configuration](#core-configuration)\n - [Virus Definitions Configuration](#virus-definitions-configuration)\n - [Virus Scanning Settings](#virus-scanning-settings)\n - [Scanning Limits](#scanning-limits)\n - [Alerting Settings](#alerting-settings)\n - [Users and Groups](#users-and-groups)\n - [Networking](#networking)\n- [Maintenance](#maintenance)\n - [Shell Access](#shell-access)\n- [Support \u0026 Maintenance](#support--maintenance)\n- [License](#license)\n\n## Installation\n\n### Prebuilt Images\nFeature limited builds of the image are available on the [Github Container Registry](https://github.com/nfrastack/container-unbound/pkgs/container/container-unbound) and [Docker Hub](https://hub.docker.com/r/nfrastack/unbound).\n\nTo unlock advanced features, one must provide a code to be able to change specific environment variables from defaults. Support the development to gain access to a code.\n\nTo get access to the image use your container orchestrator to pull from the following locations:\n\n```\nghcr.io/nfrastack/container-unbound:(image_tag)\ndocker.io/nfrastack/unbound:(image_tag)\n```\n\nImage tag syntax is:\n\n`\u003cimage\u003e:\u003coptional tag\u003e-\u003coptional_distribution\u003e_\u003coptional_distribution_variant\u003e`\n\nExample:\n\n`ghcr.io/nfrastack/container-unbound:latest` or\n\n`ghcr.io/nfrastack/container-unbound:1.0` or\n\n`ghcr.io/nfrastack/container-unbound:1.0-alpine` or\n\n`ghcr.io/nfrastack/container-unbound:alpine`\n\n* `latest` will be the most recent commit\n* An otpional `tag` may exist that matches the [CHANGELOG](CHANGELOG.md) - These are the safest\n* If it is built for multiple distributions there may exist a value of `alpine` or `debian`\n* If there are multiple distribution variations it may include a version - see the registry for availability\n\nHave a look at the container registries and see what tags are available.\n\n#### Multi-Architecture Support\n\nImages are built for `amd64` by default, with optional support for `arm64` and other architectures.\n\n### Quick Start\n\n* The quickest way to get started is using [docker-compose](https://docs.docker.com/compose/). See the examples folder for a working [compose.yml](examples/compose.yml) that can be modified for your use.\n\n* Map [persistent storage](#persistent-storage) for access to configuration and data files for backup.\n* Set various [environment variables](#environment-variables) to understand the capabilities of this image.\n\n### Persistent Storage\n\nThe following directories are used for configuration and can be mapped for persistent storage.\n\n| Directory | Description |\n| --------- | ---------------------------------------------- |\n| `/certs` | (optional) Certificates |\n| `/config` | (optional) Configuration Files |\n| `/data` | (optional) Root Hints and volatile information |\n| `/logs` | Log Files |\n\n### Environment Variables\n\n#### Base Images used\n\nThis image relies on a customized base image in order to work.\nBe sure to view the following repositories to understand all the customizable options:\n\n| Image | Description |\n| ------------------------------------------------------- | ----------- |\n| [OS Base](https://github.com/nfrastack/container-base/) | Base Image |\n\nBelow is the complete list of available options that can be used to customize your installation.\n\n* Variables showing an 'x' under the `Advanced` column can only be set if the containers advanced functionality is enabled.\n\n#### Core Configuration\n\n| Parameter | Description | Default | Advanced |\n| -------------------- | ---------------------------------------------------------------------- | --------------------- | -------- |\n| `UNBOUND_SETUP_TYPE` | Auto Configure Configuration each startup - Set to `MANUAL` to disable | `AUTO` | |\n| `DATA_PATH` | Base Folder for Data Files | `/data/` | |\n| `CONFIG_PATH` | Folder for Config Files | `/config/` | |\n| `CONFIG_FILE` | Unbound configuration file | `unbound.conf` | |\n| `CUSTOM_CONFIG_PATH` | Additional User provided configuration path | `${DATA_PATH}/conf.d` | |\n| `LOG_PATH` | Path for log files | `/logs/` | |\n| `LOG_FILE` | Log file name | `unbound.log` | |\n| `LOG_LEVEL` | Log verbosity level | `info` | |\n| | `error`, `info`, `detailed`, `query` `algorithm` `client` | | |\n| `LOG_TYPE` | Log output type | `FILE` | |\n| `UNBOUND_USER` | User to run Unbound as | `unbound` | x |\n\n#### Unbound Configuration\n\n| Parameter | Description | Default | Advanced |\n| ------------------------------------- | ----------------------------------- | ------------------------------------------------------------------ | -------- |\n| `LISTEN_IP` | IP address to listen on | `0.0.0.0` | |\n| `LISTEN_PORT` | Port to listen on | `53` | |\n| `ENABLE_IPV4` | Enable IPv4 support | `TRUE` | |\n| `ENABLE_IPV6` | Enable IPv6 support | `TRUE` | |\n| `ENABLE_TCP` | Enable TCP support | `TRUE` | |\n| `ENABLE_UDP` | Enable UDP support | `TRUE` | |\n| `ACCESS_CONTROL_OUTGOING_PORT_PERMIT` | Outgoing port permit range | `10240-65535` | x |\n| `ACCESS_CONTROL` | Access control rules | `0.0.0.0/0 allow` | |\n| `BUFFER_SIZE_MSG` | Message buffer size | `8192` | x |\n| `CACHE_SIZE_EDNS` | EDNS cache size | `4096` | x |\n| `CACHE_SIZE_MSG` | Message cache size | `32m` | x |\n| `CACHE_SIZE_RRSET` | RRset cache size | `64m` | x |\n| `CACHE_SLABS_MSG` | Message cache slabs | `4` | x |\n| `CACHE_TTL_MAX_NEGATIVE` | Maximum negative cache TTL | `10` | x |\n| `CACHE_TTL_MAX` | Maximum cache TTL | `86400` | x |\n| `CACHE_TTL_MIN` | Minimum cache TTL | `300` | x |\n| `DENY_ANY` | Deny ANY queries | `TRUE` | |\n| `HARDEN_DNSSEC_STRIPPED` | Harden against DNSSEC stripped data | `TRUE` | x |\n| `HARDEN_GLUE` | Harden glue for DNSSEC | `TRUE` | x |\n| `HARDEN_LARGE_QUERIES` | Harden large queries | `TRUE` | x |\n| `HARDEN_SHORT_BUFFER_SIZE` | Harden short buffer size | `TRUE` | x |\n| `LOG_QUERIES` | Log queries | `TRUE` | |\n| `LOG_REPLIES` | Log replies | `TRUE` | |\n| `LOG_SERVFAIL` | Log SERVFAIL responses | `TRUE` | |\n| `LOG_TIME_ASCII` | Log time in ASCII format | `TRUE` | |\n| `MINIMAL_RESPONSES` | Enable minimal responses | `FALSE` | x |\n| `NO_QUERY_LOCALHOST` | Disallow queries from localhost | `FALSE` | x |\n| `PREFETCH_KEY` | Enable prefetch key support | `TRUE` | x |\n| `PREFETCH` | Enable prefetching | `TRUE` | x |\n| `QNAME_MINIMIZATION` | Enable QNAME minimization | `TRUE` | x |\n| `ROOT_HINTS_FILE` | Root Hints File | `${DATA_PATH}/root.hints` | |\n| `ROOT_HINTS_URI` | URI for root hints file | `https://www.internic.net/domain/named.root` | |\n| `SO_BUFFER_RECEIVE` | Socket receive buffer size | `\"\"` | x |\n| `SO_BUFFER_SEND` | Socket send buffer size | `\"\"` | x |\n| `SO_REUSE_PORT` | Enable SO_REUSEPORT | `FALSE` | x |\n| `STATISTICS_CUMULATIVE` | Enable cumulative statistics | `TRUE` | |\n| `STATISTICS_EXTENDED` | Enable extended statistics | `TRUE` | |\n| `STATISTICS_INTERVAL` | Statistics interval | `0` | |\n| `TARGET_FETCH_POLICY` | Target fetch policy | `2 1 0 0 0 0` | x |\n| `THREADS_QUERIES_PER` | Queries per thread | `2048` | x |\n| `THREADS` | Number of Unbound threads | `1` | x |\n| `TRUST_ANCHOR` | DNSSEC trust anchor | `. DS 19036 8 2` | |\n| | | `49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5` | |\n\n#### Forwarding Domain Configuration\n\n| Parameter | Description | Default | Advanced |\n| ---------------------------- | -------------------------------------------- | ------- | ----- |\n| `FORWARD_DOMAIN_XX_NAME` | Domain name to forward eg `example.com` | | |\n| `FORWARD_DOMAIN_XX_IP` | IP address to forward queries to for _NAME | | |\n| | Add multiple by seperating with commas | | |\n| `FORWARD_DOMAIN_XX_FALLBACK` | Try Root Servers first then try values above | `no` | |\n\n\u003e\u003e Exchange XX for 01,02,03 ....\n\n#### Remote Control Configuration\n\n| Parameter | Description | Default | Advanced |\n| ---------------------------- | -------------------------------- | --------------------- | -------- |\n| `ENABLE_REMOTE_CONTROL` | Enable Unbound remote control | `TRUE` | |\n| `REMOTE_CONTROL_LISTEN_IP` | Remote control listen IP | `127.0.0.1` | |\n| `REMOTE_CONTROL_LISTEN_PORT` | Remote control listen port | `8953` | |\n| `TLS_CONTROL_CERT` | TLS control certificate filename | `unbound_control.pem` | |\n| `TLS_CONTROL_KEY` | TLS control key filename | `unbound_control.key` | |\n| `TLS_CONTROL_PATH` | Path for TLS control cert/key | `/certs/` | |\n| `TLS_SERVER_CERT` | TLS server certificate filename | `unbound_server.pem` | |\n| `TLS_SERVER_KEY` | TLS server key filename | `unbound_server.key` | |\n| `TLS_SERVER_PATH` | Path for TLS server cert/key | `/certs/` | |\n\n## Users and Groups\n\n| Type | Name | ID |\n| ----- | --------- | ---- |\n| User | `unbound` | 5353 |\n| Group | `unbound` | 5353 |\n\n### Networking\n\n| Port | Protocol | Description |\n| ------ | -------- | -------------- |\n| `53` | tcp | Unbound Daemon |\n| `53` | udp | Unbound Daemon |\n| `8953` | udp | Remote Control |\n\n* * *\n\n## Maintenance\n\n### Shell Access\n\nFor debugging and maintenance, `bash` and `sh` are available in the container.\n\n## Support \u0026 Maintenance\n\n- For community help, tips, and community discussions, visit the [Discussions board](/discussions).\n- For personalized support or a support agreement, see [Nfrastack Support](https://nfrastack.com/).\n- To report bugs, submit a [Bug Report](issues/new). Usage questions will be closed as not-a-bug.\n- Feature requests are welcome, but not guaranteed. For prioritized development, consider a support agreement.\n- Updates are best-effort, with priority given to active production use and support agreements.\n\n## License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnfrastack%2Fcontainer-unbound","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnfrastack%2Fcontainer-unbound","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnfrastack%2Fcontainer-unbound/lists"}