DNS (unbound + google-https-dns)

unbound.conf

# Network:
#     sudo docker network create -d bridge --subnet=172.25.0.0/16 dns
# DNS Upstream:
#     sudo docker run -d --name dns-google \
#         --network=dns --ip=172.25.1.1 --log-opt max-size=1m --restart=unless-stopped tarot13/google-https-dns
# Unbound: 
#     sudo docker run -d --name dns-unbound -v $HOME/unbound:/etc/unbound -p 53:53/tcp -p 53:53/udp \
#         --network=dns --ip=172.25.1.2 --log-opt max-size=1m --restart=unless-stopped tarot13/unbound
# File: 
#     $HOME/unbound/unbound.conf
# Root Hints:
#     ftp://FTP.INTERNIC.NET/domain/named.cache

server:
  username: "root"
  interface: 0.0.0.0
  verbosity: 1
  do-daemonize: no
  access-control: 0.0.0.0/0 allow
  root-hints: "/etc/unbound/root.hints" # Root Hints: ftp://FTP.INTERNIC.NET/domain/named.cache
  auto-trust-anchor-file: "/etc/unbound/root.key" # Auto generated
  do-ip4: yes
  do-ip6: no
  do-udp: yes
  do-tcp: yes
  hide-identity: yes
  hide-version: yes
  harden-glue: yes
  use-caps-for-id: yes
  cache-max-ttl: 3600
  prefetch: yes
  num-threads: 4
  msg-cache-size: 64m
  rrset-cache-size: 128m
  module-config: "subnetcache iterator"
  unwanted-reply-threshold: 10000000
  do-not-query-localhost: no
  send-client-subnet: 172.25.0.0/16
  minimal-responses: yes

# Netflix DNS Proxy
#  forward-zone:
#    name: "netflix.com."
#    forward-addr: 
#
#  forward-zone:
#    name: "netflix.net."
#    forward-addr: 
#
#  forward-zone:
#    name: "nflximg.net."
#    forward-addr: 
#
#  forward-zone:
#    name: "nflxvideo.net."
#    forward-addr: 
#
#  forward-zone:
#    name: "nflxso.net."
#    forward-addr: 
#
#  forward-zone:
#    name: "nflxext.com."
#    forward-addr: 

  forward-zone:
    name: "."
    forward-addr: 172.25.1.1