techotaku/unbound.conf

## unbound.conf
# Network:
#     sudo docker network create -d bridge --subnet=172.25.0.0/16 dns
# DNS Upstream:
#     sudo docker run -d --name dns-google \
#         --network=dns --ip=172.25.1.1 --log-opt max-size=1m --restart=unless-stopped tarot13/google-https-dns
# Unbound:
#     sudo docker run -d --name dns-unbound -v $HOME/unbound:/etc/unbound -p 53:53/tcp -p 53:53/udp \
#         --network=dns --ip=172.25.1.2 --log-opt max-size=1m --restart=unless-stopped tarot13/unbound
# File:
#     $HOME/unbound/unbound.conf
# Root Hints:
#     ftp://FTP.INTERNIC.NET/domain/named.cache

server:
  username: "root"
  interface: 0.0.0.0
  verbosity: 1
  do-daemonize: no
  access-control: 0.0.0.0/0 allow
  root-hints: "/etc/unbound/root.hints" # Root Hints: ftp://FTP.INTERNIC.NET/domain/named.cache
  auto-trust-anchor-file: "/etc/unbound/root.key" # Auto generated
  do-ip4: yes
  do-ip6: no
  do-udp: yes
  do-tcp: yes
  hide-identity: yes
  hide-version: yes
  harden-glue: yes
  use-caps-for-id: yes
  cache-max-ttl: 3600
  prefetch: yes
  num-threads: 4
  msg-cache-size: 64m
  rrset-cache-size: 128m
  module-config: "subnetcache iterator"
  unwanted-reply-threshold: 10000000
  do-not-query-localhost: no
  send-client-subnet: 172.25.0.0/16
  minimal-responses: yes

# Netflix DNS Proxy
#  forward-zone:
#    name: "netflix.com."
#    forward-addr:
#
#  forward-zone:
#    name: "netflix.net."
#    forward-addr:
#
#  forward-zone:
#    name: "nflximg.net."
#    forward-addr:
#
#  forward-zone:
#    name: "nflxvideo.net."
#    forward-addr:
#
#  forward-zone:
#    name: "nflxso.net."
#    forward-addr:
#
#  forward-zone:
#    name: "nflxext.com."
#    forward-addr:

  forward-zone:
    name: "."
    forward-addr: 172.25.1.1
	# Network:
	# sudo docker network create -d bridge --subnet=172.25.0.0/16 dns
	# DNS Upstream:
	# sudo docker run -d --name dns-google \
	# --network=dns --ip=172.25.1.1 --log-opt max-size=1m --restart=unless-stopped tarot13/google-https-dns
	# Unbound:
	# sudo docker run -d --name dns-unbound -v $HOME/unbound:/etc/unbound -p 53:53/tcp -p 53:53/udp \
	# --network=dns --ip=172.25.1.2 --log-opt max-size=1m --restart=unless-stopped tarot13/unbound
	# File:
	# $HOME/unbound/unbound.conf
	# Root Hints:
	# ftp://FTP.INTERNIC.NET/domain/named.cache

	server:
	username: "root"
	interface: 0.0.0.0
	verbosity: 1
	do-daemonize: no
	access-control: 0.0.0.0/0 allow
	root-hints: "/etc/unbound/root.hints" # Root Hints: ftp://FTP.INTERNIC.NET/domain/named.cache
	auto-trust-anchor-file: "/etc/unbound/root.key" # Auto generated
	do-ip4: yes
	do-ip6: no
	do-udp: yes
	do-tcp: yes
	hide-identity: yes
	hide-version: yes
	harden-glue: yes
	use-caps-for-id: yes
	cache-max-ttl: 3600
	prefetch: yes
	num-threads: 4
	msg-cache-size: 64m
	rrset-cache-size: 128m
	module-config: "subnetcache iterator"
	unwanted-reply-threshold: 10000000
	do-not-query-localhost: no
	send-client-subnet: 172.25.0.0/16
	minimal-responses: yes

	# Netflix DNS Proxy
	# forward-zone:
	# name: "netflix.com."
	# forward-addr:
	#
	# forward-zone:
	# name: "netflix.net."
	# forward-addr:
	#
	# forward-zone:
	# name: "nflximg.net."
	# forward-addr:
	#
	# forward-zone:
	# name: "nflxvideo.net."
	# forward-addr:
	#
	# forward-zone:
	# name: "nflxso.net."
	# forward-addr:
	#
	# forward-zone:
	# name: "nflxext.com."
	# forward-addr:

	forward-zone:
	name: "."
	forward-addr: 172.25.1.1