Skip to content

Instantly share code, notes, and snippets.

@techotaku
Created January 8, 2018 11:03
Show Gist options
  • Save techotaku/8cb7aa3380b1db4809d120dfffa2ccf3 to your computer and use it in GitHub Desktop.
Save techotaku/8cb7aa3380b1db4809d120dfffa2ccf3 to your computer and use it in GitHub Desktop.
DNS (unbound + google-https-dns)
# Network:
# sudo docker network create -d bridge --subnet=172.25.0.0/16 dns
# DNS Upstream:
# sudo docker run -d --name dns-google \
# --network=dns --ip=172.25.1.1 --log-opt max-size=1m --restart=unless-stopped tarot13/google-https-dns
# Unbound:
# sudo docker run -d --name dns-unbound -v $HOME/unbound:/etc/unbound -p 53:53/tcp -p 53:53/udp \
# --network=dns --ip=172.25.1.2 --log-opt max-size=1m --restart=unless-stopped tarot13/unbound
# File:
# $HOME/unbound/unbound.conf
# Root Hints:
# ftp://FTP.INTERNIC.NET/domain/named.cache
server:
username: "root"
interface: 0.0.0.0
verbosity: 1
do-daemonize: no
access-control: 0.0.0.0/0 allow
root-hints: "/etc/unbound/root.hints" # Root Hints: ftp://FTP.INTERNIC.NET/domain/named.cache
auto-trust-anchor-file: "/etc/unbound/root.key" # Auto generated
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
hide-identity: yes
hide-version: yes
harden-glue: yes
use-caps-for-id: yes
cache-max-ttl: 3600
prefetch: yes
num-threads: 4
msg-cache-size: 64m
rrset-cache-size: 128m
module-config: "subnetcache iterator"
unwanted-reply-threshold: 10000000
do-not-query-localhost: no
send-client-subnet: 172.25.0.0/16
minimal-responses: yes
# Netflix DNS Proxy
# forward-zone:
# name: "netflix.com."
# forward-addr:
#
# forward-zone:
# name: "netflix.net."
# forward-addr:
#
# forward-zone:
# name: "nflximg.net."
# forward-addr:
#
# forward-zone:
# name: "nflxvideo.net."
# forward-addr:
#
# forward-zone:
# name: "nflxso.net."
# forward-addr:
#
# forward-zone:
# name: "nflxext.com."
# forward-addr:
forward-zone:
name: "."
forward-addr: 172.25.1.1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment