DNS (unbound + google-https-dns)
# Network: | |
# sudo docker network create -d bridge --subnet=172.25.0.0/16 dns | |
# DNS Upstream: | |
# sudo docker run -d --name dns-google \ | |
# --network=dns --ip=172.25.1.1 --log-opt max-size=1m --restart=unless-stopped tarot13/google-https-dns | |
# Unbound: | |
# sudo docker run -d --name dns-unbound -v $HOME/unbound:/etc/unbound -p 53:53/tcp -p 53:53/udp \ | |
# --network=dns --ip=172.25.1.2 --log-opt max-size=1m --restart=unless-stopped tarot13/unbound | |
# File: | |
# $HOME/unbound/unbound.conf | |
# Root Hints: | |
# ftp://FTP.INTERNIC.NET/domain/named.cache | |
server: | |
username: "root" | |
interface: 0.0.0.0 | |
verbosity: 1 | |
do-daemonize: no | |
access-control: 0.0.0.0/0 allow | |
root-hints: "/etc/unbound/root.hints" # Root Hints: ftp://FTP.INTERNIC.NET/domain/named.cache | |
auto-trust-anchor-file: "/etc/unbound/root.key" # Auto generated | |
do-ip4: yes | |
do-ip6: no | |
do-udp: yes | |
do-tcp: yes | |
hide-identity: yes | |
hide-version: yes | |
harden-glue: yes | |
use-caps-for-id: yes | |
cache-max-ttl: 3600 | |
prefetch: yes | |
num-threads: 4 | |
msg-cache-size: 64m | |
rrset-cache-size: 128m | |
module-config: "subnetcache iterator" | |
unwanted-reply-threshold: 10000000 | |
do-not-query-localhost: no | |
send-client-subnet: 172.25.0.0/16 | |
minimal-responses: yes | |
# Netflix DNS Proxy | |
# forward-zone: | |
# name: "netflix.com." | |
# forward-addr: | |
# | |
# forward-zone: | |
# name: "netflix.net." | |
# forward-addr: | |
# | |
# forward-zone: | |
# name: "nflximg.net." | |
# forward-addr: | |
# | |
# forward-zone: | |
# name: "nflxvideo.net." | |
# forward-addr: | |
# | |
# forward-zone: | |
# name: "nflxso.net." | |
# forward-addr: | |
# | |
# forward-zone: | |
# name: "nflxext.com." | |
# forward-addr: | |
forward-zone: | |
name: "." | |
forward-addr: 172.25.1.1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment