first off: thanks for Pi-Hole, I love it so much!
I have created an Unbound DNS Resolver Docker image, may there's some interest and I hope I've posted this in the correct section.
The image is based on a customized Alpine Linux base with focus on security,
performance and a small image size (abount 40MB uncompressed). The Unbound process runs in the context of a non-root user, was further sealed with chroot and uses unprivileged ports (
5335 tcp/udp). It is also prepared for DoT and DoH.
Unbound was self compiled and is configured as a DNSSEC-validating DNS resolver, querying the DNS root servers directly and using zone transfers to provide a "hyperlocal" setup as an upstream DNS server with Pi-Hole in mind for adblocking.
However, my image can also be used as a standalone DNS server.
There's also a
docker-compose.yaml file combined with pi-hole using a MCVLAN network.
/etc/unbound/unbound.conf and may the
docker-compose.yaml files must be edited to reflect your network environment. In the next release the configs will be better structured while separated and being contained in an own config folder besides some optimizations.
I need to compile this for ARM too, which is currently an open issue on Github. This is my first release of a docker image, so please be gentle...
The image is open source and subject to the MIT license.
If you have any questions or encounter problems, I'm glad to help.
Wishing a Merry Christmas and all the best, madnuttah