Unbound can't resolve urls while other DNSs can

plgdctr · December 4, 2024, 9:00am

Hey, in the meantime I had a look at
mvance/unbound - Docker Image | Docker Hub
which is the provider of the unbound container I use.

From that documentation I understand, that I need to place the customized config file dns-rebind-exemptions.conf directly inside the unbound configuration directory. So, unbound is installed at volume1/docker/unbound where the unbound.conf file and others are located. Therefore, I also placed dns-rebind-exemptions.conf in that directory, checked the config and restarted unbound.

Unfortunately, it's still not working. Do you think the problem is still the way, how customized config files are applied by the not-official unbound image?

Bucking_Horn · December 4, 2024, 9:36am

You should probably be aware that mvance/unbound image is not configuring unbound as a recursive resolver:

By default, this image forwards queries Cloudflare DNS server over TLS. In other words, it does not act as a recursive server.

If you'd want a recursive resolver, you'd have to somehow replace the image's default configuration anyway. You could refer to Pi-hole's unbound configuration example and expand that by your private-domain line, but it likely would need additional tweaking to cater for running in a container.

If you are happy with unbound operating as a DoT forwarder rather than a recursive resolver, you may try to apply your changes to a file that is read by your mvance/unbound container.
It would seem that mvance/unbound's defaults are created by a script unbound.sh, and if I read that correctly, it only includes the following files:

    include: /opt/unbound/etc/unbound/a-records.conf
    include: /opt/unbound/etc/unbound/srv-records.conf
    include: /opt/unbound/etc/unbound/forward-records.conf

This may suggest that you could put your changes into one of those files to be picked up by the container's unbound.

But you'd really want to consult with mvance/unbound documentation and maintainers for advice on correctly configuring that container.

deHakkelaar · December 5, 2024, 2:22am

I havent tried it myself but below klutchell version does recursion OOTB:

plgdctr · December 12, 2024, 12:13pm

Yes, I know. I went through the guide MatthewVance/unbound-docker: Unbound DNS Server Docker Image and its example file and therefore in the unbound.conf I commented out the following line

include: /opt/unbound/etc/unbound/forward-records.conf

and included the following files

include: /opt/unbound/etc/unbound/a-records.conf
include: /opt/unbound/etc/unbound/srv-records.conf
include: /opt/unbound/etc/unbound/dns-rebind-exemptions.conf # added during our topic here

However, forward-records.conf is not existing + both a-records.conf and srv-records.conf are empty.

Although I have added and included the dns-rebind-exemptions.conf file, the domain still can't be resolved.

Do you think that's still due to how config files are included?
Is there a way I can test whether or not my unbound container is working as a recursive resolver?

Thanks in advance once more!

Bucking_Horn · December 12, 2024, 12:28pm

Sorry, I have helped you as much as I can.

As mentioned:

plgdctr · December 12, 2024, 12:40pm

Alright, nevertheless, thank you so much for your detailed help so far.
If I get some new insights, I'll post them here for others.

system · January 2, 2025, 12:41pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.