Cloudflare.com querys every 30 seconds
Closed this issue · 2 comments
Describe the bug
Unbound queries cloudflare.com
every 30 seconds via pihole (seen in piholes query logs). Pihole is configured as system-wide dns.
To Reproduce
Steps to reproduce the behavior:
- Docker run command or compose file:
version: '3'
services:
unbound:
container_name: unbound
restart: unless-stopped
volumes:
- ./etc-unbound:/opt/unbound/etc/unbound
- /dev/log:/dev/log
image: mvance/unbound:latest
network_mode: host
- Customizations (config files):
server:
verbosity: 1
port: 5335
do-ip4: yes
do-ip6: no
hide-identity: yes
hide-version: yes
hide-trustanchor: yes
prefetch: yes
num-threads: 1
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
private-address: 172.16.0.0/12
private-address: 10.0.0.0/8
private-domain: mydns.jdownloader.org
- cloudflare.com is queried every 30 seconds.
- Stopping unbound container and no further queries are gone.
Expected behavior
No constant queries to cloudflare.com.
Additional context
Please review also #1 and #14 .
In #1 there is Cloudflare configured as forward-dns, but healthcheck should check 1.1.1.1 and 1.0.0.1 and not cloudflared.com.
In #14 there's only quad9 configured as forward-dns and also cloudflare.com querys are seen.
This code explains why this is expected behavior:
unbound-docker-rpi/1.17.0/Dockerfile
Line 133 in 9297c82
To check that the container can resolve an address, it has to look up a domain name, not IP addresses.
It's far from a perfect health check (see MatthewVance/unbound-docker#112). By default, it is setup for the Unbound container to query localhost for cloudflare.com (not cloudflared.com). It will either resolve those or forward to another DNS server. With the default config, it forwards those:
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
#14 is expected behavior. Forward settings do not change the Docker health check command that tells the container to run drill @127.0.0.1 cloudflare.com.
You can override this by using: https://docs.docker.com/engine/reference/run/#healthcheck
You can re-build the image to use settings you prefer: https://docs.docker.com/engine/reference/builder/#healthcheck
Setting via Docker compose is also an option: https://docs.docker.com/compose/compose-file/compose-file-v3/#healthcheck
Thanks for explaination.
I will disable your healhcheck via compose file.