Q: Config extensibility with wildcard include?
benurb opened this issue · 5 comments
Hi @MatthewVance,
I started using your unbound image for my pi hole server coming from a locally installed unbound instance. So far it works greats, so thank you very much for that.
One question that came up though: I have a bit of custom configuration (forwarders, logging, private-domains, ...)
Currently I mount my custom config to /opt/unbound/etc/unbound/forward-records.conf
to be able to keep your default configuration and enrich it with my custom settings. I guess that's a workaround though, because my config does not contain forwarders only. What do you think about adding a wildcard include, e.g. include: "/opt/unbound/etc/unbound/unbound.conf.d/*.conf"
at the end of the unbound.conf
? This would add more flexibility for custom configs, while still leaving forward-records.conf
in place as a default. It would render a-records.conf
and srv-records.conf
pretty useless though.
Best regards,
Ben
Well theoretically it does, but that also means I have to maintain the whole unbound.conf with a lot of settings I don't want to change from your sane defaults just to change a few configs.
What I did now is btw mount a forward-records.conf
file with content include: "/opt/unbound/etc/unbound/unbound.conf.d/*.conf"
into the container.
These are the configs I placed there, so that you can get an impression of my use case:
/opt/unbound/etc/unbound/unbound.conf.d/logging.conf
server:
# Log to stderr
logfile: ""
/opt/unbound/etc/unbound/unbound.conf.d/dns-rebind-protection.conf
server:
# Ensure privacy of local IP ranges
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
private-address: 172.16.0.0/12
private-address: 10.0.0.0/8
private-address: fd00::/8
private-address: fe80::/10
# Allow certain domains to return private IP ranges
private-domain: [redacted].de
/opt/unbound/etc/unbound/unbound.conf.d/forwarders.conf
forward-zone:
name: "."
forward-tls-upstream: yes
# Google Public DNS
forward-addr: 8.8.8.8@853#dns.google
forward-addr: 8.8.4.4@853#dns.google
forward-addr: 2001:4860:4860::8888@853#dns.google
forward-addr: 2001:4860:4860::8844@853#dns.google
# Cloudflare DNS
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
Thank you for the additional information. I'm open to the idea of adding a wildcard include.
I'll probably keep the a-records.conf
and srv-records.conf
as well. It may not be strictly necessary, but will keep those in place for anyone who has special reliance on the existing implementation.
It may take me a few days to get to this. Feel free to submit a PR in you want.
King regards,
Matt
@MatthewVance I'm a bit confused - is the wildcard include meant to not be commented out? Currently it is: https://github.com/MatthewVance/unbound-docker-rpi/blob/master/1.15.0/data/unbound.sh#L356