Avoid DNS rebinding protection to stop Plex from working properly
churchofnoise opened this issue · 6 comments
Hi Kyle, just wanted to ask if you'd consider adding this line to the 'server' part of Unbound's config in your Docker container:
private-domain: "plex.direct"
When I still ran Unbound 'outside of a container' I had to do this to allow Plex to work properly, but since I am running it in a container on my Firewalla Purple, i haven't yet managed to get to the point where I can work with a custom conf file (I remember you giving me some pointers, but so far I've not had the possibility to make it work).
Thanks for considering
I would rather address the issues with loading a custom configuration if possible. Maybe make it easier to drop-in minor changes like this.
What is the current issue with loading a local configuration volume on your Firewalla? Does it not support Docker bind mounts?
Thanks for that @klutchell !
I ran it, but can't find the custom conf file, I assume I should modify something in my yaml file pointing to the path with the custom config?
Currently, I have this:
unbound:
image: klutchell/unbound:pr-68
networks:
default:
ipv4_address: [IP ADDRESS]
ports:
- 5335:5335/tcp
- 5335:5335/udp
restart: unless-stopped
(reason I opened this is my own lacking knowledge on how to work with Docker I'm afraid, not the capability of the system I run)
I figured it out, needed to add a pointer to the directory indeed.
Thanks!
Btw, another question if I may: the custom config file doesn't require server:
to be added, I guess that is because you refer to it under that section in your included unbound.conf. What should we do if we want to add another section, eg rpz:
(just giving an example)?
I ran it, but can't find the custom conf file, I assume I should modify something in my yaml file pointing to the path with the custom config?
I added plex.local
to the default config so for your use case you shouldn't need to mount anything unless you require additional customization.
58852dc
Btw, another question if I may: the custom config file doesn't require server: to be added, I guess that is because you refer to it under that section in your included unbound.conf. What should we do if we want to add another section, eg rpz:
Good question, I didn't really account for this on the PR. Maybe I should move the include to the top level and require that the subsections be defined in the custom files? That would allow for more flexibility.
afd7bd5
THanks!
I also added plex.direct
as a private domain(just to be sure) and some other customizations (further hardening, ttl modifications...)
On your second point: that might make sense, as it would indeed allow for a broader range of customization.
In any case, I am very grateful for what you've already done - most helpful!!