Avoid DNS rebinding protection to stop Plex from working properly

Question

Avoid DNS rebinding protection to stop Plex from working properly

churchofnoise opened this issue 2 years ago · 6 comments

Hi Kyle, just wanted to ask if you'd consider adding this line to the 'server' part of Unbound's config in your Docker container:
private-domain: "plex.direct"

When I still ran Unbound 'outside of a container' I had to do this to allow Plex to work properly, but since I am running it in a container on my Firewalla Purple, i haven't yet managed to get to the point where I can work with a custom conf file (I remember you giving me some pointers, but so far I've not had the possibility to make it work).

Thanks for considering

Answer 1 · 2022-06-08T13:39:59.000Z

I would rather address the issues with loading a custom configuration if possible. Maybe make it easier to drop-in minor changes like this.

What is the current issue with loading a local configuration volume on your Firewalla? Does it not support Docker bind mounts?

Answer 2 · 2022-06-14T18:36:51.000Z

Can you try with klutchell/unbound:pr-68 from this PR #68?

Answer 3 · 2022-06-20T06:36:50.000Z

Thanks for that @klutchell !
I ran it, but can't find the custom conf file, I assume I should modify something in my yaml file pointing to the path with the custom config?

Currently, I have this:

unbound:
image: klutchell/unbound:pr-68
networks:
default:
ipv4_address: [IP ADDRESS]
ports:
- 5335:5335/tcp
- 5335:5335/udp
restart: unless-stopped

(reason I opened this is my own lacking knowledge on how to work with Docker I'm afraid, not the capability of the system I run)

Answer 4 · 2022-06-20T07:27:18.000Z

I figured it out, needed to add a pointer to the directory indeed.
Thanks!

Btw, another question if I may: the custom config file doesn't require server: to be added, I guess that is because you refer to it under that section in your included unbound.conf. What should we do if we want to add another section, eg rpz: (just giving an example)?

Answer 5 · 2022-06-20T17:06:30.000Z

I ran it, but can't find the custom conf file, I assume I should modify something in my yaml file pointing to the path with the custom config?

I added plex.local to the default config so for your use case you shouldn't need to mount anything unless you require additional customization.
58852dc

Btw, another question if I may: the custom config file doesn't require server: to be added, I guess that is because you refer to it under that section in your included unbound.conf. What should we do if we want to add another section, eg rpz:

Good question, I didn't really account for this on the PR. Maybe I should move the include to the top level and require that the subsections be defined in the custom files? That would allow for more flexibility.
afd7bd5

Answer 6 · 2022-06-20T17:57:17.000Z

THanks!

I also added plex.direct as a private domain(just to be sure) and some other customizations (further hardening, ttl modifications...)

On your second point: that might make sense, as it would indeed allow for a broader range of customization.

In any case, I am very grateful for what you've already done - most helpful!!