/unbound-docker

🛡️ This distroless Unbound Docker image is based on Alpine Linux with focus on security, privacy, performance and a small image size. And with Pi-hole in mind.

Primary LanguageDockerfileMIT LicenseMIT

Alpine Linux Based DNSSEC Validating Recursive Unbound DNS Resolver Docker Image

Build status

CD Check NLnet Labs Unbound release CD Build Docker Image CD Build Nightly Docker Image CD Security Scan Manual Build Unbound Docker Image

GitHub version OpenSSL buildenv

This is a lightweight Alpine Linux based Docker image that runs Unbound, an open source high-performance DNS resolver brought to you by the nice people at NLnet Labs running as your own recursive DNS server in a secure single-layer distroless scratch image modeled by following the best practice principles.

While it leaves almost nothing to be desired, it is perfectly suited for professional and personal use alike.

Features
Feature Supported
CD built single-layer distroless scratch image running Alpine Linux yes
Unprivileged user yes
Unprivileged port (privileged possible) yes
Custom UID/GID environment variables yes
Per hardware architecture optimized & CD built OpenSSL yes
Libevent yes
Recursive DNS as default yes
DNSSEC yes
DNSCrypt yes
DNSTap yes
DNS64 yes
DNS over HTTPS yes
DNS over TLS yes
Redis via UNIX Socket or network yes
Optional privacy respecting & meaningful healthcheck yes
Optional Unbound statistics for Grafana via Zabbix utilizing on-board means yes
Python no
EDNS Client Subnet no
Image security scans /w Trivy & Docker Scout yes

Getting started

Docker containers are most easily used with docker compose.

Available Docker Tags

You can pull the most recent image from Docker Hub using it's latest tag or by using the corresponding image version number:

docker pull madnuttah/unbound:latest or docker pull madnuttah/unbound:1.1.0-0

The image versioning scheme follows unbound - complemented by a dash and the desired image revision, for example 1.1.0-0.

There are canary builds of the image available. You can pull the image using it's canary tag:

docker pull madnuttah/unbound:canary

Please note that canary builds may contain bugs and are not recommended to be used in production environments. These builds are untested and also unsupported by me.

Changes

You can view the changes in the Releases section.

Feedback

I am here to help! Don't hesitate to contact me through a GitHub Issue if you have any questions, requests or problems with the image.

You can also reach me on Fosstodon:

Follow me on Mastodon

Acknowledgements

Licenses

License

Unless otherwise specified, all code is released under the MIT license. See the LICENSE for details.

Licenses for other components

Legal

Please note that this is a work of a private contributor and I'm neither affiliated with NLnet Labs or Pi-hole nor is NLnet Labs or Pi-hole involved in the development of the image. The marks and properties 'Unbound' and 'Pi-hole' are properties of NLnet Labs and Pi-hole respectively. All rights in the source codes, including logos relating to said marks and properties belong to their respective owners.

Supporting my work

In case you would like to donate money, please rather spend it on the upstream projects this image relies on.

If you like what I do and if you find this image protecting your privacy and giving back your DNS liberty useful - consider becoming a stargazer ⭐ on Docker Hub and GitHub. Thank you for your support!

Some things in life are free. ❤️