This is a lightweight Alpine Linux based Docker image that runs Unbound, an open source high-performance DNS resolver brought to you by the nice people at NLnet Labs running as your own recursive DNS server in a secure single-layer distroless scratch image modeled by following the best practice principles.
While it leaves almost nothing to be desired, it is perfectly suited for professional and personal use alike.
Features
Feature | Supported |
---|---|
CD built single-layer distroless scratch image running Alpine Linux | yes |
Unprivileged user | yes |
Unprivileged port (privileged possible) | yes |
Custom UID/GID environment variables | yes |
Per hardware architecture optimized & CD built OpenSSL |
yes |
Libevent | yes |
Recursive DNS as default | yes |
DNSSEC | yes |
DNSCrypt | yes |
DNSTap | yes |
DNS64 | yes |
DNS over HTTPS | yes |
DNS over TLS | yes |
Redis via UNIX Socket or network | yes |
Optional privacy respecting & meaningful healthcheck | yes |
Optional Unbound statistics for Grafana via Zabbix utilizing on-board means | yes |
Python | no |
EDNS Client Subnet | no |
Image security scans /w Trivy & Docker Scout | yes |
Docker containers are most easily used with docker compose.
You can pull the most recent image from Docker Hub using it's latest
tag or by using the corresponding image version number:
docker pull madnuttah/unbound:latest
or docker pull madnuttah/unbound:1.1.0-0
The image versioning scheme follows unbound - complemented by a dash and the desired image revision, for example 1.1.0-0
.
There are canary builds of the image available. You can pull the image using it's canary
tag:
docker pull madnuttah/unbound:canary
Please note that canary builds may contain bugs and are not recommended to be used in production environments. These builds are untested and also unsupported by me.
You can view the changes in the Releases
section.
I am here to help! Don't hesitate to contact me through a GitHub Issue
if you have any questions, requests or problems with the image.
You can also reach me on Fosstodon:
- Alpine Linux
- Docker
- Unbound
- OpenSSL
- Redis
- Pi-hole
- Aqua Security
- The many Docker Images which got me inspired
Unless otherwise specified, all code is released under the MIT license.
See the LICENSE
for details.
- Docker: Apache 2.0
- Unbound: BSD License
- OpenSSL: Apache-style license
Please note that this is a work of a private contributor and I'm neither affiliated with NLnet Labs or Pi-hole nor is NLnet Labs or Pi-hole involved in the development of the image. The marks and properties 'Unbound' and 'Pi-hole' are properties of NLnet Labs and Pi-hole respectively. All rights in the source codes, including logos relating to said marks and properties belong to their respective owners.
In case you would like to donate money, please rather spend it on the upstream projects this image relies on.
If you like what I do and if you find this image protecting your privacy and giving back your DNS liberty useful - consider becoming a stargazer ⭐ on Docker Hub and GitHub. Thank you for your support!
Some things in life are free. ❤️