diff --git a/docker-build/Dockerfile b/docker-build/Dockerfile index 823493e..7ac7847 100644 --- a/docker-build/Dockerfile +++ b/docker-build/Dockerfile @@ -1,5 +1,5 @@ # Get the latest Pi-hole version -FROM pihole/pihole:2022.01.1 +FROM pihole/pihole:2022.02.1 # Install necessary programs RUN apt-get update && \ @@ -14,8 +14,8 @@ COPY unbound-v1.9_pihole.conf /etc/unbound/unbound.conf.d/pihole.conf # Download the DNS-Root-Zone. Change owner and move it to the right directory RUN wget -O root.hints https://www.internic.net/domain/named.root && \ - chown unbound:unbound root.hints && \ - mv root.hints /var/lib/unbound/ + mv root.hints /var/lib/unbound/ && \ + chown unbound:unbound /var/lib/unbound/root.hints # Unbound startup script COPY start_unbound_and_s6_init.sh start_unbound_and_s6_init.sh diff --git a/docker-build/VERSION b/docker-build/VERSION index e98d28f..1f761d3 100644 --- a/docker-build/VERSION +++ b/docker-build/VERSION @@ -1 +1 @@ -2022.01.1 +2022.02.1 diff --git a/docker-build/unbound-v1.13_pihole.conf b/docker-build/unbound-v1.13.1_pihole.conf similarity index 94% rename from docker-build/unbound-v1.13_pihole.conf rename to docker-build/unbound-v1.13.1_pihole.conf index 05e016c..7573597 100644 --- a/docker-build/unbound-v1.13_pihole.conf +++ b/docker-build/unbound-v1.13.1_pihole.conf @@ -17,7 +17,7 @@ server: prefer-ip6: no # where to find root server data - root-hints: /usr/share/dns/root.hints + root-hints: /var/lib/unbound/root.hints # Reduce EDNS reassembly buffer size. # Suggested by the unbound man page to reduce fragmentation reassembly problems @@ -27,8 +27,8 @@ server: # the query ID, for speed and thread safety). rrset-roundrobin: yes - # Drop user privileges after binding the port. - username: "_unbound" + # Drop privileges after binding the port. + username: "unbound" ########################################################################### # LOGGING @@ -102,10 +102,6 @@ server: access-control: 172.16.0.0/12 allow access-control: 10.0.0.0/8 allow - # Enable chroot (i.e, change apparent root directory for the current - # running process and its children) - chroot: "/etc/unbound" - # Deny queries of type ANY with an empty response. deny-any: yes @@ -144,11 +140,6 @@ server: # Refuse version.server and version.bind queries hide-version: yes - # Set the HTTP User-Agent header for outgoing HTTP requests. If - # set to "", the default, then the package name and version are - # used. - http-user-agent: "DNS" - # Report this identity rather than the hostname of the server. identity: "DNS" @@ -213,7 +204,7 @@ remote-control: control-enable: no # get data for all TLDs by IXFR (or AXFR) from root servers -# b,c,g are the only servers that answer a IXFR query +# these are the only servers that answer an IXFR query auth-zone: name: "." primary: 199.9.14.201 # b.root-servers.net