diff --git a/docker-build/Dockerfile b/docker-build/Dockerfile index 7ac7847..610de65 100644 --- a/docker-build/Dockerfile +++ b/docker-build/Dockerfile @@ -1,5 +1,5 @@ # Get the latest Pi-hole version -FROM pihole/pihole:2022.02.1 +FROM pihole/pihole:2022.04.1 # Install necessary programs RUN apt-get update && \ @@ -10,12 +10,17 @@ RUN apt-get update && \ # Additional configs # unbound -COPY unbound-v1.9_pihole.conf /etc/unbound/unbound.conf.d/pihole.conf +# COPY unbound-v1.9_pihole.conf /etc/unbound/unbound.conf.d/pihole.conf +COPY unbound-v1.13.1_pihole.conf /etc/unbound/unbound.conf.d/pihole.conf -# Download the DNS-Root-Zone. Change owner and move it to the right directory +# Download the DNS-Root-Zone. +# Create the chroot directory. +# Copy / move files and change owner. RUN wget -O root.hints https://www.internic.net/domain/named.root && \ - mv root.hints /var/lib/unbound/ && \ - chown unbound:unbound /var/lib/unbound/root.hints + mkdir /usr/local/etc/unbound && \ + cp /var/lib/unbound/root.key /usr/local/etc/unbound/root.key && \ + mv root.hints /usr/local/etc/unbound/ && \ + chown -R unbound:unbound /usr/local/etc/unbound/root.* # Unbound startup script COPY start_unbound_and_s6_init.sh start_unbound_and_s6_init.sh diff --git a/docker-build/VERSION b/docker-build/VERSION index 1f761d3..5a084a4 100644 --- a/docker-build/VERSION +++ b/docker-build/VERSION @@ -1 +1 @@ -2022.02.1 +2022.04.1 diff --git a/docker-build/unbound-v1.13.1_pihole.conf b/docker-build/unbound-v1.13.1_pihole.conf index e1fe9d6..9de63c0 100644 --- a/docker-build/unbound-v1.13.1_pihole.conf +++ b/docker-build/unbound-v1.13.1_pihole.conf @@ -1,8 +1,8 @@ server: ########################################################################### # BASIC SETTINGS - ########################################################################### - + ########################################################################### + # Listen to for queries from clients and answer from this network interface # and port. interface: 127.0.0.1 @@ -16,8 +16,11 @@ server: # and for *native* IPv6 prefer-ip6: no + # Enable DNSSEC + auto-trust-anchor-file: "/usr/local/etc/unbound/root.key" + # where to find root server data - root-hints: /var/lib/unbound/root.hints + root-hints: "/usr/local/etc/unbound/root.hints" # Reduce EDNS reassembly buffer size. # Suggested by the unbound man page to reduce fragmentation reassembly problems @@ -104,7 +107,7 @@ server: # Enable chroot (i.e, change apparent root directory for the current # running process and its children) - #chroot: "/etc/unbound" + chroot: "/usr/local/etc/unbound/" # Deny queries of type ANY with an empty response. deny-any: yes