feat: add lightweight Alpine Unbound DNS container

- Multi-arch support (x86_64 and ARM64)
- ~50MB image size vs ~500MB for Ubuntu version
- DNSSEC validation with root hints
- Health checks and resource limits
- Security hardening (hide identity/version, harden-glue, etc.)
- Build script for easy single/multi-arch builds

builds/alpine-unbound/build.sh

@@ -0,0 +1,134 @@
+#!/bin/bash
+# Build script for Alpine Unbound DNS containers
+# Supports building for multiple architectures
+
+set -e
+
+IMAGE_NAME="${IMAGE_NAME:-alpine-unbound}"
+REGISTRY="${REGISTRY:-}"
+VERSION="${VERSION:-latest}"
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+print_status() {
+    echo -e "${GREEN}[INFO]${NC} $1"
+}
+
+print_warning() {
+    echo -e "${YELLOW}[WARN]${NC} $1"
+}
+
+print_error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+
+# Build for specific architecture
+build_single() {
+    local arch=$1
+    local dockerfile="Dockerfile.${arch}"
+    local tag="${IMAGE_NAME}:${VERSION}-${arch}"
+    
+    if [[ -n "$REGISTRY" ]]; then
+        tag="${REGISTRY}/${tag}"
+    fi
+    
+    print_status "Building for ${arch}..."
+    docker build -f "$dockerfile" -t "$tag" .
+    print_status "Successfully built: $tag"
+}
+
+# Build multi-arch image using buildx
+build_multiarch() {
+    local tag="${IMAGE_NAME}:${VERSION}"
+    
+    if [[ -n "$REGISTRY" ]]; then
+        tag="${REGISTRY}/${tag}"
+    fi
+    
+    print_status "Building multi-architecture image..."
+    
+    # Check if buildx is available
+    if ! docker buildx version &>/dev/null; then
+        print_error "Docker buildx is not available. Please install it first."
+        exit 1
+    fi
+    
+    # Create builder if not exists
+    if ! docker buildx inspect multiarch-builder &>/dev/null; then
+        print_status "Creating buildx builder..."
+        docker buildx create --name multiarch-builder --driver docker-container --use
+    else
+        docker buildx use multiarch-builder
+    fi
+    
+    # Build and push (or load for local use)
+    if [[ -n "$REGISTRY" ]] && [[ "$PUSH" == "true" ]]; then
+        docker buildx build \
+            --platform linux/amd64,linux/arm64 \
+            -t "$tag" \
+            --push \
+            .
+    else
+        print_warning "Building for local use only. Use PUSH=true REGISTRY=your-registry to push."
+        docker buildx build \
+            --platform linux/amd64,linux/arm64 \
+            -t "$tag" \
+            --load \
+            .
+    fi
+    
+    print_status "Successfully built: $tag"
+}
+
+# Show help
+show_help() {
+    echo "Usage: $0 [COMMAND] [OPTIONS]"
+    echo ""
+    echo "Commands:"
+    echo "  amd64       Build for x86_64/AMD64 architecture"
+    echo "  arm64       Build for ARM64/aarch64 architecture"
+    echo "  multiarch   Build for all architectures (requires buildx)"
+    echo "  all         Build separate images for each architecture"
+    echo "  help        Show this help message"
+    echo ""
+    echo "Environment variables:"
+    echo "  IMAGE_NAME  Image name (default: alpine-unbound)"
+    echo "  VERSION     Image version tag (default: latest)"
+    echo "  REGISTRY    Docker registry to use (optional)"
+    echo "  PUSH        Set to 'true' to push multiarch images"
+    echo ""
+    echo "Examples:"
+    echo "  $0 amd64                           # Build for x86_64"
+    echo "  $0 arm64                           # Build for ARM64"
+    echo "  $0 all                             # Build for all architectures"
+    echo "  REGISTRY=ghcr.io/user PUSH=true $0 multiarch  # Build and push multiarch"
+}
+
+# Main
+case "${1:-help}" in
+    amd64)
+        build_single "amd64"
+        ;;
+    arm64)
+        build_single "arm64"
+        ;;
+    multiarch)
+        build_multiarch
+        ;;
+    all)
+        build_single "amd64"
+        build_single "arm64"
+        ;;
+    help|--help|-h)
+        show_help
+        ;;
+    *)
+        print_error "Unknown command: $1"
+        show_help
+        exit 1
+        ;;
+esac