# Alpine Unbound DNS Server A lightweight Alpine-based Unbound DNS resolver container, optimized for homelab use. ## Features - ðŸŠķ **Lightweight**: ~50MB image size (vs ~500MB+ for Ubuntu-based) - 🔒 **DNSSEC Validation**: Full DNSSEC support with automatic root trust anchor updates - 🏗ïļ **Multi-Architecture**: Native support for x86_64 and ARM64 (Raspberry Pi, Apple Silicon) - âĪïļ **Health Checks**: Built-in health monitoring - 🔧 **Hardened Config**: Security best practices out of the box - 📊 **Resource Efficient**: Memory limits of 128MB (typically uses ~30-50MB) ## Quick Start ### Using Docker Compose ```bash docker-compose up -d ``` ### Building Manually ```bash # For x86_64/AMD64 docker build -f Dockerfile.amd64 -t alpine-unbound:amd64 . # For ARM64 (Raspberry Pi 4/5, Apple Silicon) docker build -f Dockerfile.arm64 -t alpine-unbound:arm64 . # Multi-arch build (if using buildx) ./build.sh multiarch ``` ## Architecture-Specific Dockerfiles | File | Architecture | Use Case | |------|-------------|----------| | `Dockerfile` | Auto-detect | General use, multi-arch builds | | `Dockerfile.amd64` | x86_64 | Intel/AMD servers, desktop PCs | | `Dockerfile.arm64` | ARM64 | Raspberry Pi 4/5, Apple Silicon, AWS Graviton | ## Configuration The default configuration (`unbound.conf`) includes: - Listening on port **5335** (to avoid conflicts with other DNS services) - Access allowed from all RFC1918 private networks - DNSSEC validation enabled - Query name minimization for privacy - Aggressive caching for performance - Security hardening options ### Custom Configuration Mount your own config files: ```yaml volumes: - ./my-unbound.conf:/etc/unbound/unbound.conf:ro - ./conf.d/:/etc/unbound/unbound.conf.d/:ro ``` ## Integration with Pi-hole Use as upstream DNS for Pi-hole: ```yaml # In Pi-hole's docker-compose.yml environment: - PIHOLE_DNS_=172.17.0.1#5335 ``` ## Comparison with Ubuntu Version | Aspect | Alpine | Ubuntu | |--------|--------|--------| | Image Size | ~50MB | ~500MB+ | | Memory Usage | ~30-50MB | ~100-200MB | | SSH Access | ❌ | ✅ | | Dev Tools | ❌ | ✅ | | Shell | ash | zsh (oh-my-zsh) | | Init System | tini | supervisord | | Startup Time | <1s | ~5s | Choose **Alpine** for: Production DNS, resource-constrained devices, simple deployments. Choose **Ubuntu** for: Development, debugging, when you need SSH access or interactive shell. ## Ports | Port | Protocol | Description | |------|----------|-------------| | 5335 | TCP/UDP | Unbound DNS | ## Environment Variables | Variable | Default | Description | |----------|---------|-------------| | `TZ` | `UTC` | Timezone | ## Health Check The container includes automatic health checks using `drill`: ```bash drill @127.0.0.1 -p 5335 google.com ``` ## Troubleshooting ### Check if Unbound is running ```bash docker exec alpine_unbound drill @127.0.0.1 -p 5335 google.com ``` ### View logs ```bash docker logs alpine_unbound ``` ### Test DNSSEC validation ```bash docker exec alpine_unbound drill -D sigok.verteiltesysteme.net @127.0.0.1 -p 5335 ``` ## License MIT