Stubby Docker
| Project Name | Stars | Downloads | Repos Using This | Packages Using This | Most Recent Commit | Total Releases | Latest Release | Open Issues | License | Language |
|---|---|---|---|---|---|---|---|---|---|---|
| Amass | 9,000 | 2 | 2 days ago | 48 | September 23, 2022 | 124 | other | Go | ||
| In-depth Attack Surface Mapping and Asset Discovery | ||||||||||
| Docker Pi Hole | 6,283 | 25 days ago | 29 | Shell | ||||||
| Pi-hole in a docker container | ||||||||||
| App | 3,546 | 21 hours ago | 97 | agpl-3.0 | Python | |||||
| The SimpleLogin back-end | ||||||||||
| Netflix Proxy | 3,430 | 4 months ago | 5 | mit | Python | |||||
| Smart DNS proxy to watch Netflix | ||||||||||
| Opendevops | 3,367 | 17 days ago | 67 | gpl-3.0 | Python | |||||
| CODO是一款为用户提供企业多混合云、一站式DevOps、自动化运维、完全开源的云管理平台、自动化运维平台 | ||||||||||
| Wirehole | 3,040 | 2 months ago | 41 | |||||||
| WireHole is a combination of WireGuard, Pi-hole, and Unbound in a docker-compose project with the intent of enabling users to quickly and easily create a personally managed full or split-tunnel WireGuard VPN with ad blocking capabilities thanks to Pi-hole, and DNS caching, additional privacy options, and upstream providers via Unbound. | ||||||||||
| Gluetun | 3,000 | 13 days ago | 51 | April 25, 2021 | 127 | mit | Go | |||
| VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in. | ||||||||||
| Play With Docker | 2,488 | 19 days ago | 10 | September 07, 2021 | 78 | mit | JavaScript | |||
| You know it, you use it, now it's time to improve it. PWD!. | ||||||||||
| Dinghy | 2,074 | 4 years ago | 1 | August 08, 2018 | 26 | mit | Ruby | |||
| faster, friendlier Docker on OS X | ||||||||||
| Nextcloudpi | 1,972 | 3 days ago | 127 | Shell | ||||||
| 📦 Build code for NextcloudPi: Raspberry Pi, Odroid, Rock64, Docker, curl installer... | ||||||||||
Unbound and Stubby Docker Images
What does this do?
This allows you to run Stubby without losing the performance benefits of having a local caching DNS resolver. Historically, Stubby had better DNS over TLS support than Unbound.
To achieve this, this setup uses two containers, one running Stubby and another running Unbound. Unbound exposes DNS over port 53 and forwards requests not in its cache to the Stubby container on port 8053 (not publically exposed). Stubby then performs DNS resolution over TLS. By default, this is configured to use Cloudflare DNS.
How to use
Building
sudo docker build -t mvance/stubby:latest .
sudo docker build -t mvance/unbound:1.13.1-stubby .
Standard usage
Run these containers with the following command:
docker-compose up -d
Next, point your DNS to the IP of your Docker host running the Unbound container.
Serve Custom DNS Records for Local Network
While Unbound is not a full authoritative name server, it supports resolving custom entries on a small, private LAN. In other words, you can use Unbound to resolve fake names such as your-computer.local within your LAN.
To support such custom entries using this image, you need to update the provided a-records.conf file. This conf file is where you will define your custom entries for forward and reverse resolution.
The a-records.conf file should use the following format:
# A Record
#local-data: "somecomputer.local. A 192.168.1.1"
local-data: “laptop.local. A 192.168.1.2”
# PTR Record
#local-data-ptr: "192.168.1.1 somecomputer.local."
local-data-ptr: "192.168.1.2 laptop.local."
Use a customized Unbound configuration
Instead of using this image's default Unbound configuration, you may supply your own unbound.conf. See my unbound-docker README for further details. Note, you will likely want to apply the concepts from those directions via docker-compose.yml.
Issues
If you have any problems with or questions about this image, please contact me through a GitHub issue.
Contributing
You are invited to contribute new features, fixes, or updates, large or small. I imagine the upstream projects would be equally pleased to receive your contributions.
Please familiarize yourself with the repository's README.md file before attempting a pull request.
Before you start to code, I recommend discussing your plans through a GitHub issue, especially for more ambitious contributions. This gives other contributors a chance to point you in the right direction, give you feedback on your design, and help you find out if someone else is working on the same thing.
Acknowledgments
These deserve credit for making this all possible.
- Docker
- DNSCrypt server Docker image
- Docker
- Filippo Valsorda's Gist
- Franksn's Reddit post
- OpenSSL
- Unbound
Licenses
License
Unless otherwise specified, all code is released under the MIT License (MIT). See the repository's LICENSE file for details.
Licenses for other components
- DNSCrypt server Docker image: ISC License
- Docker: Apache 2.0
- OpenSSL: Apache-style license
- Stubby: BSD-3-Clause
- Unbound: BSD License
