Unbound is a validating, recursive, caching DNS resolver.
docker create --name=unbound \
-v <path to config>:/config \
-p 53:53 \
-p 53:53/udp \
antilax3/unbound
The parameters are split into two halves, separated by a colon, the left hand side representing the host and the right the container side. For example with a volume -v external:internal - what this shows is the volume mapping from internal to external of the container. So -v /mnt/app/config:/config would map /config from inside the container to be accessible from /mnt/app/config on the host's filesystem.
-v /config- local path for Unbound config file-p 53- TCP port for Unbound-p 53/udp- UDP port for Unbound-e PUID- for UserID, see below for explanation-e PGID- for GroupID, see below for explanation-e TZ- for setting timezone information, eg Australia/Melbourne
It is based on alpine linux with s6 overlay, for shell access whilst the container is running do docker exec -it unbound /bin/bash.
Sometimes when using data volumes (-v flags) permissions issues can arise between the host OS and the container. We avoid this issue by allowing you to specify the user PUID and group PGID. Ensure the data volume directory on the host is owned by the same user you specify and it will "just work".
In this instance PUID=1001 and PGID=1001. To find yours use id user as below:
$ id <dockeruser>
uid=1001(dockeruser) gid=1001(dockergroup) groups=1001(dockergroup)
The container uses a single volume mounted at /config. This volume stores the configuration file unbound.conf.
config
|-- unbound.conf
The unbound.conf is copied to the /config volume when first run.
Unbound documentation details each option and its expected value(s).
- 04/07/25: Updated to use alpine 3.22 image and s6 v3 service structure
- 12/08/21: Fix root.hints and trusted-key.key
- 12/06/21: Drop edge version of applications
- 07/12/20: Install edge version of musl
- 03/11/20: Drop permissions through Unbound, fix logging and remove libcap requirement
- 03/11/20: Initial Release