From c8fe77ccd5ab4e91be2b55df8549a5665c85aff1 Mon Sep 17 00:00:00 2001 From: "dave@tiredofit.ca" Date: Fri, 14 Feb 2025 19:27:50 -0800 Subject: [PATCH] Release 2.6.0 - See CHANGELOG.md --- CHANGELOG.md | 10 +++++ Dockerfile | 5 +++ LICENSE | 2 +- README.md | 14 +++---- examples/docker-compose.yml | 2 +- install/assets/defaults/10-unbound | 4 +- install/assets/functions/10-unbound | 39 +++++++++---------- install/etc/services.available/10-unbound/run | 2 +- 8 files changed, 46 insertions(+), 32 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 098bdf3..77e32c8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,13 @@ +## 2.6.0 2025-02-14 + + ### Added + - Add configurable ROOT_HINTS_URI environment variable to choose where to refresh root hints from + - Include Root hints on build and update only if 30 days or older + + ### Changed + - Small amount of polish cleaning up old and weird variables + + ## 2.5.9 2024-12-07 ### Added diff --git a/Dockerfile b/Dockerfile index 780ac06..6c191b2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -62,6 +62,11 @@ RUN source /assets/functions/00-container && \ sed -i -e '/^LIBS=/s/-lpython.*[[:space:]]/ /' Makefile && \ make -j$(nproc)&& \ make install && \ + mkdir -p \ + /assets/unbound \ + && \ + curl -sSL https://www.internic.net/domain/named.cache -o /assets/unbound/named.cache && \ + chown -R unbound /assets/unbound && \ package remove .unbound-install-deps && \ package cleanup diff --git a/LICENSE b/LICENSE index 81d2163..c908bda 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ The MIT License (MIT) -Copyright (c) 2021 Dave Conroy +Copyright (c) 2024 Dave Conroy Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index 9029576..f6b88ea 100644 --- a/README.md +++ b/README.md @@ -19,14 +19,14 @@ Dockerfile to build an [Unbound DNS Cache](https://unbound.net) container image ## Table of Contents -- [Introduction](#introduction) -- [Authors](#authors) +- [About](#about) +- [Maintainer](#maintainer) - [Table of Contents](#table-of-contents) -- [Prerequisites](#prerequisites) +- [Prerequisites and Assumptions](#prerequisites-and-assumptions) - [Installation](#installation) - [Quick Start](#quick-start) - [Configuration](#configuration) - - [Data-Volumes](#data-volumes) + - [Persistent Storage](#persistent-storage) - [Environment Variables](#environment-variables) - [Networking](#networking) - [Maintenance](#maintenance) @@ -47,11 +47,11 @@ Automated builds of the image are available on [Docker Hub](https://hub.docker.c docker pull hub.docker.com/tiredofit/unbound:(imagetag) ``` -Builds of the image are also available on the [Github Container Registry](https://github.com/tiredofit/docker-tiredofit/pkgs/container/docker-tiredofit) - +Builds of the image are also available on the [Github Container Registry](https://github.com/tiredofit/docker-tiredofit/pkgs/container/docker-tiredofit) + ``` docker pull ghcr.io/tiredofit/docker-tiredofit:(imagetag) -``` +``` The following image tags are available: * `latest` - Most recent release of Unbound w/ Alpine Linux diff --git a/examples/docker-compose.yml b/examples/docker-compose.yml index bcbe58f..c0fb88a 100644 --- a/examples/docker-compose.yml +++ b/examples/docker-compose.yml @@ -1,4 +1,3 @@ -version: '3.7' services: unbound-app: @@ -10,6 +9,7 @@ services: - ./config:/config - ./logs:/logs environment: + - TIMEZONE=America/Vancouver - CONTAINER_NAME=unbound-hostname-app networks: - services diff --git a/install/assets/defaults/10-unbound b/install/assets/defaults/10-unbound index 15517b1..0008c60 100755 --- a/install/assets/defaults/10-unbound +++ b/install/assets/defaults/10-unbound @@ -39,8 +39,8 @@ PREFETCH_KEY=${PREFETCH_KEY:-"TRUE"} QNAME_MINIMIZATION=${QNAME_MINIMIZATION:-"TRUE"} REMOTE_CONTROL_LISTEN_IP=${REMOTE_CONTROL_LISTEN_IP:-"127.0.0.1"} REMOTE_CONTROL_LISTEN_PORT=${REMOTE_CONTROL_LISTEN_PORT:-"8953"} -ROOT_HINTS=${ROOT_HINTS:-"${CONFIG_PATH}root.hints"} -RRSET_ROUNDROBIN=${RRSET_ROUNDROBIN:-"TRUE"} +ROOT_HINTS_FILE=${ROOT_HINTS_FILE:-"${CONFIG_PATH}/root.hints"} +ROOT_HINTS_URI=${ROOT_HINTS_URI:-"https://www.internic.net/domain/named.root"} SETUP_TYPE=${SETUP_TYPE:-"AUTO"} SO_BUFFER_RECEIVE=${SO_BUFFER_RECEIVE:-""} SO_BUFFER_SEND=${SO_BUFFER_SEND:-""} diff --git a/install/assets/functions/10-unbound b/install/assets/functions/10-unbound index 1dbcb83..e4b74e0 100755 --- a/install/assets/functions/10-unbound +++ b/install/assets/functions/10-unbound @@ -54,21 +54,20 @@ EOF } create_configuration() { - if [ "$SETUP_TYPE" = "AUTO" ]; then + if [ "${SETUP_TYPE,,}" = "auto" ]; then print_notice "Configuring Unbound" - mkdir -p "${CONFIG_PATH}"conf.d - chown -R "${UNBOUND_USER}" "${CONFIG_PATH}" + mkdir -p "${CONFIG_PATH}"/conf.d - if [ ! -f "${ROOT_HINTS}" ] ; then - print_notice "Downloading Root Hints" - sudo -u "${UNBOUND_USER}" curl ftp://ftp.internic.net/domain/named.cache > "${ROOT_HINTS}" - else - if [[ $(find "$ROOT_HINTS" -mtime +30 -print) ]] ; then - print_notice "Root Hints are older than 30 days - Refreshing" - sudo -u "${UNBOUND_USER}" curl ftp://ftp.internic.net/domain/named.cache > "${ROOT_HINTS}" - fi + if [ ! -f "${ROOT_HINTS_FILE}" ] ; then + cp -aR /assets/unbound/named.cache "${ROOT_HINTS_FILE}" + fi + if [[ $(find "${ROOT_HINTS_FILE}" -mtime +30 -print) ]] ; then + print_notice "Root Hints are older than 30 days - Refreshing" + curl -sSL "${ROOT_HINTS_URI}" | sudo -u "${UNBOUND_USER}" tee "${ROOT_HINTS_FILE}" fi + chown -R "${UNBOUND_USER}" "${CONFIG_PATH}" + truefalse_yesno DENY_ANY truefalse_yesno ENABLE_IPV4 truefalse_yesno ENABLE_IPV6 @@ -132,7 +131,7 @@ server: prefetch: ${PREFETCH} prefetch-key: ${PREFETCH_KEY} qname-minimisation: ${QNAME_MINIMIZATION} - root-hints: ${ROOT_HINTS} + root-hints: ${ROOT_HINTS_FILE} so-reuseport: ${SO_REUSE_PORT} statistics-cumulative: ${STATISTICS_CUMULATIVE} statistics-interval: ${STATISTICS_INTERVAL} @@ -156,9 +155,9 @@ EOF } configure_logging() { - if [ "$SETUP_TYPE" = "AUTO" ]; then + if [ "${SETUP_TYPE,,}" = "auto" ]; then print_debug "Configuring Logging" - if [ "$LOG_TYPE" = "FILE" ] || [ "$LOG_TYPE" = "file" ] ; then + if [ "${LOG_TYPE,,}" = "file" ] ; then mkdir -p "${LOG_PATH}" touch "${LOG_PATH}"/"${LOG_FILE}" chown -R "${UNBOUND_USER}": "${LOG_PATH}" @@ -169,20 +168,20 @@ configure_logging() { fi ### Translate Logging - case "$LOG_LEVEL" in - "DETAILED" | "detailed" | "2" ) + case "${LOG_LEVEL,,}" in + detailed | 2 ) LOG_LEVEL=2 ;; - "QUERY" | "query" | "3" ) + query | 3 ) LOG_LEVEL=3 ;; - "ERROR" | "error" | "err" | "0" ) + err* | 0 ) LOG_LEVEL=0 ;; - "ALGORITHM" | "algorithm" | "4" ) + algorithm | 4 ) LOG_LEVEL=4 ;; - "CLIENT" | "client" | "5" ) + client | 5 ) LOG_LEVEL=5 ;; esac diff --git a/install/etc/services.available/10-unbound/run b/install/etc/services.available/10-unbound/run index cc740b2..f02296e 100755 --- a/install/etc/services.available/10-unbound/run +++ b/install/etc/services.available/10-unbound/run @@ -8,5 +8,5 @@ check_container_initialized check_service_initialized init liftoff -print_start "Starting Unbound $(echo "${UNBOUND_VERSION}" | sed 's|release||g')" +print_start "Starting Unbound ${UNBOUND_VERSION/release-}" exec unbound -c "${CONFIG_PATH}""${CONFIG_FILE}" -d