logoalt Hacker News

justsomehnguytoday at 4:12 PM0 repliesview on HN

Solved this type of shenanigans some years ago with this.

New-UnboundInterface.sh - linux/rhel-like specific

    # create a bridge interface for Unbound
    # because Docker...
    IFTYPE=bridge
    IFNAME=unbound0
    IPADDR=10.53.0.1
    IPADDR6=fd53:fd53:fd53::1
    nmcli connection add type $IFTYPE ifname $IFNAME
    nmcli connection modify $IFTYPE-$IFNAME ip4 $IPADDR/32
    nmcli connection modify $IFTYPE-$IFNAME ipv4.dns $IPADDR
    nmcli connection modify $IFTYPE-$IFNAME ip6 $IPADDR6/64
    nmcli connection modify $IFTYPE-$IFNAME ipv6.dns $IPADDR6
    nmcli connection up $IFTYPE-$IFNAME

    firewall-cmd --new-zone=unbound --permanent
    firewall-cmd --zone=unbound --permanent --change-interface=$IFNAME
    firewall-cmd --zone=unbound --permanent --add-service=dns
    firewall-cmd --reload
00-localinterface.conf

    # should be placed in /etc/unbound/conf.d
    # bind to a specified IP address, allow access
    server:
            interface: 10.53.0.1
            interface: fd53:fd53:fd53::1
            access-control: 10.53.0.1/32 allow
            access-control: fd53:fd53:fd53::1/128 allow
91-allow-docker-containers.conf

    # allow queries from the Docker "bridge"
    server:
            access-control: 172.18.0.1/16 allow