Unbound config

.gitignore

@@ -19,4 +19,6 @@ app-data/nextcloud/data/redis/*
 !app-data/wg-easy/.gitkeep
 
 # Pi-hole app
-app-data/pi-hole/*
+app-data/pi-hole/data/pihole/*
+app-data/pi-hole/data/dnsmasq/*
+!app-data/pi-hole/data/unbound

app-data/pi-hole/data/unbound/unbound.conf

@@ -0,0 +1,24 @@
+## DNS Over TLS, Simple ENCRYPTED recursive caching DNS, TCP port 853
+## unbound.conf, original at https://calomel.org/unbound_dns.html
+# tweaks by bartonbytes.com
+server:
+access-control: 127.0.0.0/8 allow
+cache-max-ttl: 14400
+cache-min-ttl: 600
+do-tcp: yes
+hide-identity: yes
+hide-version: yes
+interface: 127.0.0.1
+minimal-responses: yes
+prefetch: yes
+qname-minimisation: yes
+rrset-roundrobin: yes
+ssl-upstream: yes
+use-caps-for-id: yes
+verbosity: 1
+port: 5533
+#
+forward-zone:
+name: "."
+forward-addr: 194.242.2.3@853 # Mullvad primary
+forward-addr: 193.19.108.3@853 # Mullvad secondary

apps/pi-hole/docker-compose.yml

@@ -1,6 +1,14 @@
 version: "3.7"
 
 services:
+  unbound:
+    image: "klutchell/unbound:latest"
+    volumes:
+      - ${APP_DATA_DIR}/data/unbound:/etc/unbound
+    networks:
+      default:
+       ipv4_address: $APP_UNBOUND_IP
+
   server:
     image: pihole/pihole
     restart: on-failure
@@ -14,6 +22,9 @@ services:
     environment:
       - VIRTUAL_HOST=${APP_DOMAIN}
       - WEBPASSWORD=${APP_PASSWORD}
+      - PIHOLE_DNS=${APP_UNBOUND_IP}
+    depends_on:
+      - unbound
     networks:
       default:
         ipv4_address: $APP_PI_HOLE_IP