From 8566959cfcaabb7c7148bf5a2ad543b1f041747e Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 28 Nov 2015 13:52:35 +0100 Subject: [PATCH] Have unbound listen to port 553 instead of the default port 53 This prevents issues with docker hosts already having a local resolver --- Dockerfile | 2 +- dnscrypt-wrapper.sh | 2 +- entrypoint.sh | 2 -- unbound.sh | 2 +- 4 files changed, 3 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index b84e071..da6df25 100644 --- a/Dockerfile +++ b/Dockerfile @@ -149,7 +149,7 @@ COPY watchdog.sh /etc/service/watchdog/run VOLUME ["/opt/dnscrypt-wrapper/etc/keys"] -EXPOSE 53/udp 53/tcp 443/udp 443/tcp +EXPOSE 443/udp 443/tcp CMD ["start"] diff --git a/dnscrypt-wrapper.sh b/dnscrypt-wrapper.sh index f784266..98ca1f2 100755 --- a/dnscrypt-wrapper.sh +++ b/dnscrypt-wrapper.sh @@ -52,7 +52,7 @@ prune exec /opt/dnscrypt-wrapper/sbin/dnscrypt-wrapper \ --user=_dnscrypt-wrapper \ --listen-address=0.0.0.0:443 \ - --resolver-address=127.0.0.1 \ + --resolver-address=127.0.0.1:553 \ --provider-name="$provider_name" \ --provider-cert-file="${STKEYS_DIR}/dnscrypt.cert" \ --crypt-secretkey-file=$(stkeys_files) diff --git a/entrypoint.sh b/entrypoint.sh index dd45a8b..d99f107 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -86,8 +86,6 @@ This is supposed to be called only once. * start (default command): start the resolver and the dnscrypt server proxy. Ports 443/udp and 443/tcp have to be publicly exposed. -Containers on the same virtual network can directly use this container's Unbound -instance as a DNS resolver, on the standard DNS port (53). * provider-info: prints the provide name and provider public key. diff --git a/unbound.sh b/unbound.sh index 0d9538e..d9d7fea 100755 --- a/unbound.sh +++ b/unbound.sh @@ -27,7 +27,7 @@ sed \ server: verbosity: 1 num-threads: @THREADS@ - interface: 127.0.0.1@53 + interface: 127.0.0.1@553 so-reuseport: yes edns-buffer-size: 1252 delay-close: 10000