Added /opt/unbound/etc/unbound/zones directory and a section in the README discussing how to customize Unbound

README.md

@@ -61,6 +61,53 @@ edit the [dnscrypt.csv](https://github.com/jedisct1/dnscrypt-proxy/blob/master/d
 file to add your resolver's informations, and submit a pull request to have it
 included in the list of public DNSCrypt resolvers!
 
+Customizing Unbound
+============
+
+To add new configuration to Unbound, add files to the `/opt/unbound/etc/unbound/zones`
+directory. All files ending in `.conf` will be processed. In this manner, you
+can add any directives to the `server:` section of the Unbound configuration.
+
+Serve custom DNS records on a local network
+------------------------------------------
+While Unbound is not a full authoritative name server, it supports resolving
+custom entries in a way that is serviceable on a small, private LAN. You can use
+unbound to resolve private hostnames such as `my-computer.example.com` within
+your LAN.
+
+To support such custom entries using this image, first map a volume to the zones
+directory. Add this to your `docker run` line:
+
+    -v /myconfig/zones:/opt/unbound/etc/unbound/zones
+
+The whole command to create and initialize a container would look something like
+this:
+
+    $ docker run --name=dnscrypt-server \
+        -v /myconfig/zones:/opt/unbound/etc/unbound/zones \
+        -p 443:443/udp -p 443:443/tcp --net=host \
+        jedisct1/unbound-dnscrypt-server init -N example.com
+
+Create a new `.conf` file:
+
+    $ touch /myconfig/zones/example.conf
+
+Now, add one or more unbound directives to the file, such as:
+
+    local-zone: "example.com." static
+    local-data: "my-computer.example.com. IN A 10.0.0.1"
+    local-data: "other-computer.example.com. IN A 10.0.0.2"
+
+Troubleshooting
+---------------
+
+If Unbound doesn't like one of the newly added directives, it
+will probably not respond over the network. In that case, here are some commands
+to work out what is wrong:
+
+    $ docker logs dnscrypt
+    $ docker exec dnscrypt /opt/unbound/sbin/unbound-checkconf
+
 Details
 =======
 

unbound.sh

@@ -1,6 +1,7 @@
 #! /bin/sh
 
 KEYS_DIR="/opt/dnscrypt-wrapper/etc/keys"
+ZONES_DIR="/opt/unbound/etc/unbound/zones"
 
 reserved=12582912
 availableMemory=$((1024 * $( (fgrep MemAvailable /proc/meminfo || fgrep MemTotal /proc/meminfo) | sed 's/[^0-9]//g' ) ))
@@ -25,6 +26,7 @@ sed \
     -e "s/@PROVIDER_NAME@/${provider_name}/" \
     -e "s/@RR_CACHE_SIZE@/${rr_cache_size}/" \
     -e "s/@THREADS@/${threads}/" \
+    -e "s/@ZONES_DIR@/${ZONES_DIR}" \
     > /opt/unbound/etc/unbound/unbound.conf << EOT
 server:
   verbosity: 1
@@ -77,7 +79,7 @@ server:
   local-zone: "test." static
   local-zone: "@PROVIDER_NAME@." refuse
 
-  include: "/opt/unbound/etc/unbound/zones/*.conf"
+  include: "@ZONES_DIR@/*.conf"
 
 remote-control:
   control-enable: yes
@@ -96,4 +98,6 @@ if [ ! -f /opt/unbound/etc/unbound/unbound_control.pem ]; then
   /opt/unbound/sbin/unbound-control-setup
 fi
 
+mkdir -p /opt/unbound/etc/unbound/zones
+
 exec /opt/unbound/sbin/unbound