So many changes took place from the last time I was telling you about my unofficial unbound docker image. As you can see I am still very committed to make this image as good as I can and that's the reason I've made a fresh show hn.

What happened?

I was surprised that the image wasn't that secure as I was thinking.

RTFM you say? You are absolutely right!

Anyway, I bit the pill and moved from chroot'ing to distroless and I didn't regret it. The image is so much more secure now and since I try to work smart, I've also implemented workflows to automatically update my image when an Unbound update was released by NLnet Labs.

Some users were expecting issues regading the changed config parameters but so far it looks nice and I had less to do than I was expecting.

One perfect addition was flanging redis as cachedb onto unbound. The performance is extraordinary via UnixSocket which I made possible by using a proxy image which holds the redis.sock to make it available to the limited _unbound user.

Another thing is that you can set environment variables in your compose file, so the uid and gid ain't hardcoded anymore. Yes @kernbug is a MVP to me.

If you use Zabbix and like graphs in Grafana like I do, check out my unbound-docker-stats: https://github.com/madnuttah/unbound-docker-stats which should be usable with any unbound-docker image with my 'frankensteined' healthcheck script.

I hope you like what I do and I'm keen to hear your constructive criticism.

You'll find the image's sources here: https://github.com/madnuttah/unbound-docker-stats

Cheers and all the best, madnuttah

Edit: formatting