Day 8: Unbound exploration

Goals

• Learn more about unbound and how I might use it with Pi-hole

Findings/Results

• As mentioned back on day 3 I am interested in using unbound to handle DNS within my homelab and home network. Today I spent some time with a couple of Docker images and a Helm chart available in the space and found a few things lacking:
  • The Helm chart from pascaliske worked out of the box but lacks some customization. Specifically, I’d like to be able to customize the configuration file through the use of a ConfigMap, but the configuration file for this is baked into his Docker image.
  • The unbound configuration baked into pascaliske’s image lacks support for DNSSEC because it does not run unbound-anchor to download the trust anchor and the configuration doesn’t reference the trust anchor. I found this documentation on how to configure unbound to enable this feature.
  • I started customizing this into my own Docker image based on pascaliske’s, but I need to decide if I want to use it or pivot to this more complete and more widely used image from crazymax. I think I may create my own Helm chart based on this image which allows me to customize the pieces I need instead of rolling my own image. This is a work in progress which will eventually be available through jwbennet/homelab-pihole.