This allows you to run a Stubby container for DNS over TLS support.
According to the Stubby documentation:
Unbound can be configured as a local forwarder using DNS-over-TLS to forward queries. However at the moment Unbound does not have all the TCP/TLC features that Stubby has for example, it cannot support 'Strict' mode, it cannot pad queries to hide query size and it opens a separate connection for every DNS query (Stubby will re-use connections)
However, Unbound is a more mature and stable daemon and may be more reliable today.
Stubby performs DNS resolution over TLS. By default, this container is configured to use Cloudflare DNS.
(assuming you use other DNS containers with "Network Type = Custom : br0" such as pihole or unbound)
-
Network Type = Custom : br0
a. Set your own IP address -
Port Mapping
a. Name: Host Port 1
b. Host Port: 53
c. Connection Type: TCP -
Port Mapping
a. Name: Host Port 2
b. Host Port: 53
c. Connection Type: UDP -
Path/Volume Mapping
a. Name: Appdata
b. Container Path: /opt/stubby/etc/stubby/
c. Host Path: /mnt/user/appdata/stubby/
d. Access Mode: Read/Write
Start the container to allow it to create the "/appdata/stubby/" folder.
Stop the containter.
Download/copy the stubby.yml file to the appdata folder.
Restart the container.
Point your DNS to the IP of the Stubby container.
Open the console and type "stubby -V" to see the version.
https://github.com/getdnsapi/stubby/releases
Many thanks to the original creator. See original acknowledgements.
- Matthew Vance (https://github.com/MatthewVance/stubby-docker)
Unless otherwise specified, all code is released under the MIT License (MIT). See the repository's LICENSE
file for details.
(originally from https://github.com/MatthewVance/stubby-docker)
- DNSCrypt server Docker image: ISC License
- Docker: Apache 2.0
- OpenSSL: Apache-style license
- Stubby: BSD-3-Clause