more config

Dockerfile

@@ -1,6 +1,6 @@
 FROM docker.io/fedora:40
 
-RUN dnf -y update && dnf -y install unbound
+RUN dnf -y update && dnf -y install unbound openssl bind-utils
 
 ADD entrypoint.sh /
 
@@ -9,4 +9,6 @@ EXPOSE 53/tcp
 EXPOSE 443/tcp
 EXPOSE 853/tcp
 
-ENTRYPOINT sh /entrypoint.sh
+COPY local.d/* /etc/unbound/local.d/
+
+ENTRYPOINT sh /entrypoint.sh

entrypoint.sh

@@ -1,7 +1,17 @@
 #!/bin/sh
 
-if [ ! -f /etc/unbound/unbound_control.key ]; then
-    unbound-control-setup
+if [ ! -f /etc/pki/tls/private/unbound.pem ]; then
+    openssl ecparam -name prime256v1 -genkey -noout -out /etc/pki/tls/private/unbound.pem
+    chown unbound /etc/pki/tls/private/unbound.pem
+fi
+
+
+if [ ! -f /etc/pki/tls/certs/unbound.pem ]; then
+    openssl req -new -x509 \
+        -key /etc/pki/tls/private/unbound.pem \
+        -out /etc/pki/tls/certs/unbound.pem \
+        -subj "/CN=unbound" \
+        -days 1000
 fi
 
 /usr/sbin/unbound -d

local.d/listen.conf

@@ -0,0 +1,6 @@
+interface: 0.0.0.0@53
+interface: ::@53
+interface: 0.0.0.0@443
+interface: ::@443
+interface: 0.0.0.0@853
+interface: ::@853

local.d/logging.conf

@@ -0,0 +1,3 @@
+statistics-interval: 0
+logfile: ""
+use-syslog: no

local.d/tls.conf

@@ -0,0 +1,2 @@
+tls-service-key: /etc/pki/tls/private/unbound.pem
+tls-service-pem: /etc/pki/tls/certs/unbound.pem