Docker pulls GitHub CI GitLab CI License


hBlock Resolver

A Docker image of Knot Resolver configured to automatically block ads, tracking and malware domains with hBlock.

Start an instance

docker run --detach \
  --name hblock-resolver \
  --publish 127.0.0.153:53:53/udp \
  --publish 127.0.0.153:53:53/tcp \
  --publish 127.0.0.153:443:443/tcp \
  --publish 127.0.0.153:853:853/tcp \
  --publish 127.0.0.153:8453:8453/tcp \
  --mount type=volume,src=hblock-resolver-data,dst=/var/lib/knot-resolver/ \
  docker.io/hectormolinero/hblock-resolver:latest

Warning: do not expose this service to the open internet. An open DNS resolver represents a significant threat and it can be used in a number of different attacks, such as DNS amplification attacks.

Environment variables

KRESD_CACHE_SIZE (default: 50)

Maximum cache size in megabytes.

KRESD_DNS{1..4}_IP (default: [email protected] and [email protected])

IP (and optionally port) of the DNS-over-TLS server to which the queries will be forwarded (alternative DoT servers).

KRESD_DNS{1..4}_HOSTNAME (default: cloudflare-dns.com)

Hostname of the DNS-over-TLS server to which the queries will be forwarded (CA+hostname authentication docs).

KRESD_DNS{1..4}_PIN_SHA256 (default: empty)

Certificate hash of the DNS-over-TLS server to which the queries will be forwarded (key-pinned authentication docs).

KRESD_WATCHDOG_QNAME (default: cloudflare.com.)

Query name to check the health status of kresd.

KRESD_WATCHDOG_QTYPE (default: A)

Query type to check the health status of kresd.

KRESD_WATCHDOG_INTERVAL (default: 10)

Interval in seconds to check the health status of kresd.

KRESD_STATS_BLOCKED_COUNT (default: 100)

Number of recently blocked domains to expose in stats.

KRESD_CERT_MANAGED (default: true)

If equals true, a self-signed certificate will be generated. You can provide your own certificate with these options:

  --env KRESD_CERT_MANAGED=false \
  --mount type=bind,src=/path/to/server.key,dst=/var/lib/knot-resolver/ssl/server.key,ro \
  --mount type=bind,src=/path/to/server.crt,dst=/var/lib/knot-resolver/ssl/server.crt,ro \

Note: for a more advanced setup, look at the following example with Let's Encrypt and Caddy.

KRESD_NIC (default: empty)

If defined, kresd will only listen on the specified interface. Some users observed a considerable, close to 100%, performance gain in Docker containers when they bound the daemon to a single interface:ip address pair (dynamic configuration docs, CZ-NIC/knot-resolver#32).

KRESD_LOG_LEVEL (default: notice)

Set the global logging level. The possible values are: crit, err, warning, notice, info or debug.

Additional configuration

Main Knot DNS Resolver configuration is located in /etc/knot-resolver/kresd.conf. If you would like to add additional configuration, add one or more *.conf files under /etc/knot-resolver/kresd.conf.d/.

License

See the license file.

Hblock Resolver

A Docker image of Knot DNS Resolver with hBlock.

Hblock Resolver Info

⭐ Stars 16
🔗 Homepage hub.docker.com
🔗 Source Code github.com
🕒 Last Update 16 days ago
🕒 Created 4 years ago
🐞 Open Issues 0
➗ Star-Issue Ratio Infinity
😎 Author hectorm