Add Unbound as better DNSSEC enabled resolver

data/Dockerfiles/unbound/Dockerfile

@@ -0,0 +1,21 @@
+FROM alpine:3.6
+
+LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
+
+RUN apk add --update --no-cache \
+	curl \
+	unbound \
+	bash \
+	openssl \
+	drill \
+	&& curl -o /etc/unbound/root.hints https://www.internic.net/domain/named.cache \
+	&& chown root:unbound /etc/unbound \
+	&& chmod 775 /etc/unbound
+
+COPY unbound.conf /etc/unbound/unbound.conf
+
+EXPOSE 53/udp 53/tcp
+
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+
+ENTRYPOINT ["/docker-entrypoint.sh"]

data/Dockerfiles/unbound/docker-entrypoint.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+unbound-control-setup
+echo "Receiving anchor key..."
+/usr/sbin/unbound-anchor -a /etc/unbound/trusted-key.key
+echo "Receiving root hints..."
+curl -#o /etc/unbound/root.hints https://www.internic.net/domain/named.cache
+
+exec "$@"

data/Dockerfiles/unbound/unbound.conf

@@ -0,0 +1,28 @@
+server:
+	verbosity: 2
+	interface: 0.0.0.0
+	interface: ::0
+	logfile: /dev/stdout
+	do-ip4: yes
+	do-ip6: yes
+	do-udp: yes
+	do-tcp: yes
+	do-daemonize: no
+	access-control: 172.22.1.0/24 allow
+	access-control: fd4d:6169:6c63:6f77::/64 allow
+	directory: "/etc/unbound"
+	username: unbound
+	auto-trust-anchor-file: trusted-key.key
+	private-address: 10.0.0.0/8
+	private-address: 172.16.0.0/12
+	private-address: 192.168.0.0/16
+	private-address: 169.254.0.0/16
+	private-address: fd00::/8
+	private-address: fe80::/10
+	root-hints: "/etc/unbound/root.hints"
+remote-control:
+	control-enable: yes
+	server-key-file: /etc/unbound/unbound_server.key
+	server-cert-file: /etc/unbound/unbound_server.pem
+	control-key-file: /etc/unbound/unbound_control.key
+	control-cert-file: /etc/unbound/unbound_control.pem