Add Unbound as better DNSSEC enabled resolver

2017-06-12 23:48:27 +02:00
parent db01b08926
commit b367ec0ace
4 changed files with 119 additions and 12 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,5 +1,24 @@
 version: '2.1'
 services:
+
+    unbound-mailcow:
+      image: mailcow/unbound
+      command: /usr/sbin/unbound
+      depends_on:
+        mysql-mailcow:
+          condition: service_healthy
+      healthcheck:
+        test: ["CMD", "drill", "A", "servercow.de", "@127.0.0.1"]
+        interval: 10s
+        timeout: 30s
+        retries: 5
+      restart: always
+      networks:
+        mailcow-network:
+          ipv4_address: 172.22.1.254
+          aliases:
+            - bind9
+
    mysql-mailcow:
      image: mariadb:10.1
      healthcheck:
@@ -16,6 +35,9 @@ services:
        - MYSQL_USER=${DBUSER}
        - MYSQL_PASSWORD=${DBPASS}
      restart: always
+      dns:
+        - 172.22.1.254
+      dns_search: mailcow-network
      networks:
        mailcow-network:
          aliases:
@@ -24,11 +46,13 @@ services:
    redis-mailcow:
      image: redis:alpine
      depends_on:
-        mysql-mailcow:
-          condition: service_healthy
+        - unbound-mailcow
      volumes:
        - redis-vol-1:/data/
      restart: always
+      dns:
+        - 172.22.1.254
+      dns_search: mailcow-network
      networks:
        mailcow-network:
          aliases:
@@ -38,6 +62,9 @@ services:
      image: mailcow/clamd
      build: ./data/Dockerfiles/clamav
      restart: always
+      dns:
+        - 172.22.1.254
+      dns_search: mailcow-network
      networks:
        mailcow-network:
          aliases:
@@ -52,8 +79,7 @@ services:
        /usr/bin/rspamd -f -u _rspamd -g _rspamd
        "
      depends_on:
-        nginx-mailcow:
-          condition: service_healthy
+        - nginx-mailcow
      volumes:
        - ./data/conf/rspamd/override.d/:/etc/rspamd/override.d:ro
        - ./data/conf/rspamd/local.d/:/etc/rspamd/local.d:ro
@@ -61,6 +87,9 @@ services:
        - dkim-vol-1:/data/dkim
        - rspamd-vol-1:/var/lib/rspamd
      restart: always
+      dns:
+        - 172.22.1.254
+      dns_search: mailcow-network
      hostname: rspamd
      networks:
        mailcow-network:
@@ -84,6 +113,9 @@ services:
        - DBPASS=${DBPASS}
        - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
      restart: always
+      dns:
+        - 172.22.1.254
+      dns_search: mailcow-network
      networks:
        mailcow-network:
          aliases:
@@ -93,8 +125,7 @@ services:
      image: mailcow/sogo
      build: ./data/Dockerfiles/sogo
      depends_on:
-        mysql-mailcow:
-          condition: service_healthy
+        - unbound-mailcow
      environment:
        - DBNAME=${DBNAME}
        - DBUSER=${DBUSER}
@@ -103,6 +134,9 @@ services:
      volumes:
        - ./data/conf/sogo/:/etc/sogo/
      restart: always
+      dns:
+        - 172.22.1.254
+      dns_search: mailcow-network
      networks:
        mailcow-network:
          ipv4_address: 172.22.1.252
@@ -113,8 +147,7 @@ services:
      image: mailcow/dovecot
      build: ./data/Dockerfiles/dovecot
      depends_on:
-        mysql-mailcow:
-          condition: service_healthy
+        - unbound-mailcow
      volumes:
        - ./data/conf/dovecot:/usr/local/etc/dovecot
        - ./data/assets/ssl:/etc/ssl/mail/:ro
@@ -132,6 +165,9 @@ services:
        - "${POPS_PORT:-995}:995"
        - "${SIEVE_PORT:-4190}:4190"
      restart: always
+      dns:
+        - 172.22.1.254
+      dns_search: mailcow-network
      hostname: ${MAILCOW_HOSTNAME}
      networks:
        mailcow-network:
@@ -142,8 +178,7 @@ services:
      image: mailcow/postfix
      build: ./data/Dockerfiles/postfix
      depends_on:
-        mysql-mailcow:
-          condition: service_healthy
+        - unbound-mailcow
      volumes:
        - ./data/conf/postfix:/opt/postfix/conf
        - ./data/assets/ssl:/etc/ssl/mail/:ro
@@ -158,6 +193,9 @@ services:
        - "${SMTPS_PORT:-465}:465"
        - "${SUBMISSION_PORT:-587}:587"
      restart: always
+      dns:
+        - 172.22.1.254
+      dns_search: mailcow-network
      hostname: ${MAILCOW_HOSTNAME}
      networks:
        mailcow-network:
@@ -167,9 +205,11 @@ services:
    memcached-mailcow:
      image: memcached:alpine
      depends_on:
-        mysql-mailcow:
-          condition: service_healthy
+        - unbound-mailcow
      restart: always
+      dns:
+        - 172.22.1.254
+      dns_search: mailcow-network
      networks:
        mailcow-network:
          aliases:
@@ -202,6 +242,9 @@ services:
        - "${HTTPS_BIND:-0.0.0.0}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}"
        - "${HTTP_BIND:-127.0.0.1}:${HTTP_PORT:-80}:${HTTP_PORT:-80}"
      restart: always
+      dns:
+        - 172.22.1.254
+      dns_search: mailcow-network
      networks:
        mailcow-network:
          ipv4_address: 172.22.1.251
@@ -213,6 +256,9 @@ services:
        - nginx-mailcow
      image: mailcow/acme
      build: ./data/Dockerfiles/acme
+      dns:
+        - 172.22.1.254
+      dns_search: mailcow-network
      # All domains to be included in the certificate
      environment:
        - CONTAINERS_RESTART=mailcowdockerized_postfix-mailcow_1 mailcowdockerized_dovecot-mailcow_1 mailcowdockerized_nginx-mailcow_1
@@ -239,6 +285,9 @@ services:
        - sogo-mailcow
        - php-fpm-mailcow
      restart: always
+      dns:
+        - 172.22.1.254
+      dns_search: mailcow-network
      privileged: true
      network_mode: "host"
      volumes: