removing (theoretically) unneeded conf files

docker-compose.yml

@@ -22,11 +22,11 @@ services:
     environment:
       TZ: "America/New_York"
       WEBPASSWORD: "password"
-      DNS1: "172.20.0.7#5053"
+      DNS1: "172.20.0.7#53"
       DNS2: "no"
     volumes:
       - "$PWD/etc-pihole/:/etc/pihole/"
-      - "$PWD/etc-dnsmasq.d/:/etc/dnsmasq.d/"
+      #- "$PWD/etc-dnsmasq.d/:/etc/dnsmasq.d/"
     restart: always
 
   unbound:
@@ -36,8 +36,7 @@ services:
       dns_net:
         ipv4_address: 172.20.0.7
     volumes:
-      - "$PWD/unbound/unbound.conf:/opt/unbound/etc/unbound/unbound.conf"
-      - "$PWD/unbound/resolv.conf:/etc/resolv.conf"
+      - "$PWD/unbound/forward-records.conf:/opt/unbound/etc/unbound/forward-records.conf"
     healthcheck:
       disable: true
     restart: always

unbound/forward-records.conf

@@ -0,0 +1,60 @@
+forward-zone:
+    # Forward all queries (except those in cache and local zone) to
+    # upstream recursive servers
+    name: "."
+    # Queries to this forward zone use TLS
+    forward-tls-upstream: yes
+
+    # https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Test+Servers
+
+    ## Cloudflare
+    #forward-addr: 1.1.1.1@853#cloudflare-dns.com
+    #forward-addr: 1.0.0.1@853#cloudflare-dns.com
+    #forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
+    #forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
+
+    ## Cloudflare Malware
+    # forward-addr: 1.1.1.2@853#security.cloudflare-dns.com
+    # forward-addr: 1.0.0.2@853#security.cloudflare-dns.com
+    # forward-addr: 2606:4700:4700::1112@853#security.cloudflare-dns.com
+    # forward-addr: 2606:4700:4700::1002@853#security.cloudflare-dns.com
+
+    ## Cloudflare Malware and Adult Content
+    # forward-addr: 1.1.1.3@853#family.cloudflare-dns.com
+    # forward-addr: 1.0.0.3@853#family.cloudflare-dns.com
+    # forward-addr: 2606:4700:4700::1113@853#family.cloudflare-dns.com
+    # forward-addr: 2606:4700:4700::1003@853#family.cloudflare-dns.com
+
+    ## CleanBrowsing Security Filter
+    # forward-addr: 185.228.168.9@853#security-filter-dns.cleanbrowsing.org
+    # forward-addr: 185.228.169.9@853#security-filter-dns.cleanbrowsing.org
+    # forward-addr: 2a0d:2a00:1::2@853#security-filter-dns.cleanbrowsing.org
+    # forward-addr: 2a0d:2a00:2::2@853#security-filter-dns.cleanbrowsing.org
+
+    ## CleanBrowsing Adult Filter
+    # forward-addr: 185.228.168.10@853#adult-filter-dns.cleanbrowsing.org
+    # forward-addr: 185.228.169.11@853#adult-filter-dns.cleanbrowsing.org
+    # forward-addr: 2a0d:2a00:1::1@853#adult-filter-dns.cleanbrowsing.org
+    # forward-addr: 2a0d:2a00:2::1@853#adult-filter-dns.cleanbrowsing.org
+
+    ## CleanBrowsing Family Filter
+    # forward-addr: 185.228.168.168@853#family-filter-dns.cleanbrowsing.org
+    # forward-addr: 185.228.169.168@853#family-filter-dns.cleanbrowsing.org
+    # forward-addr: 2a0d:2a00:1::@853#family-filter-dns.cleanbrowsing.org
+    # forward-addr: 2a0d:2a00:2::@853#family-filter-dns.cleanbrowsing.org
+
+    ## Quad9
+    forward-addr: 9.9.9.9@853#dns.quad9.net
+    forward-addr: 149.112.112.112@853#dns.quad9.net
+    forward-addr: 2620:fe::fe@853#dns.quad9.net
+    forward-addr: 2620:fe::9@853#dns.quad9.net
+
+    ## getdnsapi.net
+    # forward-addr: 185.49.141.37@853#getdnsapi.net
+    # forward-addr: 2a04:b900:0:100::37@853#getdnsapi.net
+
+    ## Surfnet
+    # forward-addr: 145.100.185.15@853#dnsovertls.sinodun.com
+    # forward-addr: 145.100.185.16@853#dnsovertls1.sinodun.com
+    # forward-addr: 2001:610:1:40ba:145:100:185:15@853#dnsovertls.sinodun.com
+    # forward-addr: 2001:610:1:40ba:145:100:185:16@853#dnsovertls1.sinodun.com

unbound/resolv.conf

@@ -1,3 +0,0 @@
-nameserver 9.9.9.9
-nameserver 9.9.9.11
-nameserver 1.1.1.1

unbound/unbound.conf

@@ -1,64 +0,0 @@
-server:
-# If no logfile is specified, syslog is used
-# logfile: /var/log/unbound/unbound.log
-verbosity: 0
- 
-access-control: 172.16.0.0/12 allow
-access-control: 127.0.0.0/8 allow
-access-control: 10.0.0.0/8 allow
-access-control: 192.168.0.0/16 allow
-interface: 0.0.0.0
-port: 5053
-do-ip4: yes
-do-udp: yes
-do-tcp: yes
- 
-# May be set to yes if you have IPv6 connectivity
-do-ip6: no
- 
-# You want to leave this to no unless you have *native* IPv6. With 6to4 and
-# Terredo tunnels your web browser should favor IPv4 for the same reasons
-prefer-ip6: no
- 
-# Use this only when you downloaded the list of primary root servers!
-# If you use the default dns-root-data package, unbound will find it automatically
-# I have to quote out this root-hints, as it causing container endless restarting for a new installation. You can add root-hints back after first run. 
-#root-hints: “/opt/unbound/etc/unbound/root.hints”
- 
-# Trust glue only if it is within the server's authority
-harden-glue: yes
- 
-# Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
-harden-dnssec-stripped: yes
- 
-# Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes
-# see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
-use-caps-for-id: no
- 
-# Reduce EDNS reassembly buffer size.
-# Suggested by the unbound man page to reduce fragmentation reassembly problems
-edns-buffer-size: 1472
- 
-# Perform prefetching of close to expired message cache entries
-# This only applies to domains that have been frequently queried
-prefetch: yes
- 
-# One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.
-num-threads: 1
- 
-# Ensure kernel buffer is large enough to not lose messages in traffic spikes
-so-rcvbuf: 1m
- 
-# Ensure privacy of local IP ranges
-private-address: 192.168.0.0/16
-private-address: 169.254.0.0/16
-private-address: 172.16.0.0/12
-private-address: 10.0.0.0/8
-private-address: fd00::/8
-private-address: fe80::/10
-
-#forward-zone:
-#	name: "."
-#	forward-addr: 1.1.1.1
-#	forward-addr: 1.0.0.1
-#	forward-addr: 9.9.9.9