Merge the new features of unbound redis

README.md

@@ -5,7 +5,7 @@
 
 泡泡DNS是一个能一键部署递归DNS的docker镜像，它使用了unbound作为递归服务器程序，使用Redis作为底层缓存，此外针对China大陆，还有智能根据CN分流加密查询的功能，也可以自定义分流列表，可以自动更新IP库，分流使用了mosdns程序，加密查询使用dnscrypt程序，针对IPv4/IPv6双栈用户也有优化处理。   
 泡泡DNS适合的使用场景：  
-- 场景一：仅作为一个纯粹的递归DNS服务器，作为你其他DNS服务程序的上游，替代114这种上游
+- 场景一：仅作为一个纯粹准确的递归DNS服务器，作为你其他DNS服务程序的上游，替代`114.114.114.114`,`8.8.8.8.8`等公共DNS上游
 - 场景二：作为一个局域网内具备CN智能分流、解决污染问题和IPv6双栈优化的DNS服务器，或者你的局域网已经从IP层面解决了“科学”的问题，需要一个能智能分流的DNS服务器。  
 
 ## [→详细说明《为啥需要递归DNS》/运行逻辑](https://blog.03k.org/post/paopaodns.html)

prebuild-paopaodns/build.sh

@@ -2,7 +2,7 @@
 
 # add tools
 apk update
-apk add build-base byacc musl-dev gcc make git python3-dev swig libevent-dev openssl-dev expat-dev hiredis-dev go
+apk add build-base flex byacc musl-dev gcc make git python3-dev swig libevent-dev openssl-dev expat-dev hiredis-dev go
 # build unbound
 git clone https://github.com/NLnetLabs/unbound.git --depth 1 /unbound
 cd /unbound || exit
@@ -11,7 +11,7 @@ export CFLAGS="-O2"
     --disable-rpath --without-pythonmodule --disable-documentation \
     --disable-flto --disable-maintainer-mode --disable-option-checking --disable-rpath \
     --with-pidfile=/tmp/unbound.pid \
-    --prefix=/usr --sysconfdir=/etc --localstatedir=/tmp --with-username=unbound
+    --prefix=/usr --sysconfdir=/etc --localstatedir=/tmp --with-username=root
 make
 make install
 mv /usr/sbin/unbound /src/

src/data_update.sh

@@ -56,7 +56,7 @@ hashcmd="md5sum"
 newsum_url=https://www.internic.net/domain/named.cache.md5
 down_url=https://www.internic.net/domain/named.cache
 file_update_try
-redis-cli info | grep used_memory_human
+redis-cli -s /tmp/redis.sock info | grep used_memory_human
 
 if [ "$CNAUTO" != "no" ]; then
     update_file="/data/Country-only-cn-private.mmdb"

src/debug.sh

@@ -1,7 +1,7 @@
 #!/bin/sh
 echo =====PaoPaoDNS docker debug=====
 echo images build time : {bulidtime}
-redis-cli info|grep human
+redis-cli -s /tmp/redis.sock info|grep human
 IPREX4='([0-9]{1,2}|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.([0-9]{1,2}|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.([0-9]{1,2}|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.([0-9]{1,2}|1[0-9][0-9]|2[0-4][0-9]|25[0-5])'
 cat /tmp/env.conf
 ps -ef

src/redis.conf

@@ -23,9 +23,10 @@
 
 ################################## NETWORK #####################################
 
-bind 127.0.0.1
+port 0
+unixsocket /tmp/redis.sock
+unixsocketperm 700
 protected-mode yes
-port 6379
 tcp-backlog 511
 timeout 0
 tcp-keepalive 300

src/unbound.conf

@@ -388,12 +388,12 @@ server:
 	# How to do this is specific to your OS.
 	#
 	# If you give "" no chroot is performed. The path must not end in a /.
-	# chroot: ""
+	chroot: ""
 
 	# if given, user privileges are dropped (after binding port),
 	# and the given username is assumed. Default is user "unbound".
 	# If you give "" no privileges are dropped.
-	# username: "root"
+	username: "root"
 
 	# the working directory. The relative files in this config are
 	# relative to this directory. If you give "" the working directory
@@ -404,11 +404,11 @@ server:
 
 	# the log file, "" means log to stderr.
 	# Use of this option sets use-syslog to "no".
-	# logfile: ""
+	logfile: ""
 
 	# Log to syslog(3) if yes. The log facility LOG_DAEMON is used to
 	# log to. If yes, it overrides the logfile.
-	# use-syslog: yes
+	use-syslog: no
 
 	# Log identity to report. if empty, defaults to the name of argv[0]
 	# (usually "unbound").
@@ -1050,13 +1050,13 @@ server:
 remote-control:
 	# Enable remote control with unbound-control(8) here.
 	# set up the keys and certificates with unbound-control-setup.
-	control-enable: yes
+	control-enable: no
 
 	# what interfaces are listened to for remote control.
 	# give 0.0.0.0 and ::0 to listen to all interfaces.
 	# set to an absolute path to use a unix local name pipe, certificates
 	# are not used for that, so key and cert files need not be present.
-	control-interface: /run/unbound.control.sock
+	# control-interface: /run/unbound.control.sock
 	# control-interface: 127.0.0.1
 	# control-interface: ::1
 
@@ -1208,11 +1208,8 @@ cachedb:
 #     # For "redis" backend:
 #     # (to enable, use --with-libhiredis to configure before compiling)
 #     # redis server's IP address or host name
-    redis-server-host: 127.0.0.1
-#     # redis server's TCP port
-    redis-server-port: 6379
-#     # timeout (in ms) for communication with the redis server
-    redis-timeout: 100
+	redis-server-path: "/tmp/redis.sock"
+	redis-timeout: 100
 #     # set timeout on redis records based on DNS response TTL
     redis-expire-records: no