Using Nginx as Load Balancer in Docker

-pull nginx

# docker pull nginx
# docker pull nginxdemos/hello

-run two nginx
because I want to set static ip to www1 and www2.
I need to create my own network

# docker network create –subnet= vlan10
# docker run –name=www1 –hostname=www1 –net vlan10 –ip -p 81:80 -d nginxdemos/hello

# docker run –name=www2 –hostname=www2 –net vlan10 –ip -p 82:80 -d nginxdemos/hello

-create nginx load balancer
# cat nginx.conf
upstream loadbalance {
server {
    location / {
        proxy_pass http://loadbalance;


# cat Dockerfile
FROM nginx
RUN rm /etc/nginx/conf.d/default.conf

COPY nginx.conf /etc/nginx/conf.d/default.conf

# docker build -t nginxbalancer .

# docker container run -p 80:80 -d nginxbalancer

-test accessing

it should show “Server address:”

-test shutdown both www1 and www2
# docker stop www1

# docker stop www2

test accessing

it should show bad gateway

-test run www1 again
# docker start www1
it should show “Server address:”

iDrac Network connection has been dropped

Using iDrac Virtual Console
‘The viewer has terminated
Reason : The network connection has been dropped.’

Edit C:\Program Files (x86)\Java\jre1.8.0_181\lib\security\
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, DES40_CBC, RC4_40

Recovery partition shown up on my Desktop

Since update windows 10 to update 1803, recovery partition shown up as drive D on my Desktop.
Here how to hide it
-run cmd as Administrator
> diskpart
DISKPART> list vol
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ———-  —  ———–  —–  ———-  ——-  ———  ——–
  Volume 0     E                       DVD-ROM         0 B  No Media
  Volume 1     D                NTFS   Partition    450 MB  Healthy
  Volume 2     C                NTFS   Partition   1862 GB  Healthy    Boot
  Volume 3                      FAT32  Partition    100 MB  Healthy    System
DISKPART> select vol 1
Volume 1 is the selected volume.
DISKPART> remove letter=d
DiskPart successfully removed the drive letter or mount point.

Brocade Basic Configuration

-to skip pagination on every show command
> skip-page-display

-to set hostname
> switchname SAN1

-to set ip address
> ipaddrset

-to set dns
> dnsconfig

-to show current date
> date

-to set ntp server
> tsclockserver

-to show current timezone
> tstimezone
Time Zone : US/Pacific

-to change timezone
> tsTimeZone –interactive
Please identify a location so that time zone rules can be set correctly.
Please select a continent or ocean.
1) Africa
2) Americas
3) Antarctica
4) Arctic Ocean
5) Asia
6) Atlantic Ocean
7) Australia
8) Europe
9) Indian Ocean
10) Pacific Ocean
11) none – I want to specify the time zone using the POSIX TZ format.
Enter number or control-D to quit ?1
Please select a country.
1) Algeria 18) Gabon 35) Rwanda
2) Angola 19) Gambia 36) Sao Tome & Principe
3) Benin 20) Ghana 37) Senegal
4) Botswana 21) Guinea 38) Sierra Leone
5) Burkina Faso 22) Guinea-Bissau 39) Somalia
6) Burundi 23) Kenya 40) South Africa
7) Cameroon 24) Lesotho 41) Spain
8) Central African Rep. 25) Liberia 42) Sudan
9) Chad 26) Libya 43) Swaziland
10) Congo (Dem. Rep.) 27) Malawi 44) Tanzania
11) Congo (Rep.) 28) Mali 45) Togo
12) Cote d’Ivoire 29) Mauritania 46) Tunisia
13) Djibouti 30) Morocco 47) Uganda
14) Egypt 31) Mozambique 48) Western Sahara
15) Equatorial Guinea 32) Namibia 49) Zambia
16) Eritrea 33) Niger 50) Zimbabwe
17) Ethiopia 34) Nigeria
Enter number or control-D to quit ?1
The following information has been given:
Therefore TZ=’Africa/Algiers’ will be used.
Local time is now: Wed Oct 28 15:01:38 CET 2015.
Universal Time is now: Wed Oct 28 14:01:38 UTC 2015

-to show domain ID
> fabricshow
Switch ID Worldwide Name Enet IP Addr FC IP Addr Name
2: fffc02 10:00:00:60:69:e0:01:46 “ras001”

-to set domain ID
1. Connect to the switch and log in on an account assigned to the admin role.
2. Enter the switchDisable command to disable the switch.
3. Enter the configure command.
4. Enter y after the Fabric parameters prompt.
Fabric parameters (yes, y, no, n): [no] y
5. Enter a unique domain ID at the Domain prompt. Use a domain ID value from 1 to 239 for normal operating mode (FCSWcompatible).
Domain: (1..239) [1] 3
6. Respond to the remaining prompts, or press Ctrl-D to accept the other settings and exit.
7. Enter the switchEnable command to re-enable the switch.

-to change hostname
> switchname SAN1
The prompt does not change to the new switch name until after you log in again

-to save config
> cfgSave

-to upload config
> configUpload

-to restore config
> configDownload

-to upgrade both secondary and primary firmware
> firmwaredownload
At a high level the upgrade process goes as follows:
The Fabric OS downloads the firmware to the secondary partition.
The system performs a high availability reboot (haReboot). After the haReboot, the former secondary partition is the primary partition.
The system replicates the firmware from the primary to the secondary partition.

-to show current firmware
> firmwareshow

-If you may want to test the firmware first and have an option to roll-back.
To accomplish that you can use -s key and disable auto-commit
> firmwaredownload -s
Switch will upload the firmware to the secondary partition, switch secondary and primary partitions after a reboot, but won’t replicate the firmware to the secondary partition.

-You can use the following command to restore firmware back to the previous version
> firmwareRestore
-Or if you’re happy with the firmware, commit it to the secondary partition:
>  firmwareCommit

Important Notes
When downloading firmware for your switch, make sure to use switch’s vendor web-site. EMC Connectrix DS-300B, Brocade 300 and IBM SAN24B-4 are essentially the same switch, but firmware and supported versions for each OEM vendor may slightly vary. Here are the links where you can get FC switch firmware for some of the vendors:
-EMC: sign in to > find your switch model under the product section and go to downloads
-Brocade: sign in to > go to Downloads section > enter FOS in the search field
-Dell: a subset of Fabric OS versions, which are tested and approved by Dell
-IBM: and are the links where you can download FOS for IBM switches. You can also go to, search for the switch in the Product Finder and find FOS under the “Downloads (drivers, firmware, PTFs)” section

-to reboot
> reboot

-to shutdown
> sysshutdown

-to show CLI history
> clihistory
CLI history
Date & Time Message
Thu Sep 27 04:58:00 2012 root,, firmwareshow -v

-to Downloading a configuration from one switch to another switch of the same model
1. Configure one switch.
2. Use the configUpload command to save the configuration information. Refer to Configuration file backup on page 137 for more information.
3. Run configDefault on each of the target switches, and then use the configDownload command to download the configuration file to each of the target switches. Refer to Configuration file restoration on page 139 for more information

-to view the changes, use cfgshow
> zonecreate sloth, “b*; 10:00:00:00:01:1e:20:20”
> cfgsave
> cfgenable
> cfgshow
Defined configuration:
zone: matt 30:06:00:07:1e:a2:10:20; 3,2
zone: sloth bawn; bolt; bond; brain; 10:00:00:00:01:1e:20:20 alias: bawn 3,5; 4,8

-to show license
> licenseshow
Integrated Routing Ports on Demand license
Capacity 128

> version
Made on: Mon Feb 11 20:36:38 2008
Flash: Wed Jan 7 15:33:34 2009
BootProm: 4.6.6

> diagshow
Diagnostics Status: Tue Sep 07 23:41:38 2010
Slot: 0 UPORTS
Port BPort Diag Active Speed FrTX FrRX LLI Errs Loopback
0/0 1 OK DN 4G Auto — — —
0/1 2 OK DN 4G Auto — — —
0/2 5 OK DN 4G Auto — — —
0/3 7 OK DN 4G Auto — — —
0/4 0 OK DN 4G Auto — — —
0/5 3 OK DN 4G Auto — — —
0/6 6 OK DN 4G Auto — — —

> switchshow
switchName: DS_5000B
switchType: 58.2
switchState: Online
switchMode: Native
switchRole: Principal
switchDomain: 1
switchId: fffc01
switchWwn: 10:00:00:05:1e:90:91:dc
zoning: OFF
switchBeacon: OFF
Area Port Media Speed State Proto
0 0 — N4 No_Module
1 1 — N4 No_Module
2 2 — N4 No_Module
3 3 — N4 No_Module
4 4 — N4 No_Module
5 5 — N4 No_Module
6 6 — N4 No_Module
7 7 — N4 No_Module

> switchshow -portname
switchName: sw0
switchType: 66.1
switchState: Online
switchMode: Native
switchRole: Principal
switchDomain: 1
switchId: fffc01
switchWwn: 10:00:00:05:1e:82:3c:2a
zoning: OFF
switchBeacon: OFF
FC Router: OFF
Fabric Name: switch_test
Allow XISL Use: OFF
LS Attributes: [FID: 128, Base Switch: No, Default Switch: Yes, Address Mode 0]
Index Port PortWWN Name
0 0 20:00:00:05:1e:82:3c:2a port0
1 1 20:01:00:05:1e:82:3c:2a port1
2 2 20:02:00:05:1e:82:3c:2a port2
3 3 20:03:00:05:1e:82:3c:2a port3
4 4 20:04:00:05:1e:82:3c:2a port4
5 5 20:05:00:05:1e:82:3c:2a port5
6 6 20:06:00:05:1e:82:3c:2a port6
7 7 20:07:00:05:1e:82:3c:2a port7

-to show the portshow output
> portshow 28
portIndex: 28
portName: sw78.E_PORT.28
portHealth: HEALTHY
Authentication: None
portDisableReason: None
portCFlags: 0x1
LocalSwcFlags: 0x0
portType: 18.0
POD Port: Port is licensed
portState: 1 Online
Protocol: FC
portPhys: 6 In_Sync portScn: 16 E_Port Trunk master port Flow control mode 4
port generation number: 0
state transition count: 1

-use secCryptoCfg CLI to disable TLS – example below is from FOS 7.4 but you should be able to work it out for 8.0 or 8.1, too (this is adapted from a KB article)
FOS 7.4 (admin) supports display and modification of the default //selected// cipher suite (a subset of the above //supported// list) as follows:
admin> seccryptocfg –show
SSH Cipher List          : aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
SSH Kex Algorithms List  : ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
SSH MACs List            : hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha2-512

If you were interested only in SSL (especially with respect to TLSv1.2) as part of the HTTPS cipher list, you would be concerned with the top line, as follows, as the other ciphers are SSH related (which do not use SSL/TLS):
We can query for more details about //selected// ciphers using the openssl command, but with the FOS selection string:
root> openssl ciphers -v ‘!ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM’
AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
We can see that FOS limits its selection of the support ciphers to these five above, which include TLSv1.2, so a client that might support many cipher suites would only successfully negotiate one of these five with the switch.

If you wish to reduce the FOS cipher selection even further you could, for example, remove the SSLv3 suites, by using the ‘!SSLv3’ added at the end of this selection string, which we are using to display a further subset of ciphers:
root> openssl ciphers -v ‘!ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM:!SSLv3’
AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
This gives you the selection string that you would need to supply to the folowing FOS (admin) command “seccryptocfg”, to reduce the selection to the TLSv1.2 suites from the selection already done in FOS (note that http is restarted to adapt to the change):
admin> seccryptocfg –replace -type https -cipher ‘!ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM:!SSLv3’
This command requires the daemon(s) HTTP to be restarted.
Existing sessions will be terminated.
Please confirm and provide the preferred option
Press Yes(Y,y), No(N,n) [N]:y
HTTP cipher list configured successfully.

Finally, we check the new list of FOS selected ciphers as follows:
admin> seccryptocfg –show
SSH Cipher List          : aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
SSH Kex Algorithms List  : ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
SSH MACs List            : hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha2-512

Docker Export and Save Difference

-pull docker image
# docker pull busybox
# docker images
REPOSITORY                    TAG                 IMAGE ID            CREATED             SIZE
busybox                       latest              8ac48589692a        12 days ago         1.15MB

-make changes to a container
# docker run busybox mkdir /home/test

# docker ps -a
CONTAINER ID        IMAGE                         COMMAND                  CREATED              STATUS                          PORTS                  NAMES
87fa2f411346        busybox                       “mkdir /home/test”       About a minute ago   Exited (0) About a minute ago                          festive_spence

-commit this changed container and create a new image called busybox-1
# docker commit 87fa2f411346 busybox-1

-should see the image busybox and busybox-1
# docker images
REPOSITORY                    TAG                 IMAGE ID            CREATED             SIZE
busybox-1                     latest              4ac0618d96c9        16 seconds ago      1.15MB
busybox                       latest              8ac48589692a        12 days ago         1.15MB

-to see the difference between both images
# docker run busybox [ -d /home/test ] && echo ‘Directory found’ || echo ‘Directory not found’
Directory not found
# docker run busybox-1 [ -d /home/test ] && echo ‘Directory found’ || echo ‘Directory not found’
Directory found

# docker ps -a
CONTAINER ID        IMAGE                         COMMAND                  CREATED             STATUS                      PORTS                  NAMES
66db57b1054b        busybox-1                     “[ -d /home/test ]”      4 minutes ago       Exited (0) 4 minutes ago                           suspicious_pike
2f6107852442        busybox                       “[ -d /home/test ]”      4 minutes ago       Exited (1) 4 minutes ago                           infallible_euclid

-Export is used to persist a container (not an image)
NOTE: you can export while container running
# docker export 2f6107852442 > /tmp/export.tar
The result is a TAR-file which should be slightly smaller than the one from save

-Save is used to persist an image (not a container)
# docker images
REPOSITORY                    TAG                 IMAGE ID            CREATED             SIZE
busybox-1                     latest              4ac0618d96c9        8 minutes ago       1.15MB
busybox                       latest              8ac48589692a        12 days ago         1.15MB

# docker save busybox-1 > /tmp/save.tar
The result is a TAR-file which should be slightly bigger than the one from export

-we clean up a little bit – we remove all containers and images we have right now
# docker rmi busybox busybox-1
# docker images
REPOSITORY                    TAG                 IMAGE ID            CREATED             SIZE

-restore an export.tar
# cat /tmp/export.tar | sudo docker import – busybox-1-export:latest
# docker images
REPOSITORY                    TAG                 IMAGE ID            CREATED             SIZE
busybox-1-export              latest              4ca587fe5d23        13 seconds ago      1.15MB

# sudo docker run busybox-1-export [ -d /home/test ] && echo ‘Directory found’ || echo ‘Directory not found’
Directory not found

-restore a save.tar
# docker load < /tmp/save.tar
0314be9edf00: Loading layer   1.36MB/1.36MB
7b125480d284: Loading layer  2.048kB/2.048kB
Loaded image: busybox-1:latest

# docker images
REPOSITORY                    TAG                 IMAGE ID            CREATED             SIZE
busybox-1-export              latest              4ca587fe5d23        5 minutes ago       1.15MB
busybox-1                     latest              4ac0618d96c9        About an hour ago   1.15MB
# docker run busybox-1 [ -d /home/test ] && echo ‘Directory found’ || echo ‘Directory not found’
Directory found

So what’s the difference between both?
Well, as we saw the exported version is slightly smaller. That is because it is flattened, which means it lost its history and meta-data.
We can see this by the following command:
# docker history busybox-1-export
IMAGE               CREATED             CREATED BY          SIZE                COMMENT
4ca587fe5d23        8 minutes ago                           1.15MB              Imported from –

# docker history busybox-1
IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT
4ac0618d96c9        About an hour ago   mkdir /home/test                                0B
<missing>           12 days ago         /bin/sh -c #(nop)  CMD [“sh”]                   0B
<missing>           12 days ago         /bin/sh -c #(nop) ADD file:c94ab8f861446c74e…   1.15MB

Kali linux on Docker Installation

# docker pull kalilinux/kali-linux-docker
# docker run -ti kalilinux/kali-linux-docker bash
# apt full-upgrade -y

-above installation is for base installation only. There are other tools packages need to be installed
For examples:
* kali-linux 1.5GB
The kali-linux metapackage is a completely bare-bones installation of Kali Linux and includes various network services such as Apache and SSH, the Kali kernel, and a number of version control applications like git, svn, etc. All of the other metapackages listed below also contain kali-linux.
* kali-linux-all 15GB
In order to keep our ISO sizes reasonable, we are unable to include every single tool that we package for Kali and there are a number of tools that are not able to be used depending on hardware, such as various GPU tools. If you want to install every available Kali Linux package, you can install the kali-linux-all metapackage.
* kali-linux-forensic 3.1GB
If you are doing forensics work, you don’t want your analysis system to contain a bunch of unnecessary tools. To the rescue comes the kali-linux-forensic metapackage, which only contains the forensics tools in Kali.
* kali-linux-full 9GB
When you download a Kali Linux ISO, you are essentially downloading an installation that has the kali-linux-fullmetapackage installed. This package includes all of the tools you are familiar with in Kali.
* kali-linux-gpu 4.8GB
GPU utilities are very powerful but need special hardware in order to function correctly. For this reason, they are not included in the default Kali Linux installation but you can install them all at once with kali-linux-gpu and get cracking.
* kali-linux-pwtools 6GB
The kali-linux-pwtools metapackage contains over 40 different password cracking utilities as well as the GPU tools contained in kali-linux-gpu.
* kali-linux-rfid 1.5GB
For our users who are doing RFID research and exploitation, we have the kali-linux-rfid metapackage containing all of the RFID tools available in Kali Linux.
* kali-linux-sdr 2.4GB
The kali-linux-sdr metapackage contains a large selection of tools for your Software Defined Radio hacking needs.
* kali-linux-top10 3.5GB
In Kali Linux, we have a sub-menu called “Top 10 Security Tools”. The kali-linux-top10 metapackage will install all of these tools for you in one fell swoop.
* kali-linux-voip 1.8GB
Many people have told us they use Kali Linux to conduct VoIP testing and research so they will be happy to know we now have a dedicated kali-linux-voip metapackage with 20+ tools.
* kali-linux-web 4.9GB
Web application assessments are very common in the field of penetration testing and for this reason, Kali includes the kali-linux-web metapackage containing dozens of tools related to web application hacking.
* kali-linux-wireless 6.6GB
Like web applications, many penetration testing assessments are targeted towards wireless networks. The kali-linux-wireless metapackage contains all the tools you’ll need in one easy to install package.

# apt install kali-linux-top10 man-db exploitdb -y

To see the list of tools included in a metapackage, you can use simple apt commands. For example, to list all the tools included in the kali-linux-web metapackage, we could:
# apt-cache show kali-linux-top10 man-db |grep Depends
Depends: kali-linux, aircrack-ng, burpsuite, hydra, john, maltego, maltego-teeth, metasploit-framework, nmap, zaproxy, sqlmap, wireshark
Depends: bsdmainutils, debconf (>= 1.2.0) | debconf-2.0, groff-base (>=, libc6 (>= 2.17), libgdbm5 (>= 1.12), libpipeline1 (>= 1.5.0), libseccomp2 (>= 2.1.0), zlib1g (>= 1:1.1.4)
Pre-Depends: dpkg (>= 1.16.1~)

Mouse pointer jumps to the corner of screen when start drag selection of files in 7-zip

PROBLEM: Mouse pointer jumps to the corner of screen when start drag selection of files in 7-zip

Steps To Reproduce:
1. Open zip file(which contains many files so that scrollbar will appear)
2. Scroll to middle in vertically
3. Try to select files by mouse dragging
Actual Results:
List pane unexpectedly scroll when drag start.
And mouse pointer jumps to the corner of screen.

1. change to any view other than “Details” view.
2. unstick any unneeded detail column(like comment, folders,files, method,HostOS) so that the horizonal scrollbar is invisible.
3. Or just simply Resize/Maximize the window.
4. install this utility

Change default network name (ens33) to old “eth0” on Ubuntu

# ifconfig
ens33     Link encap:Ethernet  HWaddr 00:0c:29:bb:8b:8e
          inet addr:  Bcast:  Mask:
          inet6 addr: fe80::20c:29ff:febb:8b8e/64 Scope:Link
          RX packets:150 errors:0 dropped:0 overruns:0 frame:0
          TX packets:82 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:20532 (20.5 KB)  TX bytes:10858 (10.8 KB)

# dmesg | grep -i eth
[    2.196929] e1000 0000:02:01.0 eth0: (PCI:66MHz:32-bit) 00:0c:29:bb:8b:8e
[    2.196938] e1000 0000:02:01.0 eth0: Intel(R) PRO/1000 Network Connection
[    2.204129] e1000 0000:02:01.0 ens33: renamed from eth0

# nano /etc/default/grub
add this
GRUB_CMDLINE_LINUX=”net.ifnames=0 biosdevname=0″

# grub-mkconfig -o /boot/grub/grub.cfg

# cat /etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
# reboot

# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0c:29:bb:8b:8e
          inet addr:  Bcast:  Mask:
          inet6 addr: fe80::20c:29ff:febb:8b8e/64 Scope:Link
          RX packets:230 errors:0 dropped:0 overruns:0 frame:0
          TX packets:136 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:29638 (29.6 KB)  TX bytes:19317 (19.3 KB)

Unbound DNS Server Installation

update and upgrade
# apt-get update
# apt-get upgrade -y

-disable firewall
# ufw disable
-set correct date and timezone
# rm /etc/localtime
# ln -s /usr/share/zoneinfo/Asia/Jakarta /etc/localtime

-disable dnsmasq
# cat /etc/NetworkManager/NetworkManager.conf

-install unbound dns
# apt-get install unbound
-set cronjob to download named.root automatically
# wget -o /etc/unbound/root.hints
# cat /etc/cron.d/named-root
0 * * * * root wget -c http wget -c -O /etc/unbound/root.hints
# crontab /etc/cron.d/named-root

# cat unbound.conf
    interface: ::0
    access-control: allow
#    access-control: allow
#    access-control: 2001:db8:dead:beef::/48 allow
    # unbound optimisation
    num-threads: 4
    msg-cache-slabs: 16
    rrset-cache-slabs: 16
    infra-cache-slabs: 16
    key-cache-slabs: 16
    outgoing-range: 206
    so-rcvbuf: 4m
    so-sndbuf: 4m
    so-reuseport: yes
    rrset-cache-size: 100m
    msg-cache-size: 50m
    # unbound security
    do-ip4: yes
    do-ip6: yes
    do-udp: yes
    do-tcp: yes
    cache-max-ttl: 86400
    cache-min-ttl: 3600
    hide-identity: yes
    hide-version: yes
    minimal-responses: yes
    prefetch: yes
    use-caps-for-id: yes
    verbosity: 1
    harden-glue: yes
    harden-dnssec-stripped: yes
    root-hints: “/etc/unbound/root.hints”
    private-domain: “
#  private-address: 2001:db8:dead:beef::/48
    local-data: “  IN A″
    local-data-ptr: “
    name: “.”
include: “/etc/unbound/unbound.conf.d/*.conf”

# reboot

Installing Mvance/Unbound Docker

-download unbound docker
-remove unneeded files
# rm -rf 1.5*
# rm -rf 1.6*
# cd 1.7.0
-modify A and PTR records
# cat a-records.conf
# A Record
local-data: “ A″
# PTR Record
local-data-ptr: “”

-run unbound docker
# docker run –name unbound -d -p 53:53/udp -v $(pwd)/a-records.conf:/opt/unbound/etc/unbound/a-records.conf:ro –restart=always mvance/unbound:latest

# ifconfig
docker0   Link encap:Ethernet  HWaddr 02:42:4c:11:0b:8e
          inet addr:  Bcast:  Mask:
          inet6 addr: fe80::42:4cff:fe11:b8e/64 Scope:Link
          RX packets:71 errors:0 dropped:0 overruns:0 frame:0
          TX packets:78 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:7296 (7.2 KB)  TX bytes:32517 (32.5 KB)
eth0      Link encap:Ethernet  HWaddr 00:0c:29:bb:8b:8e
          inet addr:  Bcast:  Mask:
          inet6 addr: fe80::20c:29ff:febb:8b8e/64 Scope:Link
          RX packets:104709 errors:0 dropped:0 overruns:0 frame:0
          TX packets:51577 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:138032839 (138.0 MB)  TX bytes:4026802 (4.0 MB)

# nslookup
> server
Default server:
> exit