Docker Unbound DNS Server: How to launch as service

My host system is Arch Linux, and the Docker image is “base/arch” (archlinux) with my own modifications. Unbound is installed on a committed image, but I don’t quite know how to launch the container with the service running since SystemD is not meant to run in Docker.

How do I actually launch the container with Unbound running as a service?

  • Docker containers not using host DNS in boot2docker
  • How to configure DNS (and/or loadbalancing) for Docker Swarm Manager
  • Docker + Weave dns not resolving on other host
  • Make one Docker Compose service know the domain name of another
  • Docker DNS issue on local machine
  • Docker container can't reach another container using hostname
  • I’ve gone through some basic tutorials, but most of them cover launching pre-built containers:

    Dockers basic course.

    Arch Wiki.

    Digital Ocean overview.


  • gcloud preview app setup-managed-vms gives errors - 500 Server Error: Internal Server Error
  • How does docker work along with IBM WebSphere?
  • What command can I use to find out the version of docker swarm I am using?
  • Why SSH connection to docker container is not working?
  • Using mongo with docker and nfs storage
  • Which approach is better for discovering container readiness?
  • One Solution collect form web for “Docker Unbound DNS Server: How to launch as service”

    For this answer, I’m assuming that you’ve installed Unbound by simply installing the community/unbound package via pacman.

    You can inspect the systemd unit files that are installed alongside the package to determine how to actually start the server. Have a look at /usr/lib/systemd/system/unbound.service:

    Description=Unbound DNS Resolver
    ExecStartPre=/bin/cp -f /etc/trusted-key.key /etc/unbound/
    ExecStart=/usr/bin/unbound -d
    ExecReload=/bin/kill -HUP $MAINPID

    Most important is the ExecStart line. This describes the command that systemd uses to actually start the service. According to unbound‘s help (unbound -h), the -d switch means do not fork into the background (which is a good thing because that’s also exactly what you need to start Unbound in a Docker contaier).

    The ExecStartPre command can be a simple RUN step when building the image.

    In conclusion, you can translate this into a Dockerfile similar to this:

    FROM base/arch
    # <omitted>
    RUN /bin/cp -f /etc/trusted-key.key /etc/unbound/
    CMD ["/usr/bin/unbound", "-d"]
    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.