Docker Unbound DNS Server: How to launch as service

My host system is Arch Linux, and the Docker image is “base/arch” (archlinux) with my own modifications. Unbound is installed on a committed image, but I don’t quite know how to launch the container with the service running since SystemD is not meant to run in Docker.

How do I actually launch the container with Unbound running as a service?

  • Setting up dnsmasq docker container for dns-caching
  • How to set up a simple docker-contained reverse-proxying (nginx) server?
  • Setup Mesos-DNS dockerized on a mesos cluster
  • Docker and Puppet
  • Make one Docker Compose service know the domain name of another
  • Error “DNS message ID mismatch” while pulling image
  • I’ve gone through some basic tutorials, but most of them cover launching pre-built containers:

    Dockers basic course.

    Arch Wiki.

    Digital Ocean overview.


  • How to edit source code of a python project deployed in docker
  • apache-spark startup error on alpine linux docker
  • Expose and publish a port with specified host port number inside Dockerfile
  • Is there anyway to have a DockerBuild file use an environment variables file?
  • mysql cannot be started in Mgt Development Environment
  • jenkins and docker-build-step-plugin configuration
  • One Solution collect form web for “Docker Unbound DNS Server: How to launch as service”

    For this answer, I’m assuming that you’ve installed Unbound by simply installing the community/unbound package via pacman.

    You can inspect the systemd unit files that are installed alongside the package to determine how to actually start the server. Have a look at /usr/lib/systemd/system/unbound.service:

    Description=Unbound DNS Resolver
    ExecStartPre=/bin/cp -f /etc/trusted-key.key /etc/unbound/
    ExecStart=/usr/bin/unbound -d
    ExecReload=/bin/kill -HUP $MAINPID

    Most important is the ExecStart line. This describes the command that systemd uses to actually start the service. According to unbound‘s help (unbound -h), the -d switch means do not fork into the background (which is a good thing because that’s also exactly what you need to start Unbound in a Docker contaier).

    The ExecStartPre command can be a simple RUN step when building the image.

    In conclusion, you can translate this into a Dockerfile similar to this:

    FROM base/arch
    # <omitted>
    RUN /bin/cp -f /etc/trusted-key.key /etc/unbound/
    CMD ["/usr/bin/unbound", "-d"]
    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.