Do not break DNS replies....

data/Dockerfiles/unbound/Dockerfile

@@ -12,8 +12,6 @@ RUN apk add --update --no-cache \
 	&& chown root:unbound /etc/unbound \
 	&& chmod 775 /etc/unbound
 
-COPY unbound.conf /etc/unbound/unbound.conf
-
 EXPOSE 53/udp 53/tcp
 
 COPY docker-entrypoint.sh /docker-entrypoint.sh

data/Dockerfiles/unbound/unbound.conf

@@ -1,27 +0,0 @@
-server:
-	verbosity: 1
-	interface: 0.0.0.0
-	interface: ::0
-	logfile: /dev/stdout
-	do-ip4: yes
-	do-ip6: yes
-	do-udp: yes
-	do-tcp: yes
-	do-daemonize: no
-	access-control: 172.22.1.0/24 allow
-	access-control: fd4d:6169:6c63:6f77::/64 allow
-	directory: "/etc/unbound"
-	username: unbound
-	auto-trust-anchor-file: trusted-key.key
-	private-address: 10.0.0.0/8
-	private-address: 172.16.0.0/12
-	private-address: 192.168.0.0/16
-	private-address: 169.254.0.0/16
-	private-address: fd00::/8
-	private-address: fe80::/10
-	root-hints: "/etc/unbound/root.hints"
-	hide-identity: yes
-	hide-version: yes
-	qname-minimisation: yes
-	minimal-responses: yes
-	num-threads: 3

data/conf/unbound/unbound.conf

@@ -0,0 +1,26 @@
+server:
+  verbosity: 5
+  interface: 0.0.0.0
+  interface: ::0
+  logfile: /dev/stdout
+  do-ip4: yes
+  do-ip6: yes
+  do-udp: yes
+  do-tcp: yes
+  do-daemonize: no
+  access-control: 172.22.1.0/24 allow
+  access-control: fd4d:6169:6c63:6f77::/64 allow
+  directory: "/etc/unbound"
+  username: unbound
+  auto-trust-anchor-file: trusted-key.key
+  private-address: 10.0.0.0/8
+  private-address: 172.16.0.0/12
+  private-address: 192.168.0.0/16
+  private-address: 169.254.0.0/16
+  private-address: fd00::/8
+  private-address: fe80::/10
+  root-hints: "/etc/unbound/root.hints"
+  hide-identity: yes
+  hide-version: yes
+  max-udp-size: 4096
+  msg-buffer-size: 65552