From f292b9ff14710d4df678966cd42be3181e1b43e3 Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Sat, 29 Aug 2015 00:17:30 +0200
Subject: [PATCH] Recommend --net=host

---
 README.md  | 10 +++++-----
 unbound.sh |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 3dbf64d..27abd0a 100644
--- a/README.md
+++ b/README.md
@@ -22,13 +22,13 @@ Let's pick `example.com` here.
 
 Download, create and initialize the container, once and for all:
 
-    $ docker run --name=dnscrypt-server -p 443:443/udp -p 443:443/tcp \
+    $ docker run --name=dnscrypt-server -p 443:443/udp -p 443:443/tcp --net=host \
         jedisct1/unbound-dnscrypt-server init -N example.com
 
-This will only accept connections via DNSCrypt. Containers on the same virtual
-network can directly access the DNS cache on the standard DNS port (53), but
-to create a regular, non-authenticated public DNS resolver, this extra port
-has to be explicitly exposed (`-p 53:53/udp -p 53:53/tcp`).
+This will only accept connections via DNSCrypt on the standard port (443).
+
+`--net=host` provides the best network performance, but may have to be
+removed on some shared containers hosting services.
 
 Now, to start the whole stack:
 
diff --git a/unbound.sh b/unbound.sh
index 3f0d09d..2e4248f 100755
--- a/unbound.sh
+++ b/unbound.sh
@@ -27,7 +27,7 @@ sed \
 server:
   verbosity: 1
   num-threads: @THREADS@
-  interface: 0.0.0.0@53
+  interface: 127.0.0.1@53
   so-reuseport: yes
   edns-buffer-size: 1252
   delay-close: 10000