Контейнер VPN АнтиЗапрета для установки на собственный сервер

antizapret.prostovpn.org АнтиЗапрет на собственном сервере (self-hosted)
77

На данный момент, чтобы Knot Resolver принимал ответы от AdGuard Home необходимо так же прописать отключение проверок DNSSEC: trust_anchors.remove('.')
Без этого, dig google.com @127.0.0.1 внутри контейнера возвращает SERVFAIL, соответственно работать не будет.
(лог запроса в моем случае:

[plan] plan 'google.com.' type 'A' uid [58041.00]
[iter]   'google.com.' type 'A' new uid was assigned .01, parent uid .00
[cach]   => skipping exact RR: rank 030 (min. 030), new TTL -9724
[cach]   => no NSEC* cached for zone: google.com.
[cach]   => skipping zone: google.com., NSEC, hash 0;new TTL -123456789, ret -2
[plan]   plan '.' type 'DNSKEY' uid [58041.02]
[iter]     '.' type 'DNSKEY' new uid was assigned .03, parent uid .01
[cach]     => satisfied by exact RRset: rank 060, new TTL 159019
[iter]     <= rcode: NOERROR
[vldr]     <= parent: updating DNSKEY
[vldr]     <= answer valid, OK
[iter]   'google.com.' type 'A' new uid was assigned .04, parent uid .00
[plan]   plan 'com.' type 'DS' uid [58041.05]
[iter]     'com.' type 'DS' new uid was assigned .06, parent uid .04
[cach]     => satisfied by exact RRset: rank 060, new TTL 72803
[iter]     <= rcode: NOERROR
[vldr]     <= DS: OK
[vldr]     <= parent: updating DS
[vldr]     <= answer valid, OK
[iter]   'google.com.' type 'A' new uid was assigned .07, parent uid .00
[plan]   plan 'com.' type 'DNSKEY' uid [58041.08]
[iter]     'com.' type 'DNSKEY' new uid was assigned .09, parent uid .07
[cach]     => satisfied by exact RRset: rank 060, new TTL 72803
[iter]     <= rcode: NOERROR
[vldr]     <= parent: updating DNSKEY
[vldr]     <= answer valid, OK
[iter]   'google.com.' type 'A' new uid was assigned .10, parent uid .00
[nsre] score 21 for 185.93.109.76#00053;         cached RTT: -1
[resl]   => id: '13851' querying: '185.93.109.76#00053' score: 21 zone cut: 'com.' qname: 'gOOgLE.COm.' qtype: 'A' proto: 'udp'
[resl]   => id: '13851' querying: '185.93.109.76#00053' score: 21 zone cut: 'com.' qname: 'gOOgLE.COm.' qtype: 'A' proto: 'udp'
[iter]   <= ignoring mismatching response from 185.93.109.76#00053
[vldr]   <= bogus proof of DS non-existence
[iter]   'google.com.' type 'A' new uid was assigned .11, parent uid .00
[resl]   => no valid NS left
[resl]   finished: 8, queries: 3, mempool: 32800 B

)