You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've used your Unbound configuration as a base to couple with my Pihole, and I've noticed that Unbound currently also support DNS over TLS and DNS over HTTPS.
It is arguably more secure and privacy friendly than querying the root domain servers (which is unencrypted UDP traffic) based on which upstream DNS you configure. Still somebody could figure out to which website you are visiting based on reverse IP lookups etc, but encrypted DNS allows for less tampering.
Configuring this is quite simple, as you can add the following to the the bottom of your configuration:
tls-cert-bundle:"etc/ssl/certs/ca-certificates.crt" # on Pihole, other systems might have different spots
forward-zone:
name: "."
forward-addr: #########@853 # replace with the DNS of your choice
forward-addr:##########@853 # replace with the DNS of your choice
forward-tls-upstream: yes
some example of Encrypted DNS resolvers can be found here.
Is this something you'd like to include?
The text was updated successfully, but these errors were encountered:
@pimvh Sorry for the late reply. Thanks for the info, it can be included in the config, I will test this setup on my end. If everything is working fine, I will include it
Works for me too. I just wish I could get Unbound to resolve the domains recursively, that was the whole point of installing Unbound in the first place. Otherwise you can just put the forward IP into the PiHole DNS page and call it a day. No point in doing all that work for effectively the same results.
Where this does help, is when you want to set up a secondary DNS to your PiHole, because you don't need a full PiHole install only an Unbound resolver set up on port 53. Then you use above config to connect it to your PiHole and it will use the PiHole as the forwarder.
Hi anuDeepND,
I've used your Unbound configuration as a base to couple with my Pihole, and I've noticed that Unbound currently also support DNS over TLS and DNS over HTTPS.
It is arguably more secure and privacy friendly than querying the root domain servers (which is unencrypted UDP traffic) based on which upstream DNS you configure. Still somebody could figure out to which website you are visiting based on reverse IP lookups etc, but encrypted DNS allows for less tampering.
Configuring this is quite simple, as you can add the following to the the bottom of your configuration:
some example of Encrypted DNS resolvers can be found here.
Is this something you'd like to include?
The text was updated successfully, but these errors were encountered: