Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
unbound [2020/12/09 22:56]
warmachine 		unbound [2020/12/09 23:07] (current)
warmachine
Line 1: Line 1:
 for reference: [[https://docs.pi-hole.net/guides/unbound/]] for reference: [[https://docs.pi-hole.net/guides/unbound/]]
  
-unbound essentially turns your local pi-hole dns erver into a recursive dns server.  see this for refrence: [[https://social.dnsmadeeasy.com/blog/authoritative-vs-recursive-dns-servers-whats-the-difference/#:~:text=Authoritative name servers store DNS,for storing the domain's records]]. what this means is your dns request come directly from your pi-hole, not through your ISP. this is good for several reasons, primary privacy and speed (although it can be slightly slower at first). instead of your pi-hole forwarding its request upstream to open dns or cloudflare, it is getting its info directly from the root servers. this also minimizes the chance of something like a dns malware attack, that while rare, does happen to ISP's sometimes.+unbound essentially turns your local pi-hole dns erver into a recursive dns server.  see this for refrence: [[https://social.dnsmadeeasy.com/blog/authoritative-vs-recursive-dns-servers-whats-the-difference/#:~:text=Authoritative name servers store DNS,for storing the domain's records]]. \\
  
-see pi-hole section of this wiki first and setup your pi-hole dns server if you have not already+what this means is your dns request come directly from your pi-hole, not through your ISP. this is good for several reasons, primary privacy and speed (although it can be slightly slower at first). instead of your pi-hole forwarding its request upstream to open dns or cloudflare, it is getting its info directly from the root servers. this also minimizes the chance of something like a dns malware attack, that while rare, does happen to ISP's sometimes.\\
  
-ssh to your pi-hole host, then+see pi-hole section of this wiki first and setup your pi-hole dns server if you have not already\\ 
 + 
 +ssh to your pi-hole host, then\\
  
 <code>sudo apt install unbound -y</code> <code>sudo apt install unbound -y</code>
Line 76: Line 78:
 exit and save (control x, y)  exit and save (control x, y) 
  
-<code>sudo service unbound restart<code>+<code>sudo service unbound restart</code>
  
 testing: testing:
Line 86: Line 88:
 <code>dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5335 <code>dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5335
 dig sigok.verteiltesysteme.net @127.0.0.1 -p 5335</code> dig sigok.verteiltesysteme.net @127.0.0.1 -p 5335</code>
- +\\ 
-The first command should give a status report of SERVFAIL and no IP address. The second should give NOERROR plus an IP address. +The first command should give a status report of SERVFAIL and no IP address. The second should give NOERROR plus an IP address.\\ 
- +\\ 
-finally, configure Pi-hole to use your recursive DNS server by specifying 127.0.0.1#5335 as the Custom DNS (IPv4): +finally, configure Pi-hole to use your recursive DNS server by specifying 127.0.0.1#5335 as the Custom DNS (IPv4):\\ 
- +\\ 
--login to webui as admin +-login to webui as admin\\ 
--settings -> dns +-settings -> dns\\ 
--uncheck previous upstream dns providers +-uncheck previous upstream dns providers\\ 
--check custom, add 127.0.0.1#5335 under ipv4 +-check custom, add 127.0.0.1#5335 under ipv4\\ 
--make sure to check dnssec +-make sure to check dnssec\\ 
--uncheck the 2 options above it if using local dns records +-uncheck the 2 options above it if using local dns records\\ 
- +\\ 
-click save at the bottom +click save at the bottom\\ 
- +\\ 
-remember that part about updating root hints via cron?+remember that part about updating root hints via cron?\\
  
 <code>nano /etc/cron.monthly/unbound</code> <code>nano /etc/cron.monthly/unbound</code>
Last modified: le 2020/12/09 22:56

Page Tools