Best DNS Server for Home lab - Pihole Unbound configuration!

Thanks.

hi sir but you didn't explain the point of exposing port 53 and how to prevent people from using our dns : i am running ubuntu on oracle cloud and i want to allow just people i know to use my dns but if i open port 53 i will end with unknown people using my dns and i don't want to use vpn as solution or tailscale i want to allow just a specefic devices to use it based on mac address not on ip

I've been using the built-in unbound in opnsense together with blocking lists, works great. I've also got it configured to forward a subdomain (*.k8s.domain.tld) to a selfhosted PowerDNS instance (dns server with api and gui comparable to hosting platform dns management). Configured external-dns on k8s to auto manage those sub-subdomains (e.g. nginx.k8s.domain.tld ) to my k8s services and use the cloudflare dns api to issue the tls certs :D

DOT and DOH are available for client devices which connects to Unbound.
But how exactly unbound improves privacy?
All requests to root servers are not encrypted, it still will use DNSSEC to ensure that response was not modified, but your ISP (and anyone who can read your traffic) will see what requests Unbound is making.
And yes, each recurse DNS request takes more time (30 times more in comparison with Cloudflare DNS), unbound will cache response, but for short time (15 min?).
So - it is slow and does not add privacy. But in Forwarding Mode to Cloudflare or quad9 (for example) using DOT, you will get really fast DNS and much more privacy.

It's always DNS.

Great !. The only thing missing for everyone to get into it is the cron suggested for the reload of the root servers. Thanks

Hi
My DNS server is a HA MaaS region I still can use Pihole just as a filter if needed

Will this work for my local and lab name resolution also or will I have to run this and point my windows DNS server to this and itself to resolve both internal and external device?

Now do it using containers ! Please

Seems to be working, but if I type "unbound-control status" I get "Error setting up SSL_CTX client cert". How do I fix that? Thanks for the great video.

hi sir tell me how i can enable safesearch through unbound and please share ith us the configuration

Nice video Brandon, can you share you docker-compose file?!

Excellent video on unbound. Could you do the same video for Adguard Home. That would be a great addition I think.

I have been trying to run pihole and unbound as docker containers with traefik. So far I was not successful. Could you show how to integrate unbound as a docker container in your setup of traefik and pihole?

How can i use both Pi-hole and nginx-proxy-manager together as one DNS?

why you put sudo when root??

great video!
for some reason when i check unbound as Upstream DNS Servers it cant no longer resolve local network DNS with SSL certificate (Nginx Proxy Manager/Let's Encrypt).
any ideas on why?

Why are you using docker containers for everything? It's an extra point of failure, it's less secure, it's out of your control, it's a huge inefficient resources hog compared to just plain Debian minimal server use. All this even on VM, wow, your electricity bill or energy footprint seem to not matter to you do they?

I have found Technitium is much more robust and has DOH and AD blocking and custom blocking built in. The entire thing is administrated in a web page an runs on raspberry pi too.

Why don't you run a DNS proxy on your Palo Alto?

Hello there
Would you consider to make a tutorial for a newbies on rpi - docker pihole + unbound?
Have a nice day

I disagree!!! Best DNS Server for Home Lab is Technitium ))))))

I'm watching this again after half year and I wonder if it's possible to completely migrate Unbound (config+caches) to new/different host/VM/CT?
I'm getting about 11 000 cache hits, so it's working pretty well :D

i can never figure out how to follow this guide. Seem to be missing steps or other prerequisite i'm not aware of. intriguing

NextDNS every day!

Networking tutorials on YT in a nutshell:
- This is a computer! We must first switch on the computer! Then reach over and touch the mouse!
- I'm going to change the attributes on this API here, then update the libraries for the database, which will allow more data visualization to take place on the next step, where we'll be able add identifiers and self closing tags to optimize the backend of the framework for the web server. This only works for version 1.6.344 of course!

I try, pihole, but the phones at home not resolve local like, home.pc.local

Awesome tutorial. Im using Pi-Hole with Unbound in a Proxmox container and this works perfectly for me.

PiHole + UnBound + LAN-Cache = Dream setup.

Are you running pihole container on the unbound server?

Would be nice to be able to copy and paste the commands from your description .-.

AdGuard Home + Unbound here, very satisfied

Why would we not want to use IP6 for this?

cant find any hint in pihole docs about cron for unbound. is it not needed anymore ?

Hi Brandon, thanks for your inspiration 🙂A video about Technitium DNS (like your article) would be nice.

Fantastic video, Brandon! Thank you for sharing your experience. May I ask you questions in the future?

Good video.

I want easy and simple explanations, not these convoluted ultra complex explanations.

Showing this I have been looking at different ways to re-organizing our infrastructure as well as my home lab I have actually have pi installed in the cloud on our own servers as well as smaller versions of it on smaller devices, service quality commercial, but allowing us of the number of traffic that we have on it, I have found a pie is very easy to use and for those who are used to working with Cisco and all the flavors in betweenRoehling recommend putting pie hole on base if you have a lot of endpoint but a small thin server will work just as well and easily handles 200+ devices as well as in points and additional layers of that you can have one device and by pairing with Docker. Again thank

Good guide.

There is a docker-compose file to install both in one run.. everything is setup and you simply log into the web admin interfacr..

I got it running for my ansible docker play..

Nice video and good instructions.

Some advice:

Make sure that all the text you are pasting from somewhere can easily be reached, given the video! You can put all this info in description or create a github repository that would contain all the information and files needed, this is egregiously hard to follow.

What? No O'Reilly book(s) to wade through? Lamorama.

Hi great video. Do you have those config file available? Thanks

Thanks. This helped me. Would be good if you could put links to the configs you are referring to

What DHCP solution do you use and are the clients automatically registered in the DNS after an IP has been assigned via DHCP?

Question: What are to be installed first? Linux OS, Docker, PiHole, then last UnBound? Before I start the setup from this tutorial.