So I’m a little confused about this, sorry if it sounds silly, just trying to wrap my head around it. I’m wondering whether it be necessary to also set your custom pihole dns in the networking config after setting it up with unbound, not doing this would leave an option for not locking yourself out of internet on dietpi in a headless ssh environment should there ever be problems with the pihole software, correct? should you need to access the internet for repair or debug purposes.
So here’s the bottom thought and question, when dietpi/pihole’s static local address is set on the router, does leaving for example quad9 within dietpi config mean this will be the upstream instead of unbound? Will all dhcp clients still use pihole as dns? Or are they completely seperate, as in; upstream dns set in dietpi config will only be used for upstream at OS level and everything locally on the network goes through pihole and unbound.
unboud will handle the DNS requests out, instead of using an upstream DNS host provider, so pointing your Pihole to the internal IP/PORT of unbound will have unbound do the requests directly to the source.
Unbound is a validating, recursive, caching DNS resolver
It’s not a disadvantage (per say), but the larger DNS hosting companies might have hacked/corrupted DNS entries that could lead to trouble, having unbound directly communicate cut’s the middle man out of the picture protecting you rather than relying on some other persons database of URL’s to DNS
Resolver for Home Networks
To start off, let’s ask the all-important question “Why would you want Unbound as a resolver for your home network?”
Firstly, Unbound supports DNSSEC which, through an authentication chain, verifies that the DNS query responses you receive are unaltered, as opposed to query responses which are not DNSSEC-signed and could be changed by anyone who has access to the query. Secondly, by using your own resolver you stop sharing your DNS traffic with third parties and increase your DNS privacy. While you still send out (parts of) your queries unencrypted, you could configure Unbound to take it a step further, which we’ll talk about in an upcoming guide. Lastly, when you run your own resolver your DNS cache will be local to your network. Even though the first time you resolve a domain name may be slightly slower than using your ISP’s resolver, all subsequent queries for the name will likely be much faster.
In this tutorial we’ll look at setting up Unbound as a DNS resolver; First for your own machine, and then for your entire network.
[Resolver for Home Networks — Unbound 1.17.0 documentation (nlnetlabs.nl)]
(Resolver for Home Networks — Unbound 1.17.0 documentation)
You basically give the correct answer yourself. The settings within
dietpi-config has no influence how DHCP clients will receive their DNS server settings. It’s a value for the operating system only. And I highly recommend to keep it to a global public upstream DNS server.