You see the address/port of unbound. Means unbound is working.
thank you for answer. i installed for better speed cache. redis unixsocket cache. i installed it from dietpi software. Should i do some setting more for aduard>unbound> redis unixsocket cache ? Adguard upstream should be 127.0.0.0.1:6379 or still should be 127.0.0.0.1:5335
You need to use 127.0.0.0.1:5335. Best to my knowledge, the standard Unbound package is not supporting Redis. You would need to compile Unbound your self and activate the Redis option. This has nothing to do with DietPi because this is how the global Debian package is created/provided by Debian package maintainer.
1 Like
last question. As long as unbound is active, Adguard will not see my DNS requests, right?
Adguard will see your request in every case, since itās listening on port 53 for DNS requests. After filtering it will pass the request (or not, if filtered) to unbound or whatever upstream DNS you have set.
In this case, what exactly does unbound do for privacy? i though only my ıss see dns request and adguard see request to encrypt
(I only want the ıss see the details. I donāt want Adguard to see the details on the sites I visit.)
You still donāt understand the purpose of AGH and unbound.
AGH is an ad blocker. Itās the primary DNS server inside your network and typically used to block all ads for you.
Unbound is used by AGH as next level DNS server. To resolve all requests from AGH, unbound will ask root DNS server directly. This is the privacy thing. You are going to check with root DNS server and donāt need to use your ISP or any other DNS provider like Google DNS or Cloudflare.
On a default configuration, there is no data encryption like DoH or DoT. Something that would need to be configured manually.
But why you donāt want AGH to see your DNS request? Itās your local server, nobody has access, no data are transferred somewhere? This point I donāt understand.
Here is how to enable DoT for encrypted DNS in Unbound: DNS Servers Options - DietPi.com Docs
However, this requires an upstream provider again. Whether to use it or not depends on whether your main concern is that your ISP can see your DNS traffic, or whether you want to avoid using any 3rd party for DNS resolution. DNS is naturally unencrypted, hence there is one entity you need to trust.
Yes, I donāt know much about this. Is there any harm in Adguard seeing my DNS requests? So can transactions like banking etc. cause any problems? collecting information about me etc.
All I want is this. ISS can see everything but I donāt want Adguard to see the DNS request. for that i need dot ?
AdGuard does not share your DNS info with anyone, all remains on your server only. Just like Unbound. The only entities that can theoretically see your DNS traffic is either your ISP or the upstream DNS provider.
I just donāt understand that statement. What are your concerns? If you donāt want AGH to see the requests, you might as well uninstall it. As I said, AGH is an ad blocker and must see your requests, otherwise the adverts cannot be blocked. However, all data remains on your system, nothing is transferred to the Internet. Only AGH will use Unbound to answer the DNS requests that have not been blocked by the ad blocker. The actual request to the Internet is then made by Unbound.
I would be interested to know who exactly should not see your requests? Because real privacy is not achieved just because DNS requests are encrypted or redirected. That requires more effort, like using the TOR network 
So what you mean is, is it illogical for an ordinary user to set up any doh or dot in this case? im good agh + unblound right ?
It depends on who you want to assure privacy against:
- If you want to avoid a 3rd party DNS provider like Google, Cloudflare, Quad9 getting/handling your requests, use the default AGH + Unbound setup you use already.
- If you want to assure that your ISP cannot read your DNS requests, configure DoT in Unbound instead.
Both is not possible. Most people prefer the default setup, resp. use Unbound to bypass public DNS providers in the first place.
I admit that I am ignorant about these mattersā¦ This was exactly the answer I was looking for. . I want to prevent a third-party DNS provider like Cloudflare, Quad9 from receiving/processing requests. in this case im good . Agh+unbound.
In this case, even if I use cloudflare dns, I am hidden in this case because I use unbound, as far as I understand
but if I donāt use any DNS servers like cloudflare etc. so I donāt think i need to use Unbound.
I hope I understood everything you said correctly.
I donāt know if you are correct. What do you mean with using Cloudflare? You can use just one of these options. Cloudflare as public DNS provider or Unbound using root DNS server. As you like to prevent third-party DNS provider like Cloudflare, Quad9 or Google DNS, DoT / DoH is not an option for you.
Depends on the DNS server used
If you do not use Unbound, naturally you will use an upstream DNS provider. A recursive DNS resolver like Unbound is needed to avoid that, as common systems cannot query the DNS root servers directly. Unbound can do the job that otherwise Cloudflare etc or a DNS resolver from your ISP would do: forwarding and recursively resolving the DNS queries of your clients.
1 Like
i have raspberrypi installed dietpi. adguard + unbound installed.
I want to prevent a third-party DNS provider like Cloudflare, Quad9 from receiving/processing requests
Scenario 1
if i use 3rd dns cloudflare. configured in unbound. In this case, can 3rd party dns addresses process my information? Because I use unbound
Scenario 2
i dont use any 3rd party dns like cloudflare google dns ect.
Adguard + unbound + ıss dns
in this case need use unbound ?
Why would you configure an upstream DNS in Unbound? That is only required if you want to use DoT. Then Unbound serves a different purpose, encrypting your DNS traffic, but requires an upstream provider to decrypt it and query DNS root server.
Then your Unbound should be configured as you want it OOTB, acting as recursive resolver that does not require any upstream DNS provider.
1 Like
If Iām using isp dns I donāt understand why I need unbound. Adguard already can resolve upstream from isp dns