Unbound can give some privacy and avoid using 3rd party DNS. Because Unbound will use root DNS servers directly.
However, we seem to be going round in circles. You still lack an understanding of how AGH & Unbound work and I don’t know how else to explain it.
im sorry . i trying to understand. im so new.
So no matter what, using unbound is beneficial in every way.
im using raspberry with sd card.its wokring 7/24. For sd card lifespan. Should i do disable this ?
I have no idea what this is for . Would it hurt me to set this to none?
Go with default option 1. This is specially designed to reduce r/w operation on SD card
So if you use unbound, your requests get directly to the root DNS servers, but these request are always not encrypted, the root servers can not handle that.
With a 3rd party resolver you could use DoT or DoH, but the 3rd party can see your requests.
if i will use 3rd party dns . i need to use dot or doh for encrypted. privacy for 3rd party dns.
Adguard +unbound (dot or doh ) + cloudflare
otherwise
Adguard +unbound+ isp dns
Unbound will not use your ISP DNS servers, it will connect to root DNS server directly.
i understand unbound have root dns server. Root dns server always faster than 3rd server like ( Cloudflare , Quad9 ) ?
And is there no possible doh or dot without any 3rd dns ? Unbound root server cant make himself dot with configuration ?
No, I don’t think they are faster, but I don’t really know. Bandwidth is irrelevant IMO since the DNS requests are tiny. For latency it depends on your ISP and where you live, I would say.
The root servers does not support encryption, see https://root-servers.org/media/news/Statement_on_DNS_Encryption.pdf
So if you aim to use DoT or DoH you can just uninstall unbound and only use AdGuard which then make encrypted requests to cloudflare or whatever service you wanna use.
i dont know if its true but i heard unbound faster dns resolve than adguard
First thing you would need to answer yourself, do you need/like an ad blocker? Yes or No?
If yes, continue using AGH or Pihole
If no, you can remove AGH
If unbound has a locally cached DNS entry, it is faster because the cache is on a device on your LAN. And that is of course faster than contacting a server on the Internet.
If you query a rarely visited domain with unbound, the entire DNS hierarchy must be traversed, which takes longer. The big DNS services have literally every domain cached, bc a lot of users use them and request all kinds of domains.
So as I said, you can not make a general assumption which is faster, it depends.
thank you for answers. i done everything well now.
Also, can I create my own VPN server for this Raspberry device? Especially for connecting from mobile when I’m outside? Of course, I want to separate this VPN traffic from the Adguard traffic I use at home. So, VPN will work as a separate network, is it possible?
i heard pivpn or wireguard . My ısp dont allow me open port
Why do you want to not use AGH via VPN? That’s quite a common use case to have ad blocking function even if outside your home.
As well if you are not able open ports, you would need to thing of other solutions like Tailscale VPN Software Options - DietPi.com Docs
do you talking about standart adguard app on apple store or google play ?
I talk about the AGH installation in your DietPi system.
Can I connect to my device at home and use it as a VPN outside on mobile?
You can use the AGH DNS server on DietPi outside your network. Yes. This requires one of the available VPN options.
is there any tutorial for that ?
Depends on the solution you will choose. E.g. which VPN software
