Pi-hole+unbound Set DNS

How do I set the DNS server address that unbound will use? I’ve successfully set up pihole to use unbound, and in the dietpi-config tool I set a static ip with the family safe opendns ip address, but no filtering is happening.

I figured it out. I needed to set a forward-zone in /etc/unbound/unbound.conf.d/dietpi.conf

I had thought it there was no forward zone set it would use my host’s dns name servers. I’m just glad it’s working!

At the end of my dietpi.conf file I put the following:

        forward-zone:
          name: "."
          foward-addr: 208.67.222.123
          foward-addr: 208.67.220.123

This has no effect to PiHole and Unbound, nor will it impact how your local network clients resolve their DNS request. This is a setting for the operating system only.

Unbound by default will use the global root DNS server and there is no need to change anything.

The real web site filtering will be done by PiHole and there you would need to set which filter list to use. There are a hell of list available that could be added to PiHole. An example collection would be Fireborg

To be able to use PiHole, your local network clients would need to use PiHole as their DNS server. Did you already configured your network clients this way? Depending on your router, you could destribute PiHole DNS server using DHCP.

something not needed. If you like to use OpenDNS, set it as upstream DNS in PiHole. The benefit of Unbound is the be able to use the global root DNS server and not a public upstream provider.

1 Like

ooooooohhhhh, I’ve been reading the references to “gloabl root dns” and I thought that was talking about the dns I had configured in diet-pi! This makes so much more sense now!

Yes, PiHole is the one doing the filtering. Unbound will just resolve what has been passed PiHole ad blocking. Means, do your blocking configuration in PiHole. And if you like to use OpenDNS, it’s fine to set it on PiHole. But in this case, you don’t need Unbound. :wink:

I do like openDNS, but I wanted the benefits that you get with unbound. I’ll try things out with the filter list you mentioned, thanks!

Don’t forget to remove that configuration if you like to use Unbound (root DNS server)

You could use one of the following 3 URL-only text list options offered by Fireborg. List Generator ¦ Firebog Be careful with the All lists option as it will block quite a lot of stuff. Probably thinks you maybe need. Definitely some whitelisting to be done at the end. Usually the txt list could be simply added to PiHole via copy/past.

Personally these are my PiHole stats

Using Unbound, the benefit is that you do not share your DNS traffic with any upstream DNS provider. Setting a forward zone basically destroys this benefit :wink:. Another option that makes sense is to enable DoT (explained in our docs) with Unbound. That way you again use a DNS provider, but traffic to it is done encrypted. Encrypted DNS requests to root servers are not possible, so it’s privacy against DNS providers against privacy against your ISP and anyone else between you and the DNS provider.

In the end the ISP sees at least the IPs you are connecting to, no matter which way the domains are resolved, or am I wrong?

True, but theoretically there could be more than a single service behind a single IP.

if compare pihole and adguard home (both dietpi default software). which one is recommended for best result with combination of unbound, in both pihole & adguardhome upstream dns unbound.

Depends on personal preferences. There is no black and white answer. Both do AdBlocking. :wink:

PiHole has some more dependency like SQLite + Web Server stack. While AGH is a small executable. However PiHole is build on dnsmasq. Means it could be used to do quite some more stuff with it. Some people feels the UI of AGH is more modern. However PiHole as a star trek option :smiley:

Personally I like PiHole as it has way more options and could be adjusted on my personal needs much better compare to AGH. As I do some other stuff with dnsmasq Like to distribute PiHole as IPv6 DNS using RA. As well I imported quite some blocking list in addition. On PiHole this is a one click actition to copy multiple list at once. In AGH you would need to add them line by line.