Hi, I installed Pi-Hole with Ubound option. During setup, I put a checkmark on Cloudflare DNS. In Pi-Hole, I see Upstream DNS Servers, Custom 1 (IPv4) (127.0.0.1#5335) which confirms that Pi-Hole works with Unbound. On the left side (Upstream DNS Servers), nothing is selected. I believe that is normal because I use Unbound right?
This file located in /etc/pihole/setupVars.conf shows : PIHOLE_DNS_1=127.0.0.1#5335
This file located in /etc/dnsmasq.d/01-pihole.conf shows : server=127.0.0.1#5335
Why I don’t see Cloudflare DNS?
Which DNS is used?
Is it located in a different file / folder (if yes, where)?
If I want to view or change DNS, how should I proceed (from the GUI in Pi-Hole and from command line)?
I believe the config for unbound is in /etc/unbound
There should be a setting in it to change the upstream DNS there to use cloudflare 1.1.1.1 and 1.0.0.1
This is fully correct setting using unbound. The settings you have done during installation have no effect as they are overwritten with the unbound configuration. Means you will not see a Cloudflare configuration.
Anyway aim of unbound is to use global root DNS servers and not a public DNS like Cloudflare or Quad9. If you like to use one of these upstream DNS services, you don’t need unbound.
I like the fact that Pi-Hole does :
Blocking Ads and having faster DNS with malware blocking feature when using CloudFlare DNS.
According to (Upstream DNS Providers - Pi-hole documentation).
I like the fact that Unbound does features like : caching DNS resolver (I understand better Internet performance) and increases your Internet privacy according to (DNS Servers Options - DietPi.com Docs).
1- Do you agree with the benefits I gave you for Pi-Hole and Unbound?
2- Should I understand that I can’t get all theses benefits, so I have to choose between Pi-Hole and Unbound?
3- If it possible to keep all theses benefits that I gave you above?
4- If I keep both, which benefits I’ll loose?
5- You said that Unbound is using global root DNS servers. If we compare it over CloudFlare DNS, should I understand that we have less, more or similar DNS performance.
6- Does Unbound provides malware protection like CloudFlare DNS (if yes, is it similar)?
7- Would you prefer CloudFlare DNS over global root DNS servers and why?
8- In terms of Ads, should I understand that Pi-Hole will do a better job with CloudFlare DNS or better with global root DNS servers used by Unbound or Pi-Hole with give me same Ads blocking performance.
For CloudFlare it says : “CloudFlare will never log your IP address (the way other companies identify you). The independent DNS monitor DNSPerf ranks Cloudflare’s DNS the fastest DNS service in the world.” According that that, I beleive that I still get privacy, but I might be wrong!
I’m trying to understand the benefits that I’ll gain by keeping Unbound and the benefits that I’ll loose by not choosing CloudFlare DNS.
I guess there is a misunderstanding in what Unbound is and what it does. It’s not the question to choose between Unbound and Pihole. Both working together quite well.
It’s more the question if you like to use a global upstream DNS provider like Cloudflare, Quad9 or Google DNS and if you trust them. Or if you simply like to use global root DNS server instead. It’s a question on data privacy.
Personally I’m using Pihole+Unbound together since long time.
And just for completeness: Pi-hole (dnsmasq to be precise) has a DNS cache as well. In combination with Unbound, you basically have a double-cache .
While Unbound and Pi-hole double this particular DNS cache feature, as Joulinar said, they serve different purposes which add up very well. Just to put it into another picture, Unbound changes the path of the DNS query from:
client > Pi-hole > Cloudflare > DNS root server
to:
client > Pi-hole > Unbound > DNS root server
So you basically self-host the service of public DNS providers. Alternatively, Unbound can be used to encrypt the DNS traffic, but then requires a public DNS provider for the DNS root server query again, for cases where you do not trust your LAN or ISP: DNS Servers Options - DietPi.com Docs
I don’t think there is a noticeable difference. @Joulinar do you know some dig or pihole CLI to test DNS resolution latencies? One must take care to disable the cache (in Pi-hole as well as Unbound) or test with a new hostname each time.
Without Unbound, there is at least one less point of failure, given that upstream DNS providers should be 100% reliable.
.