Menu
What's new
By:
Filters Better Search

DNS Privacy with Adguard + unbound

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

J

jata

Senior Member
Hi All - I just wanted some advice to see if there is more I could do/consider to increase DNS privacy on my home internet setup.

Setup/situation is:
  • wan dns set to ISP (no privacy) but not really used - see dhcp setup below
  • I have a RPI as a dedicated dns / adguard device running dietpi with adguard and unbound
  • all clients use dhcp with dns1 set to my RPI with adguard and unbound; dns2 set to nextdns
  • 90% of dns are sent via dns1 (local adguard/unbound) and the remaining through nextdns
  • using the dns script by @eibgrad I see everything is red with sender src being IP of my local adguard server
I'm trying to work out what this means... I think that it is showing that most dns queries are going via unbound but are not encrypted.

For DNS1 - can I improve this or is this as good as it gets using unbound?

For DNS2 - if I change the nextdns IP to the DNS-over-TLS/QUIC address in the dhcp settings - will this enable dns privacy on the 5-10% of dns queries that do not go through DNS1?

Thanks for any help on this.
 
You may find some answers and ideas in this thread:

www.snbforums.com

RX-AX88U + Adguard Home + Unbound - DNS Leak Test Result...

Quick question... What should a DNS leak test from the following sites look like assuming I have a proper configuration of Adguard Home + Unbound? From dnsleaktest.com extended test I get 1 server result, and its my IP Address but my ISP is the hostname. The hostname I don't recognize. The...
www.snbforums.com www.snbforums.com
 
Thanks @Tech9. I had seen this thread and it got me thinking about this stuff in the first place.

I’m not crazy worried about dns privacy and accept there are trade-offs. All good.

unbound + adguard on a dedicated device is working great for adblocking (the key objective).

But unbound is not encrypted to root servers. Should I care?
 
jata said:
unbound + adguard on a dedicated device
Click to expand...

I have a little reliability concerns with RPi and OS on SD card. It may work for years with no issues, it may stop tomorrow.

jata said:
But unbound is not encrypted to root servers. Should I care?
Click to expand...

Not really. You may get overall worse reliability and DNS resolution speed compared to no extra device and built-in Dnsmasq forwarder to always available 10-30ms away huge cache Google, Cloudflare, OpenDNS, etc. with available DoT straight on the router. Your browser caches queries as well, remember? OpenDNS offers custom blocking categories with free home account if you are interested. It's a Cisco company - pretty reliable. Public DNS providers will hide your WAN IP as well as potential extra security. With home routers the simpler setup the better unless you like to tinker with it all the time and look at numbers, graphs, queries, blocks, play with blocklists, etc. Basically you sacrifice simplicity and reliability chasing non-existing or not needed privacy. Do you have a cellphone or a laptop? Apple, Google, Microsoft already know a lot about you. Your mobile service provider knows exactly where you are at the moment. Your bank knows when, where and what you use your cards for. Why worry so much about DNS queries? This is your least concern.
 
Thanks @Tech9 - I agree but I know others will have strong opinions in the other (privacy max) direction.

I'm getting good performance, good control of ad blocking and a bit of tinkering all for free! If/when my rpi is down then queries go via nextdns (for free if under 300k/mth).

I don't think I will worry about having my dns queries 'encrypted' (unless someone can give me a reason that I care about)...
 
You must log in or register to reply here.

Similar threads

J
pros and cons for the two common DNS setups for a local adblocker - adguard home
2
Replies
25
Views
2K
Tech9
Tech9
C
Need help with GT-AXE11000 and DNS Director
Replies
0
Views
115
corruptus
C
C
DNS Director and AdGuard logs
2
Replies
26
Views
1K
SomeWhereOverTheRainBow
SomeWhereOverTheRainBow
P
Solved Router DHCP and DNS not responding to changes
2
Replies
35
Views
1K
PTS
P
J
DNS rewrite for internal clients to resolve hostname via adguard home and unbound
Replies
12
Views
4K
jata
J
Similar threads
Thread starter Title Forum Replies Date
R DNS Privacy Protocol wont enable Asuswrt-Merlin 2
T Using DOT DNS breaks ECS Asuswrt-Merlin 9
pdc Router DNS returning Refused Asuswrt-Merlin 2
C Need help with GT-AXE11000 and DNS Director Asuswrt-Merlin 0
V DNS server vs DNS-over TLS server list Asuswrt-Merlin 3
R Would any of this make my browsing more secure? (WAN DNS settings) Asuswrt-Merlin 20
A DNS/TLS IPv6. Asuswrt-Merlin 4
X DNS Director - question Asuswrt-Merlin 6
X RT-AX58U sudden DNS problem - URGENT Asuswrt-Merlin 14
P Solved Router DHCP and DNS not responding to changes Asuswrt-Merlin 35

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 733 (members: 39, guests: 694)
Top