Pi-Hole or Diversion or Unbound?

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

snowcrash101

Occasional Visitor
Hello

I'm planning to buy either RT-AX86U or RT-AX68U. I also have a home server (debian 10).

I want to have ad-blocking, and recently discovered Diversion or Unbound can be used with merlin. Is Diversion similar to Pi-Hole in terms of effectiveness of ad-blocking? And similarly, is Unbound similar to Diversion? (sorry - I'm confused!)

I'm assuming if I went down installing Pi-Hole on my server, this would be more complicated to set-up/maintain, than simply using Diversion?

Thanks
 

BreakingDad

Senior Member
Yes it is confusing, hope these snippets help:

Courtesty of SNB Forum member @dave14305 post 1177

Unbound is a DNS server essentially:

Instead of relying on a Google DNS, Cloudflare, Quad9 or NextDNS, Unbound will let you perform the same DNS functions as those public resolvers. Unbound will deal directly with the authoritative name server (i.e. domain owner) instead of relying on a third-party to do that. You cut out that middle-man. If you only want to use Unbound as another forwarder, it's won't really offer much benefit over the built-in dnsmasq.


When Unbound gets a DNS request from a client, it will not use a single upstream server like you may be used to. Say it gets a request to lookup www.snbforums.com. First it will query the root DNS servers to see what server is the owner of the .com top-level domain. Once it knows that server identity, it will query that one to see which DNS nameserver owns snbforums.com within the .com domain. Once it gets that response, it will query the snbforums.com DNS server to get the IP for www within snbforums.com.


It does all that directly between you and those servers, without sharing your DNS query data with a third-party DNS resolver like the ones I mentioned earlier.

Diversion is a shell script application to manage ad-blocking, Dnsmasq logging, Entware and pixelserv-tls installations and more on supported routers running Asuswrt-Merlin firmware, including its forks.

Is Diversion similar to Pi-Hole in terms of effectiveness of ad-blocking?

Yes

Diversion Main Thread

Unbound Main Thread

You can run both together, many people do.

Personally if you just want adblocking, I would go for Diversion on it's own first, All being well you can add Unbound later if you need to.
 

New2This

Senior Member
Have been running Pi-hole along with Unbound installed on a raspberry Pi 4 without any issues
yes easy to input the number into the router so that all clients will go through the Pi
 

BreakingDad

Senior Member
Have been running Pi-hole along with Unbound installed on a raspberry Pi 4 without any issues
yes easy to input the number into the router so that all clients will go through the Pi
Yes I had pi hole on a pi4, recently changed to adguard as I find it easier to use for enforcing safe search by means of 1 click.
 

gspannu

Regular Contributor
Hello

I'm planning to buy either RT-AX86U or RT-AX68U. I also have a home server (debian 10).

I want to have ad-blocking, and recently discovered Diversion or Unbound can be used with merlin. Is Diversion similar to Pi-Hole in terms of effectiveness of ad-blocking? And similarly, is Unbound similar to Diversion? (sorry - I'm confused!)

I'm assuming if I went down installing Pi-Hole on my server, this would be more complicated to set-up/maintain, than simply using Diversion?

Thanks
I have tried all these combinations. Diversion, Unbound, Pi-Hole on a RPi. Even managed to run Pi-hole on the AX88U router as well ....

I was experimenting with ad-blocking in Unbound, then comparing this with Diversion and DNSSEC on the router, then Pi-hole... and spent many days tinkering and experimenting... and the result was that I wasn’t actually benefitting from my setup; because I was constantly changing, experimenting.

I got some great advice from great people in the forum and the “key advice was to set the router up, set the ad-blocking, set the DNS resolver” and then let it be and enjoy the results...
In reality, all these solutions offer great benefits - and you cannot go wrong with any of them - just pick one and then enjoy the benefits.

My current setup is Diversion and Unbound on the router - Just keeps everything self contained within the router.
 

EmeraldDeer

Very Senior Member
Simple yet effective?
Pi-hole No, not simple
Diversion Yes, as effective as Pi-hole
Unbound No, not simple, stick with dnsmasq and Quad9
 

New2This

Senior Member
Yes I had pi hole on a pi4, recently changed to adguard as I find it easier to use for enforcing safe search by means of 1 click.
Are you using the QUIC ?
 

ShagBark

Occasional Visitor
Hello

I'm planning to buy either RT-AX86U or RT-AX68U. I also have a home server (debian 10).

I want to have ad-blocking, and recently discovered Diversion or Unbound can be used with merlin. Is Diversion similar to Pi-Hole in terms of effectiveness of ad-blocking? And similarly, is Unbound similar to Diversion? (sorry - I'm confused!)

I'm assuming if I went down installing Pi-Hole on my server, this would be more complicated to set-up/maintain, than simply using Diversion?

Thanks
I'm bias... been running PiHoles (I run two) for quite some time now. Maybe pick up a cheap Raspbery Pi to play with to help decide? I messed around with Diversion installed via AMTM and its great. If I wasn't all in on PiHole I would use Diversion.
 

BreakingDad

Senior Member

BreakingDad

Senior Member

Elmer

Regular Contributor
I ran Diversion/Skynet (and really liked it) until the update to the 386 code base when I started all over again with router config. Now I run DNS-over-TLS using cloudflare 'family' (1.1.1.3) which my family uses, while I have two piholes (warning - use a pi4!) with static ips set to "no filtering" on the dns filter page, that I use. My family was constantly irritated by the overzealous blocking of ad domains (links to products), which I liked, so the combination of using the two systems works well for me. I just set my dns on my devices manually, and I don't have to worry about the reliability of the raspberries, because it only affects me and I know how to deal with it. I now find that I have a much lower router memory load than in the past when using 384 code with Diversion/Skynet, where I was always seemingly 10 Mb away from max - now it's half memory load. That said, Piholes are finicky, and you really need to run two if you are relying on them, and don't be stingy with cpu/memory - use a pi4. At one point, while experimenting, I tried to run my whole network with two old pi 3s (~90 connected devices) and it was a complete disaster. So, I guess I'm saying it doesn't have to be a this or that choice. A hybrid system may be your best solution.
 
Last edited:

OBENZ

Regular Contributor
I would run Pi-Hole with Unbound and DHCP server on a RPi. Better UI and router independent.
Yep doing same thing it’s been running stable for 2 years now, it’s easy to set up and no maintenance required plus great controls over clients. I’m also running dnsmasq on Pi-hole to direct specific domains to a custom dns to evade geoblocking
 

cptnoblivious

Regular Contributor
I ran Diversion/Skynet (and really liked it) until the update to the 386 code base when I started all over again with router config. Now I run DNS-over-TLS using cloudflare 'family' (1.1.1.3) which my family uses, while I have two piholes (warning - use a pi4!) with static ips set to "no filtering" on the dns filter page, that I use. My family was constantly irritated by the overzealous blocking of ad domains (links to products), which I liked, so the combination of using the two systems works well for me. I just set my dns on my devices manually, and I don't have to worry about the reliability of the raspberries, because it only affects me and I know how to deal with it. I now find that I have a much lower router memory load than in the past when using 384 code with Diversion/Skynet, where I was always seemingly 10 Mb away from max - now it's half memory load. That said, Piholes are finicky, and you really need to run two if you are relying on them, and don't be stingy with cpu/memory - use a pi4. At one point, while experimenting, I tried to run my whole network with two old pi 3s (~90 connected devices) and it was a complete disaster. So, I guess I'm saying it doesn't have to be a this or that choice. A hybrid system may be your best solution.

It's curious that you were having issues with the pi 3's, what were your task loads like? 90 devices is quite a few though.

I run a pi 4B myself (with other stuff beyond pihole on it), but see a lot of folks successfully running pi zero W's.
 

jata

Regular Contributor
I have used diversion and tried to get pi-hole working as a docker container on my rpi but I had some issues with it.

Now I simply use nextDNS (there is a version for merlin) and it works great. good UI. simple config. set and forget.
 

New2This

Senior Member
Very easy to install if you flash dietpi first onto your sd card, then you can easily install there software, like pi-hole or unbound, one click and it self installs whatever software you want

 

jata

Regular Contributor
Very easy to install if you flash dietpi first onto your sd card, then you can easily install there software, like pi-hole or unbound, one click and it self installs whatever software you want

That's great. thanks for the link/info. I primarily use my rock64/rpi as a NAS device so it runs Open Media Vault (OMV) and then I use docker to add services. I like to tinker so happy with this setup (for now).
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top