What's new

Pi-Hole or Diversion or Unbound?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

So I run Docker on my Debian server.( Qotom SFF intel pc) This runs AdGuard Home, Whoogle and others Containerised applications.. Adguardhome (AG)connect DNS over QUIC back to Adguard DNS servers. (it does require a valid Certificate. this is generated by the DDNS on the Asus 86u( I can also select several types of public DNS servers should I wish. I also use AdGuard Home as my DHCP server which takes a bit of load away from the RT-AC86U running Merlin 386.2_2. I prefer AG over PI Hole .. its just my preference as it natively supports encrypted DNS. The 86U just forwards all DNS to AG or the DHCP clients send DNS direct to AG. I have even tried DoT to the AG and that works fine over my internal network. Given Docker can be configured to automatically update the Conatiner images (AG, WHoogle etc) its just sits there and ticks over whiout any issue. The Debian server checks daily for updates and applies updates in the background. Fo me its a low maintenace solution.
 
Now I simply use nextDNS (there is a version for merlin) and it works great. good UI. simple config. set and forget.
An additional benefit of NextDNS is that it is ‘portable’ - they have apps for iOS, Android, Windows etc. so you can enjoy the same protections out of your home network.

Well, in fact even on your company laptop if you can tweak its DNS settings :)
 
An additional benefit of NextDNS is that it is ‘portable’ - they have apps for iOS, Android, Windows etc. so you can enjoy the same protections out of your home network.

Well, in fact even on your company laptop if you can tweak its DNS settings :)
Unfortunatley I make in excess of 20K DNS queries per day. This exceeds the 300K DNS querires per month that NextDNS allow under their free subscription. Adguardhome is Free for unlimited amout of DNS queries. AG blocks almost 25% of my queries without any visible disruption to my (The Household) browseing experience.
 
Unfortunatley I make in excess of 20K DNS queries per day. This exceeds the 300K DNS querires per month that NextDNS allow under their free subscription. Adguardhome is Free for unlimited amout of DNS queries. AG blocks almost 25% of my queries without any visible disruption to my (The Household) browseing experience.
$19.90 for a full year isn’t much
 
I use Adguard DMS and am very happy and it's minimum effort. In your routers WAN settings set "Connect to DNS server automatically" to no. Then fill in the two DNS servers with the IPs: 94.140.14.14 and 94.140.15.15. Besides blocking adds, they also block hostile sites and provide an option for family friendly blocking. More info:


Morris
 
An additional benefit of NextDNS is that it is ‘portable’ - they have apps for iOS, Android, Windows etc. so you can enjoy the same protections out of your home network.

Well, in fact even on your company laptop if you can tweak its DNS settings :)
$19.90 for a full year isn’t much
How do you setup NextDNS on the router? I cannot find the setting in the List of DoT DNS servers.

Any user guide or a link in this forum to setup NextDNS on a AX88U?
Thanks.
 
Yes. You can install Nextdns cli onto your router DoH install link below.

if you want DoT install this one

 
Last edited:
You do not realize how many DNS queries are actually made by you, your family and your devices until something starts counting.. A typical month in my household, 1.2 - 1.5M 1,209,357

The counts also illustrate how critical your DNS service becomes. Any slow-ness or distance or processing introduces latencies into DNS resolution accumulate rapidly over time. Latency Matters. Un-reliable services and choke points are quickly surfaced. It's one reason I have "Try Unbound" on my to-do list. But it has to be ultra-reliable and it must play nice with NextDNS and others too. Those together can be a high-bar. Stay safe, stay alive. Peace.
 
Last edited:
An additional benefit of NextDNS is that it is ‘portable’ - they have apps for iOS, Android, Windows etc. so you can enjoy the same protections out of your home network.

Well, in fact even on your company laptop if you can tweak its DNS settings :)
I believe we have different Use Cases. My solution works for me, your solution works for you.

Take Care
 
$19.90 for a full year isn’t much
Its not much indeed. However my use case is completely different and I have gone a different route that works for my enviornment.
 
You do not realize how many DNS queries are actually made by you, your family and your devices until something starts counting.. A typical month in my household, 1.2 - 1.5M 1,209,357

The counts also illustrate how critical your DNS service becomes. Any slow-ness or distance or processing introduces latencies into DNS resolution accumulate rapidly over time. Latency Matters. Un-reliable services and choke points are quickly surfaced. It's one reason I have "Try Unbound" on my to-do list. But it has to be ultra-reliable and it must play nice with NextDNS and others too. Those together can be a high-bar. Stay safe, stay alive. Peace.

Agreed on the number (we have < 20 devices and are around 1.5 million). However, when you back that out, DNS is very small traffic. At 50,000 requests / day, that's less that 1 per second. Really nothing on a computer scale given the 'lightness' of the traffic.
In addition, some devices get more 'chatty' once you block traffic and will up the amount of queries sent once blocked. I typically block around 20% of requests, and I'm not sure what impact that has.

Latency is certainly important and with multiple devices querying for the same domains, bringing caching into your network will help reduce it during times when numerous users are online. FWIW, pihole has been very reliable for me. I do run 2, one on a Rasp Pi and one on a VM. :)
 
You can substantially reduce the number external DNS lookups by enabling dnsmasq caching of failed lookups
Code:
/jffs/scripts# cat dnsmasq.postconf
#!/bin/sh
CONFIG=$1
source /usr/sbin/helper.sh
pc_append "neg-ttl=3600" $CONFIG
pc_delete "no-negcache" $CONFIG
#
. /opt/share/diversion/file/post-conf.div # Added by Diversion
/jffs/scripts/uiDivStats dnsmasq & # uiDivStats

Edit: Perhaps it would be better to describe it as successful lookups of non-existent names or IP addresses
 
Last edited:
You do not realize how many DNS queries are actually made by you, your family and your devices until something starts counting.. A typical month in my household, 1.2 - 1.5M 1,209,357

The counts also illustrate how critical your DNS service becomes. Any slow-ness or distance or processing introduces latencies into DNS resolution accumulate rapidly over time. Latency Matters. Un-reliable services and choke points are quickly surfaced. It's one reason I have "Try Unbound" on my to-do list. But it has to be ultra-reliable and it must play nice with NextDNS and others too. Those together can be a high-bar. Stay safe, stay alive. Peace.
Although you can force Unbound to use NextDNS or other specific providers, then the whole underlying benefit of Unbound is lost - it is acting just as a forwarder then.

The whole idea of Unbound is that it gets the DNS resolution from from certified root servers in a sequential manner; so you never actually go to any specific DNS provider.

Regarding reliability and high availability; I have had Unbound running on RPi4 for 90 days uninterrupted and on ASUS Router for 120 days without any hitch. The devices were rebooted after the said days due to other reasons and not due to Unbound. I have a Unbound installation running at my work place on a Mac Mini for over a year... performs the DNS lookups as expected.
 
I use AdGuard Home running in Docker on my unRAID home server. It's been totally solid for nearly a year now. It does all DNS for the house.

My unRAID box is an i3-10100 based machine so performance is excellent.
 
I have my pihole,Unbound just going thru the VPN, haven’t had any issues
 
I use AdGuard Home running in Docker on my unRAID home server. It's been totally solid for nearly a year now. It does all DNS for the house.

My unRAID box is an i3-10100 based machine so performance is excellent.
What features are you taking advantage of by running your own server rather than pointing at the AdGuard servers?
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top