What's new

Using AdGuard Home with Unbound

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Gary_Dexter

Senior Member
Any advantages to doing this?

How would it work with regards to filtering - will requests go to AGH first before being pushed to the “outside world” for blocklist checking etc?

And is there any benefit to Unbound over AGH’s DNS caching?
 

mattleg

New Around Here
The advantage is mostly privacy. Requests still come to AdGuard, then passed along to Unbound. Unbound then starts at the root servers and works up to find the requested address. Essentially Unbound is a private DNS server, much like that of your ISP or other offerings. You are cutting out the middle, plus keeping the requests private and secure on your own hardware.
 

Gary_Dexter

Senior Member
Thanks.
But then I would lose any content filtering provided by a DNS Service such as Quad9, Cloudflare or OpenDNS - right?
 

mattleg

New Around Here
Yes, you would lose the content filtering provided by those DNS services. AdGuard would be doing the content filtering. With Unbound and AdGuard your hardware becomes a miniature version of what those services offer.
 

Gary_Dexter

Senior Member
I've enabled Unbound now and using it via AGH.

I am noticing high amounts of DNS latency though - even for items served from the Cache in AGH:

1674478027694.png


And other sites showing ~ 0.2ms response times when serving links from the Cache:

1674478059910.png


Is there also any harm in leaving the folliwing enabled - I've read conflicting things online; some have said it's merely a reporting option added to the Query Log (denoted by a Green Padlock for successful DNSSEC Validated queries) and also read that it actually tries to force DNSSEC to the destination, thus doing it twice - once in AGH and then again in Unbound:

1674478314776.png
 

Gary_Dexter

Senior Member
Another instance served from cache but with a 1700+ms time.

Should I disable AGH’s cache? Again I’ve heard conflicting responses elsewhere that say to leave it on so the blocked lookups are cached in AGH without having to be resolved every time and another argument saying to disable it as Unbound does the caching and the impact of the blocked lookups is minimal.

472C3EA5-E41E-4F34-9464-06C607E70B32.png
 

chongnt

Very Senior Member
Is it one particular or all instances from cache have a long processing time? How about those first time query?
What I noticed is if I put a large blocklist or a lot of complex regex in custom blocklist it will increase the processing time.
 

Gary_Dexter

Senior Member
Is it one particular or all instances from cache have a long processing time? How about those first time query?
What I noticed is if I put a large blocklist or a lot of complex regex in custom blocklist it will increase the processing time.
Pretty much all instances. I think it’s a CPU limitation with my router as since removing Unbound everything is back to normal again
 

Gary_Dexter

Senior Member
So removing Skynet seems to have fixed the ping spiking issue - for some reason Skynet was tanking the CPU, and it wasn't really doing much for me anyway apart from filling the logs with requests that are blocked by the standard firewall anyway..

However, I am still not seeing any DNS requests marked as DNSSEC verified in AGH using Unbound - is this normal becuase Unbound is doing the DNSSEC handling now and AGH is just getting served from Unbound's cache?
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top