Show Posts
1
Tutorials and FAQs / Re: FRESH NEW AND IMPROVED GETDNS STUBBY AND UNBOUND AKA DNS PRIVACY
« on: August 18, 2020, 09:31:02 am »
Thanks for posting guys, both the original tutorial and the followup posts were extremely helpful.
At first I was just running a pi-hole as a DNS server behind my opnsense home firewall. I then used the method in the first post to set up Stubby and Unbound, once I understood how it worked the only issue I had was I had to change the tls_ca_file: "/etc/ssl/cert.pem" entry as per Koldnitz's post and everything worked perfectly.
I can now send queries either via pihole -> Unbound -> Stubby -> Cloudflare over TLS, or just go directly Unbound -> Stubby -> Cloudflare. Since the latest version of opnsense has blacklists built into Unbound the pihole is redundant except for the nice dashboards, but I can live without those.
On the forward-facing side Unbound can now support DNS over TLS, and since you can enter multiple forward TLS resolvers in the Custom Options box, I don't think I understand what extra value there is by introducing Stubby to the resolver chain.
Does Stubby bring anything vitally important to the mix or is it just easier to leave it right out and run Unbound by itself?
At first I was just running a pi-hole as a DNS server behind my opnsense home firewall. I then used the method in the first post to set up Stubby and Unbound, once I understood how it worked the only issue I had was I had to change the tls_ca_file: "/etc/ssl/cert.pem" entry as per Koldnitz's post and everything worked perfectly.
I can now send queries either via pihole -> Unbound -> Stubby -> Cloudflare over TLS, or just go directly Unbound -> Stubby -> Cloudflare. Since the latest version of opnsense has blacklists built into Unbound the pihole is redundant except for the nice dashboards, but I can live without those.
On the forward-facing side Unbound can now support DNS over TLS, and since you can enter multiple forward TLS resolvers in the Custom Options box, I don't think I understand what extra value there is by introducing Stubby to the resolver chain.
Does Stubby bring anything vitally important to the mix or is it just easier to leave it right out and run Unbound by itself?