Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Unbound + Stubby for dummies
« previous
next »
Print
Pages: [
1
]
Author
Topic: Unbound + Stubby for dummies (Read 2022 times)
hushcoden
Hero Member
Posts: 550
Karma: 23
Unbound + Stubby for dummies
«
on:
February 18, 2022, 11:21:40 pm »
I found this guide
here
and I'm not sure which benefit stubby brings, can someone elaborate in 'plain english' ?
Also, why using port 8053 ?
What about DNSCrypt?
I'm trying to learn the differnet options for DNS servers encryption.
Tia.
«
Last Edit: February 19, 2022, 05:57:34 pm by hushcoden
»
Logged
cookiemonster
Hero Member
Posts: 1823
Karma: 95
Re: Unbound + Stubby for dummies
«
Reply #1 on:
February 21, 2022, 03:04:16 pm »
Benefits in this regard will be subjective.
For me Stubby gives me the benefit of flexibility at the expense of user friendliness. I can use the resolvers I want, select round-robin if I want, and mix reosolvers that need pinsets and those that don't.
I am confident with command line and modifying config files. I don't need a UI for those tasks. The config files has a number of attibutes I can use if I want it. The main drawback is the lack of logging.
In short, Stubby gives me what I want in a way that I like and is configurable enough.
The arbitrary port is because it runs as a service ordaemon, so it needs a port to be connected to. It doesn't have to be 8053 but it needs to be free.
«
Last Edit: February 21, 2022, 03:08:05 pm by cookiemonster
»
Logged
ajm
Jr. Member
Posts: 62
Karma: 7
Re: Unbound + Stubby for dummies
«
Reply #2 on:
February 21, 2022, 07:48:35 pm »
FWIW, I chose just to use the available DNS over TLS feature of Unbound, along with a lightly filtered DNS service from Quad9. (Check 'em out, I think they're 'good guys' and warrant support.)
I'd previously been using Stubby/DNSmasq (on OWRT) and Unbound now does the same but with simpler setup, AFAICS.
I've not really looked into the other 'secure' or 'filtered' DNS services available, as they seem to be overkill for my specific needs. The edge devices here are all quite well-managed as regards 'content protection', so going for complex network-based protection isn't really justified. IoT, Android, etc. are all forbidden from my network !
«
Last Edit: February 21, 2022, 08:20:03 pm by ajm
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Unbound + Stubby for dummies