Using Unbound

Started by battle, June 18, 2025, 11:42:24 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 18, 2025, 11:42:24 PM
I had to switch from Windows 7 to W10 recently because my new printer didn't come with drivers for W7.  I stayed on W7 because W8-W11 is known to be pulling data off your computer and sending it to Redmond.  I put Opnsense on an older dell I had and started fighting W10 telemetry by monitoring what was going out of my computer with WireShark, LiveTcpUdpWatch, and Zenarmor Live Sessions.  I was able to track down and block 58 IPs going back to Microsoft and an additional 250 IPs going to other various companies (google, amazon, etc).  Most of the tracking caught was during evening hours just after a reboot with no programs running other than WireShark and LiveTcpUdpWatch.  All the captured IPs are now being blocked by Opnsense.
However, there were some W10 programs and a couple of other softwares that were unnecessarily connecting to their companies.  They were automatically connecting through my VPN by way of using my Network Settings, so I had to set my W10 'Proxy Access to the Internet' to 'No Proxy'.  By doing this I apparently am now blocking my browsers from DNS, they can't interpret any domain names now.  They can go to a hard IP address however.

My main problem is that I am trying to setup Unbound to try to use it for DNS, but when I try to change Unbound's port from 5353 to 53, Opnsense says that Adguard has port 53.  I don't know if there is a way to change W10's DNS port to 5353.  Can anyone see anything I can do to make W10 use Unbound?

Thanks
June 18, 2025, 11:45:49 PM #1
You could start by structuring your post in a way it is actually readable. You know, sentences, punctuation, paragraphs ...

I am not able to parse this wall of text, sorry.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
June 18, 2025, 11:51:33 PM #2
Leave Adguard listening on 53, leave Unbound on 5353 then set in AdGuardHome (presumably) unbound 5353 as its Upstream DNS servers?
Client 53 --> AdguardHome 53 --> Unbound 5353 --> Root servers (default recursion).
That's a more "regular" approach.
June 18, 2025, 11:53:34 PM #3
Never use port 5353 for a DNS service - apart from mDNS-Repeater. 5353 is reserved for mDNS. You are in for trouble.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
June 19, 2025, 12:18:45 AM #4
Quote from: Patrick M. Hausen on June 18, 2025, 11:53:34 PMNever use port 5353 for a DNS service - apart from mDNS-Repeater. 5353 is reserved for mDNS. You are in for trouble.
Good point!
June 19, 2025, 12:23:56 AM #5
Quote from: Patrick M. Hausen on June 18, 2025, 11:45:49 PMYou could start by structuring your post in a way it is actually readable. You know, sentences, punctuation, paragraphs ...

I am not able to parse this wall of text, sorry.

There, is this better?

I had to switch from Windows 7 to W10 recently because my new printer didn't come with drivers for W7.  I stayed on W7 because W8-W11 is known to be pulling data off your computer and sending it to Redmond.  I put Opnsense on an older dell I had and started fighting W10 telemetry by monitoring what was going out of my computer with WireShark, LiveTcpUdpWatch, and Zenarmor Live Sessions.  I was able to track down and block 58 IPs going back to Microsoft and an additional 250 IPs going to other various companies (google, amazon, etc).  Most of the tracking caught was during evening hours just after a reboot with no programs running other than WireShark and LiveTcpUdpWatch.  All the captured IPs are now being blocked by Opnsense.

However, there were some W10 programs and a couple of other softwares that were unnecessarily connecting to their companies.  They were automatically connecting through my VPN by way of using my Network Settings, so I had to set my W10 'Proxy Access to the Internet' to 'No Proxy'.  By doing this I apparently am now blocking my browsers from DNS, they can't interpret any domain names now.  They can go to a hard IP address however.

My main problem is that I am trying to setup Unbound to try to use it for DNS, but when I try to change Unbound's port from 5353 to 53, Opnsense says that Adguard has port 53.  I don't know if there is a way to change W10's DNS port to 5353.  Can anyone see anything I can do to make W10 use Unbound?

Thanks
June 19, 2025, 10:20:39 AM #6
No need old chap. He doesn't need defending and that is not what I'm doing, but that first paragraph is hard to read. I am even unsure if I'm reading it correctly.
Moving on if we could, have you been able to solve the conundrum, or do you still want some pointers? Happy to do that.
On the other hand, what I suggested (bar using a different port), have  you been able to try it? Or do you want MS Windows-specific suggestions?
Print
Go Up Pages1
User actions