Unbound DNS, PiHole vs. AdGuard Home

[Patrick M. Hausen]

Code Select Expand

dig . ns
dig org. ns
dig opnsense.org. ns
...


[jimjohn]

Another question.

Here (https://docs.opnsense.org/manual/how-tos/bind.html) it says maybe you want to stick with Unbound as your primary DNS. Why would I do that? What is the advantage?

[Patrick M. Hausen]

Unbound is better integrated e.g. picking up entries from static and dynamic DHCP leases etc. The BIND plugin in its current state cannot do that. OTOH the BIND plugin lets you manually create and populate zones, which is what I prefer. Why should any system on my network mess with DNS entries?

[CJ]

Didn't the blacklist get converted to use Unbound natively instead of BIND?  It shows up under Unbound on my setup.

Personally, I use a combination of Quad9 and a blacklist.  About the only thing I prefer from the pihole is the reporting but I'd rather not run a separate device or VM.

[jimjohn]

Didn't the blacklist get converted to use Unbound natively instead of BIND?  It shows up under Unbound on my setup.

Personally, I use a combination of Quad9 and a blacklist.  About the only thing I prefer from the pihole is the reporting but I'd rather not run a separate device or VM.

Yes, blacklists are available in Unbound as well (maybe even more than for BIND?).

However, the problem with Unbound for me is that it restarts quite often and if it does - it takes forever. I am running BIND for the blacklists at the moment and find it way more performant. I have Unbound as the first DNS resolver forwarding to BIND (as described in the docs) and this seems to work stable so far. I will probably exchange Unbound for AdGuard and keep BIND as the DNS resolver. Unbound seems fairly complicated for what it is intended for. Restarting it takes several minutes for me on an APU4D4 board.

[jimjohn]

Please delete.