Unbound DNS

Started by eXebb, December 10, 2023, 08:17:11 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 10, 2023, 08:17:11 PM
Hello,

I noticed that if I disable Unbound DNS, I remain without a connection on LAN 1-8, what can I do to stop using Unbound and have the internet work?
If I opt for PiHole or AdGuard will it solve the problem?

Thanks!
December 10, 2023, 08:22:22 PM #1
You need one recursive DNS service. AdGuard Home does not provide that. What's your problem with Unbound?

You can run BIND instead. I do that.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
December 10, 2023, 08:33:50 PM #2
Quote from: Patrick M. Hausen on December 10, 2023, 08:22:22 PM
You need one recursive DNS service. AdGuard Home does not provide that. What's your problem with Unbound?

You can run BIND instead. I do that.

Can you send me this BIND you are using? I can't find it or I don't know what to look for :))
December 10, 2023, 08:35:51 PM #3 Last Edit: December 10, 2023, 08:39:42 PM by Patrick M. Hausen
System > Firmware > Plugins

Install os-bind.

But you will need to configure it for clients to be able to use the DNS service.

What exactly are you trying to achieve? What is the problem with Unbound?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
December 10, 2023, 08:43:54 PM #4
Quote from: Patrick M. Hausen on December 10, 2023, 08:35:51 PM
System > Firmware > Plugins

Install os-bind.

But you will need to configure it for clients to be able to use the DNS service.

What exactly are you trying to achieve? What is the problem with Unbound?

I don't really understand how to configure it optimally. I can't find anything concrete to understand something.
I made some settings in the past and I think something is not working properly
December 10, 2023, 09:10:19 PM #5
What do you mean by "optimally"? What function should it perform? The general idea is that it takes DNS lookups from your LAN clients, forwards them to some upstream DNS of your provider, then answers to the clients. It's a necessary function of Internet access.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
December 10, 2023, 09:23:01 PM #6
Quote from: Patrick M. Hausen on December 10, 2023, 09:10:19 PM
What do you mean by "optimally"? What function should it perform? The general idea is that it takes DNS lookups from your LAN clients, forwards them to some upstream DNS of your provider, then answers to the clients. It's a necessary function of Internet access.

Yes, I know what it does, but I don't know how to set it correctly, do I set DNS servers in System -> Settings -> General or only in it? I would like to use dns over tls.
What settings must be checked in Services -> Unbound -> General? If I change Network Interfaces only on LANs, is there any problem?
December 10, 2023, 09:27:28 PM #7
You should not change the interface from "All (recommended)" because that ensures stable operation. The firewall rules will take care of nobody from outside contacting your Unbound service.

As for DNS over TLS - the official docs should provide a start:
https://docs.opnsense.org/manual/unbound.html#dns-over-tls

I don't use that either, but BIND is definitely not less complex to configure than Unbound, it's just what I run through all my data centre for decades (literally) so that's why I stick with BIND.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
December 10, 2023, 09:31:21 PM #8
Quote from: Patrick M. Hausen on December 10, 2023, 09:27:28 PM
You should not change the interface from "All (recommended)" because that ensures stable operation. The firewall rules will take care of nobody from outside contacting your Unbound service.

As for DNS over TLS - the official docs should provide a start:
https://docs.opnsense.org/manual/unbound.html#dns-over-tls

I don't use that either, but BIND is definitely not less complex to configure than Unbound, it's just what I run through all my data centre for decades (literally) so that's why I stick with BIND.

I will also try BIND in the future
Print
Go Up Pages1
User actions