Unbound DNS

[eXebb]

Hello,

I noticed that if I disable Unbound DNS, I remain without a connection on LAN 1-8, what can I do to stop using Unbound and have the internet work?
If I opt for PiHole or AdGuard will it solve the problem?

Thanks!

[Patrick M. Hausen]

You need one recursive DNS service. AdGuard Home does not provide that. What's your problem with Unbound?

You can run BIND instead. I do that.

[eXebb]

You need one recursive DNS service. AdGuard Home does not provide that. What's your problem with Unbound?

You can run BIND instead. I do that.

Can you send me this BIND you are using? I can't find it or I don't know what to look for

[Patrick M. Hausen]

System > Firmware > Plugins

Install os-bind.

But you will need to configure it for clients to be able to use the DNS service.

What exactly are you trying to achieve? What is the problem with Unbound?

[eXebb]

System > Firmware > Plugins

Install os-bind.

But you will need to configure it for clients to be able to use the DNS service.

What exactly are you trying to achieve? What is the problem with Unbound?

I don't really understand how to configure it optimally. I can't find anything concrete to understand something.
I made some settings in the past and I think something is not working properly

[Patrick M. Hausen]

What do you mean by "optimally"? What function should it perform? The general idea is that it takes DNS lookups from your LAN clients, forwards them to some upstream DNS of your provider, then answers to the clients. It's a necessary function of Internet access.

[eXebb]

What do you mean by "optimally"? What function should it perform? The general idea is that it takes DNS lookups from your LAN clients, forwards them to some upstream DNS of your provider, then answers to the clients. It's a necessary function of Internet access.

Yes, I know what it does, but I don't know how to set it correctly, do I set DNS servers in System -> Settings -> General or only in it? I would like to use dns over tls.
What settings must be checked in Services -> Unbound -> General? If I change Network Interfaces only on LANs, is there any problem?

[Patrick M. Hausen]

You should not change the interface from "All (recommended)" because that ensures stable operation. The firewall rules will take care of nobody from outside contacting your Unbound service.

As for DNS over TLS - the official docs should provide a start:
https://docs.opnsense.org/manual/unbound.html#dns-over-tls

I don't use that either, but BIND is definitely not less complex to configure than Unbound, it's just what I run through all my data centre for decades (literally) so that's why I stick with BIND.

[eXebb]

You should not change the interface from "All (recommended)" because that ensures stable operation. The firewall rules will take care of nobody from outside contacting your Unbound service.

As for DNS over TLS - the official docs should provide a start:
https://docs.opnsense.org/manual/unbound.html#dns-over-tls

I don't use that either, but BIND is definitely not less complex to configure than Unbound, it's just what I run through all my data centre for decades (literally) so that's why I stick with BIND.

I will also try BIND in the future