You can run Irssi and Pi-hole on the same RPi.
It takes a while to learn Irssi and screen. But is quite easy after a while.
1 Like
I just saw this:
Thought Iād play around with Unbound a bit.
Anyone running it on their pi-hole?
1 Like
I set this up on my pi-hole install.
1 Like
I have unbound up and running!
Old:
New with unbound:
Iām going to try it around a little bit!
Edit:
Looks like it works too:
I havenāt noticed itās slower than before either. Read that it could be so before it got up its caching.
Okay, Iāve been trying to understand how Unbound and recursive DNS works. Iām having a hard time getting it together in my head. Think I got up way too early this morning 
Anyone can explain how it works so a child understands?
What kind of DNS am I using? My ISPs? And what are the benefits of recursive DNS? For example, what does my ISP see?
Unbound is simply a DNS server with some modern features.
Donāt get hung up on the term recursive DNS server. It is a misunderstood and often misused term. More importantly, it isnāt really what is helping you here. That being said, if you want more information on it, Cloudflare has a pretty good article describing it.
What is more important in this case is that you have probably created a server which points directly to the root servers. Normally, what happens is that you point to DNS server on the internet which handles your queries(and lots of other peoples queries) for you. That server talks to the root servers to find out where the authoritative servers for the domain are, queries them and caches the results. When you connect directly to the root servers, you are doing all that yourself. Essentially when you need to lookup an address your local server asks the root servers where the authoritative server for that domain is. Then you query that server directly for the address.
The simple and plain English version of the above paragraph is that you have cut out the middle man. Instead of having a server between you and the root/authoritative servers you now do that yourself.
The impact this has on privacy is somewhat questionable. Your ISP can still see all of the DNS traffic because it is all unencrypted. You have just made it slightly less convenient for them.
At the end of the day DNS privacy is a matter of picking your poison on who you want to trust.
- Your ISP
- You VPN provider
- The TOR/onion network
- An encrypted DNS provider
That being said, hosting your own server that works directly with the root servers does increase DNS security somewhat as it makes you less susceptible to DNS poisoning and misbehaving DNS servers.
2 Likes
Why do we even need DNS in the current year?
Surely, there must be a way to implement sharing of IP addresses and domain names in some P2P wayā¦ Why do we still depend on third-party DNS? And pay for domain name registrations and similar nonsenseā¦ Canāt people just share a big hosts file among themselves, like a phonebook?
DNS as a concept makes no sense.
And even if there was no DNS, most people do not type web addresses into their browsers, but use a search engine to navigate the Web.
2 Likes
@dalto thanks for the reply. A whole adventure this with DNS. Iām trying to find the perfect solution. Doesnāt seem to exist!
@Kresimir Yep, itās a nightmare!
2 Likes
From your perspective would you say something like dnscrypt-proxy is trustworthy? Would you recommend it?
I havenāt used it personally but it is essentially a tool that shifts your DNS trust point to somewhere else.
The answer to would I recommend it depends on how you are using it and what the alternative is. You essentially have the same options as above:
- Your ISP
- An ISP somewhere else
- Tor
- An encrypted DNS provider
It does support anonymized DNS which potentially could add a degree of privacy. It basically puts an second hop between you and the dns provider to further obfuscate your IP.
1 Like
I guess then it all boils down to what you said before:
Thanks @dalto for the reply!
I think Iāll run Unbound and some kind of DNS-over-TLS on it. TLS seems to be better than HTTPS which has more metadata if I got it right?
I saw DJ Wareās clip of Unbound at Odysee yesterday.
By the way I forgot to mention that I am using a combination of VPN+dnscrypt-proxy. When I check at ipleak.net I get the following:
The DNS servers are those dnscrypt-proxy defaults to.
I have my own IP as DNS 
Since your VPN can see all your traffic anyway, is there any reason not to use the VPN providers DNS servers?
Is that a good thing?
I have no idea 
Edit:
I only saw it when I checked my DNS when I tested Unbound. Guess it has something to do with Unbound.
It is because you are running a local DNS server so you see your own IP.
2 Likes
No, actually I donāt have a good reason, or better put I donāt have any clue 
.
I thought, in a rather uninformed way, that perhaps it is a good idea to combine the two. Perhaps it isnāt.
I have mixed feelings on it.
On the one hand, you are hiding your DNS from your VPN provider which makes it slightly harder to analyze your activity.
On the other hand, you are sharing your information with two 3rd parties instead of just one.
If it was me, I would probably use the VPN providers servers but it really depends who you trust more, what you are trying to protect and who are you trying to protect it from.