Install unbound with your package manager. I use
aptso in my case I
sudo apt install unboundand it is installed, it depends on your system which package manager you have.
Create and edit
vimbut you can use whichever text editor you prefer. In my case I do
sudo vim /etc/unbound/unbound.conf.d/adguard.conf
Once you are in your terminal and ready to input into the config file, insert the following. Only enable IPv6 if it is native to your network, 6to4 tunneling is not native IPv6. Also you need to set
num-threads:to the number of threads for your machine! default is one, in my config I have 4.
server: interface: 127.0.0.1 port: 5335 do-ip6: no do-ip4: yes do-udp: yes # Set number of threads to use num-threads: 4 # Hide DNS Server info hide-identity: yes hide-version: yes # Limit DNS Fraud and use DNSSEC harden-glue: yes harden-dnssec-stripped: yes harden-referral-path: yes use-caps-for-id: yes harden-algo-downgrade: yes qname-minimisation: yes # Add an unwanted reply threshold to clean the cache and avoid when possible a DNS Poisoning unwanted-reply-threshold: 10000000 # Minimum lifetime of cache entries in seconds cache-min-ttl: 300 # Maximum lifetime of cached entries cache-max-ttl: 14400 prefetch: yes prefetch-key: yes # Optimisations msg-cache-slabs: 8 rrset-cache-slabs: 8 infra-cache-slabs: 8 key-cache-slabs: 8 # increase memory size of the cache rrset-cache-size: 256m msg-cache-size: 128m # increase buffer size so that no messages are lost in traffic spikes so-rcvbuf: 1m private-address: 192.168.0.0/16 private-address: 169.254.0.0/16 private-address: 172.16.0.0/12 private-address: 10.0.0.0/8 private-address: fd00::/8 private-address: fe80::/10
- Restart unbound with
sudo systemctl restart unboundit is now listening on the specified port and doing what the config says.
Telling AdGuard Home to use Unbound
Go into your AdGuard Home admin panel and go to Settings -> DNS settings
In the Upstream DNS servers box you now put
Telling Pi-hole to use Unbound
- Go into Settings and Upstream DNS settings, uncheck every DNS box and check one custom IPv4 address, input
- Disable DNSSEC in AdGuard Home or Pi-hole. Unbound is blocking BOGUS DNSSEC replies, having DNSSEC enabled in AGH or Pi-hole can cause issues for valid returns.
AdGuard & Pi-hole Discord: https://discord.gg/VzThBmB