DEV Community

loading...

Discussion on: The Ultimate ad-blocker: Configuring Pi-Hole with Unbound DNS

Collapse
jldohmann profile image
Jesse Author • Edited

Isn't it that Pi-hole uses dnsmasq (a recursive DNS resolver) itself

dnsmasq is a DNS forwarder that can cache results. Unbound is a recursive resolver that can also cache results. If dnsmasq doesn't have the answer, it will pass the query to the upstream DNS, which can be anything you want, including Unbound.

Maybe better would be to setup a DoH (DNS over HTTPs) to enhance the privacy?

I don't know enough to say. I think with recursion, it makes sense to minimize middle men who get the query. With DoH I think that would introduce a middle man. So my setup would go from:

client -> unbound -> authoritative DNS

to

client -> DoH -> Google -> authoritative DNS

So there is nothing preventing Google from storing the query, which is not something I want 😅

The GitHub issue I linked to has another link to a longer discussion for the caching optimization (which requires disabling dnsmasq caching), and may have more specifics

Some comments have been hidden by the post's author - find out more