No, no, no. Pi-hole comes by default bundled with dnsmasq (at least on my Arch). The client is pointing his/her DNS settings to DNS resolver under Pi-hole control so Pi-hole can intervene and return not-found or invalid IP for blocked domains. That's the whole point.
Yes, I understand this. But it doesn’t know where legitimate sites are. Its these requests that are forwarded to an upstream, recursive server. Unbound is that server for me. Cloudflare and Google are big providers and susceptible to attackers. Using Unbound as a local recursive DNS server reduces this risk. I thought that was cool and wanted to use it and that's why it was chosen.
Like I said in the post, I think Pi-hole is really great out of the box software, but it wasn't what I wanted. You're welcome to disagree with that. There is a lot I didn't explain in the post and linked to that could be read for additional context, and that was intentional.
Currently developing futuristic smart-device, IoT connected, highway construction site safety system in EU.
Used to work on infrastructure, application architecture and cloud engineering.
Cloudflare and Google are big providers and susceptible to attackers
Well I have to disagree with that. They are IMHO least susceptible to attackers. It is far more easier and less suspicious to poison local DNS cache than that of Google or CloudFlare protected by numerous technologies, constantly monitored on all possible ISO/OSI layers, where millions of worldwide users would notice if something is off immediately and start reporting over their servicedesk and on Reddit. That simply does not make any sense.
Yes, I understand this. But it doesn’t know where legitimate sites are. Its these requests that are forwarded to an upstream, recursive server. Unbound is that server for me. Cloudflare and Google are big providers and susceptible to attackers. Using Unbound as a local recursive DNS server reduces this risk. I thought that was cool and wanted to use it and that's why it was chosen.
Like I said in the post, I think Pi-hole is really great out of the box software, but it wasn't what I wanted. You're welcome to disagree with that. There is a lot I didn't explain in the post and linked to that could be read for additional context, and that was intentional.
Well I have to disagree with that. They are IMHO least susceptible to attackers. It is far more easier and less suspicious to poison local DNS cache than that of Google or CloudFlare protected by numerous technologies, constantly monitored on all possible ISO/OSI layers, where millions of worldwide users would notice if something is off immediately and start reporting over their servicedesk and on Reddit. That simply does not make any sense.
Your comments are not constructive. Please do not comment on this post again. Thanks