Hello, now I am using dns over https by 1.1.1.1 . Do you use over tor? I cannot find a good tutorial. Please help me
My IP Address, DNS Leak Test, WebRTC Leak Test, IPv6 Leak Test, HTTP Headers, IP Whois - BrowserLeaks if you test DNS over tor...you have to see TOR or only Cloudflare dns ????
My IP Address, DNS Leak Test, WebRTC Leak Test, IPv6 Leak Test, HTTP Headers, IP Whois - BrowserLeaks If you use DNS over Tor what do you read?? cloudflare or tor ?
Here is the Cloudflare info on DNS over TOR. However using it on a PI is something totally different. I imagine you would have to have TOR running as a service on your PI. Here is an install example of that setup.
I think if you are this concerned about privacy then just head over to the piholw unbound documentation here on the pihole website. It will take you less then 10 minutes to install and get running.
Make sure to do the wget command for the root list.
Dont do that if you install unbound via your package manager (apt) like described in the official guide!
The root.hints file is already installed when installing unbound ... and unbound knows how to find it:
pi@ph5b:~ $ apt depends unbound
unbound
Depends: adduser
Depends: dns-root-data
[..]
pi@ph5b:~ $ apt policy dns-root-data
dns-root-data:
Installed: 2021011101
[..]
pi@ph5b:~ $ dpkg -L dns-root-data
[..]
/usr/share/dns/root.hints
[..]
pi@ph5b:~ $ cat /etc/unbound/unbound.conf.d/pi-hole.conf
[..]
# Use this only when you downloaded the list of primary root servers!
# If you use the default dns-root-data package, unbound will find it automatically
#root-hints: "/var/lib/unbound/root.hints"
[..]
Get your feet wet first, like advised before already, to get some experience before you advice others!
Most of what you've posted here is really bad advice.
O.K. I'll look into it, uninstall, re, omitting the root list for deb11.
If you enable remote-control by creating a new unbound config files named remote-control.conf with below:
sudo tee /etc/unbound/unbound.conf.d/remote-control.conf <<< $'remote-control:\n control-enable: yes'
And activate:
sudo service unbound reload
You can validate if the root.hints file was processed successfully to eventually populate the cache with the actual current root servers:
EDIT: Ow you might first need to populate cache after a reload with a:
dig @localhost -p 5335 . a
pi@ph5b:~ $ sudo unbound-control lookup .
The following name servers are used for lookup of .
;rrset 68651 13 1 8 0
. 68651 IN NS a.root-servers.net.
. 68651 IN NS b.root-servers.net.
. 68651 IN NS c.root-servers.net.
. 68651 IN NS d.root-servers.net.
. 68651 IN NS e.root-servers.net.
. 68651 IN NS f.root-servers.net.
. 68651 IN NS g.root-servers.net.
. 68651 IN NS h.root-servers.net.
. 68651 IN NS i.root-servers.net.
. 68651 IN NS j.root-servers.net.
. 68651 IN NS k.root-servers.net.
. 68651 IN NS l.root-servers.net.
. 68651 IN NS m.root-servers.net.
[..]
Or see what nameservers (NS) are recurs-ed into for querying a particular domain:
EDIT: Same here, might want to dig first before see whats in cache.
pi@ph5b:~ $ sudo unbound-control lookup pi-hole.net
The following name servers are used for lookup of pi-hole.net.
;rrset 15156 4 0 7 3
pi-hole.net. 15156 IN NS ns1.pi-hole.net.
pi-hole.net. 15156 IN NS ns2.pi-hole.net.
pi-hole.net. 15156 IN NS ns3.pi-hole.net.
pi-hole.net. 15156 IN NS ns4.pi-hole.net.
[..]
EDIT: Ow ps, the second column is the TTL advertised by the authoritative DNS servers for these domains DNS records.
But we're wondering off-topic a bit 
Hello,
thanks,this guide GitHub - piskyscan/dns_over_tls_over_tor: Instructions for setting up DNS over TLS over TOR is good even if I want to implement new cloudflare hidden service DNS ```
https://dns4torpnlfs2ifuz2s2yf3fc7rdmsbhm6rw75euj35pac6ap25zgqad.onion
at this page
https://blog.cloudflare.com/welcome-hidden-resolver/
wich command for testing?
Thanks Harold