Enhancing Security and Anonymity for Pi-hole with Unbound Firewall in Qubes 4.1


I am interested in enhancing the security and anonymity of my Pi-hole setup with Unbound firewall, which is running on Qubes 4.1 (sys-pihole). I would appreciate any recommendations on what I can add or configure to achieve this goal.

Thank you for your assistance.

Best regards,

Unbound is not a firewall, but a recursive DNS resolver. You can read about it here.

Apologies for the confusion. What I meant was that I use Pi-hole as an alternative to my firewall. Do you have any suggestions for additional settings or external applications that I could add to my Pi-hole/Unbound setup to further enhance security and anonymity? I was considering adding DNSCrypt, what are your thoughts on that?

I'd strongly recommend to reconsider that usage.

Pi-hole is not a firewall either - it is a DNS filter.
It can't serve as a replacement for a firewall.

The most important diffference is that a firewall sits at some gateway in your network where it is able to analyse all of your network's traffic that is passing through that gateway.

In contrast, a DNS filter like Pi-hole only ever sees the DNS traffic portion, and only from those clients that are willingly using it.

This means that it can sit anywhere in your network, as clients commonly will be configured to use it for DNS requests via various mechanisms like DHCP or RDNSS.
But this also means it's easy to by-pass a DNS filter, e.g. by manually configuring a client's OS for a public DNS server, or by running nslookup some.domain.com In a similar fashion, any piece of software could use an alternate DNS server.

A firewall would be the tool of choice to analyse and forcefully redirect DNS requests to a chosen DNS resolver.
If that's what you're after, you are barking up the wrong tree.
Instead, you should consider consulting the forums for your chosen firewall solution.

1 Like

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.