Does anyone know how to set the specific upstream DNS servers that Unbound uses in conjunction with Pi-Hole? We use specific public DNS servers to control traffic and want to maintain this with Pi-Hole and Unbound. I guess the better question is, which .conf file do we add our specific public DNS servers that will be used by Unbound?
Example: If we wanted to only use Google DNS servers (8.8.8.8 / 8.8.4.4), which .conf file would we modify to achieve using these two public DNS servers exclusively?
I'm curious why you would add the complexity of unbound when pi-hole can already point to other upstream DNS, even custom ones. What do you believe unbound will give you that isn't already baked into pi-hole?
Or why did you install unbound if you dont want to use its recursive capabilities?
pi@ph5b:~ $ sudo unbound-control lookup net.
The following name servers are used for lookup of net.
;rrset 76703 13 0 2 0
net. 76703 IN NS e.gtld-servers.net.
net. 76703 IN NS f.gtld-servers.net.
net. 76703 IN NS m.gtld-servers.net.
net. 76703 IN NS i.gtld-servers.net.
net. 76703 IN NS j.gtld-servers.net.
net. 76703 IN NS b.gtld-servers.net.
net. 76703 IN NS a.gtld-servers.net.
net. 76703 IN NS c.gtld-servers.net.
net. 76703 IN NS k.gtld-servers.net.
net. 76703 IN NS h.gtld-servers.net.
net. 76703 IN NS l.gtld-servers.net.
net. 76703 IN NS g.gtld-servers.net.
net. 76703 IN NS d.gtld-servers.net.
[..]
pi@ph5b:~ $ sudo unbound-control lookup pi-hole.net.
The following name servers are used for lookup of pi-hole.net.
;rrset 1415 4 0 7 3
pi-hole.net. 1415 IN NS ns1.pi-hole.net.
pi-hole.net. 1415 IN NS ns2.pi-hole.net.
pi-hole.net. 1415 IN NS ns3.pi-hole.net.
pi-hole.net. 1415 IN NS ns4.pi-hole.net.
[..]
Good question. We want the anonymity that Unbound provides while still maintaining our specific public DNS settings of our specific public DNS servers. Thanks.
Unbound doesnt provide anonymity.
All traffic is unencrypted and any DNS server thats addressed knows who you are.
Where did you read Unbound provides anonymity?
Better read up why there is an Unbound guide for Pi-hole and what it means to lookup DNS names recursively like Unbound from the official guide does:
I have read the Pi-Hole documentation, but admittedly, I may still have an unrealistic expectation of the benefits of using our own recursive DNS server. I will pause this effort and continuing researching whether Unbound really provides a benefit for us, as it may not. I appreciate your feedback. Thanks.
In short, Pi-hole doesnt lookup names recursively.
It only addresses the nameservers that you configured for Pi-hole.
Unbound on the other hand does it differently if configured correctly.
It queries the DNS tree from the root all the way up to the authoritative DNS servers for a particular domain.
So it addresses a whole bunch of DNS servers.
Below is a rudimentary sketch but it will do trying to explain (DNS server=Unbound):
