Does it make sense?
I am using quad9 Secured w/ECS: Malware blocking, DNSSEC Validation, ECS enabled
on my pi-hole for IPv4 and IPv6.
Would it make sense setting up Pi-hole as a recursive DNS server solution?
pihole unbound
Does it work? What happens? Would unbound on pihole bypass quad9 upstream dns server?
I set up Unbound using that guide. It works great. Follow the guide methodically all the way through. Once done, you will have turned off Quad9 and will be using your own Unbound instance on localhost as the only upstream DNS for Pi-hole.
Doing this means that you are no longer sending your domain lookups to Quad9. You will be performing them recursively yourself from your Pi-hole device.
This gives you more privacy since there is no third-party able to see your lookups. Quad9 appears to have a good stance on privacy (doesn't log IP addresses, mainly counts query types), while Google stores temporary and permanent logs as detailed in their privacy policy.
If you are making use of Quad9's filtered DNS services you would lose that, so something to consider.
If you configure unbound as a recursive server, it will go directly to the authoritative nameservers and not use Quad9.
If you still want to use Quad 9 with unbound, configure unbound as a forwarding resolver. The following lines added to the unbound Pi-hole configuration file will set up unbound to forward (using TLS) all queries to Quad 9.
forward-zone:
name: "."
forward-tls-upstream: yes
# Quad9
forward-addr: 9.9.9.9@853#dns.quad9.net
forward-addr: 149.112.112.112@853#dns.quad9.net
Replace the specific IP's with the IP's for the flavor of Quad9 you want to use.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.