Hi,
i just installed pi-hole and now i'm real excited about it - great project and flewless install!
Now I thought, that I don't want to forward my requests - neither to google nor to quad9 or my isp.
I've used my own self resolving DNS in my LAN and couldn't find any disadvantage with the bonus that no censorship/logging.
Why is pi-hole actually forwarding and not resolving on its own?
br
Pi-hole forwards every unblocked request.
I know that it forwards - I can select from google and quad9 to custom..
My question is:
What is the reason for forwarding to another server and not resolving via root&autoritative DNS on its own?
Pi-hole is not meant to be an authoritative server as it's out of the current scope of the project. If users want to use their own authoritative server, they can select it as a custom upstream server.
thank you jacob for stating out, that it's out of focus, that is an answer for me why it is not implemented.
So, does anyone can name me a reason why it would be a bad idea to run a resolver locally instead of useing google/quad9/isps dns?
Why should it be a bad idea? As long as you know what you're doing, experiment.
i don't know why it could be bad, that's the reason why i'm asking...
i hust thought, that there is a reason, because if not every machine would resolve on its own - in the past this could be a ressource problem, but today? even my alarm clock would be able to run a dns resolver -.-
I used to do exactly this (run my own resolving DNS on Pfsense) and it works fine.. only problem is that on average, it will be worse than using large public forwarders in terms of performance because you won't benefit from the large shared cache. Large public DNS have lots of users that hit a wide variety of domains, which are then cached.. you are very likely to hit a cached result when using one of these large public DNS servers, whereas when running your own server locally, there will be more instances where the result isn't cached or has aged out of cache, requiring a root query which takes longer.
With, e.g., unbound as your resolver, you can benefit from preteching. Once your cache has been sufficiently filled, it makes sure that frequently queried domains will always be up to date and don't expire from the cache. This, of course, does not apply to sites you visit for the first time.