Why not use the root servers directly for Pi-hole?

I hope is uses the proper root servers a tm m, and not (evel) goolge or other commercial DNS forwarders that uses the same rootservers.

For that reason allone i left Dyndns.com whom sold itself to Oracle. Witch also initilaly started as a free service.

yes i can confirm that using the optional step in the guide downloads the proper root servers

Ok and now i’m waiting to get DNSFTL out of testing and not every time begging for money.

I will contribute, but not for beta’s.

BTW where can I find the extra step or guide. I hate being in the dark.

Redirecting... is the guide for the unbound setup. it requires you be on the dev branch pihole checkout dev

Thank you for the quick response.

Ok i did a quick reading, and I’m confused, Why should go first to google, OpenDNS, Level3, Norton, Cmodo, dnsWatch or Quad9 instead of directly to the rootservers. Cause al those are in the pad of the roorservers itself

https://www.netnod.se/i-root/what-are-root-name-servers

the reason is the rootservers change over time and some will go down for shorty p[eriods or be unreachable. using something like a ghoogle DNS takes all the stress of that away you plug in 8.8.8.8 and you have DNS. unbound works similarly that instead of google you are your own

There are 13 rootservers and as of 2018-05-30, the root server system consists of 922 instances operated by the 12 independent root server operators.

What’s importand the 13 root name servers are operated by 12 independent organisations.

Whereas the Pi-hole has only a few so-called reverse DNS servers Of witch are only commercial. Very strange for a program that’s a
blackhole for internet advertisements.

Pi- hole is now telling google, OpenDNS, Level3, Norton, Comodo, dnsWatch and Quad9 witch DNS and Ip addresses ** NOT** to use.

So much cleaner advertisement. And they can up the prices and tel the advertisers that there is a way around Pi-hole! Cause the have the DNS and ip addresses.

And don’t tell me they are not beneficial for the advertisement market…

Being your own resolver may introduce notable delays when querying domains for the first time. The big provider will, however, have the responses for google.com etc. already in their cache as many users are querying them.

Hence, to avoid people complaining about "since I installed Pi-hole, DNS resolution got much slower", the default way is to still use a standard upstream provider.
In fact, this is not a bad choice at all, you can use e.g. Google's upstream servers and this is perfectly fine. Becoming your own resolver is an altogether independent process that we made easy in a guide, but which is only meant for those who want to get more involved as they are concerned enough about privacy. There are hundreds of users that feel good with just using 8.8.8.8 or 1.1.1.1 and for them installing unbound would actually reduce their comfort due to the (sometimes) added delays.

Strange, i hoped for more honesty. Now I had to find out this way.

BTW every single computer has its own DNS cache, hence the cmd ‘ ipconfig /fushdns’

I find it misleading to use commercial companies, who benefit from pi-hole, to use in and advertising environment.

Notable delays, proof it. I don’t believe you. Or should I refer to the word ‘may’. I also may win the lottery…

Don’t get me wrong, the given options are no bad choice. But not in an advertisement blocking program. Now they know what NOT to use.

And BTW the standard IS using the root servers, they are completely fault tolerant and free to use, no commercial bindings and a lot more servers than the few of google. You can look it up in the RFC’s. Google tried to file an rfc for this but Its not gonna happen.

BTW If a root server does need to change addresses – something that has happened twice in the last ten years.

So the argument of changing ip addresses of the root server, and therefore use those commercial companies for pi-hole, Is to me non and void.

I'm not following your logic - perhaps I'm slow. "Pi_hole is now telling google, OpenDNS....which DNS and ip addresses not to use." Please clarify.

Users of PiHole are free to type in any upstream DNS provider IP they choose. They aren't limited to the pre-loaded IP addresses, and even if they use only those how does this indicate to the upstream DNS providers that you are running a PiHole and should change an IP address?

I've been running unbound as my local recursive resolver for privacy reasons, but I have several friends who use third party DNS servers with good results. I don't trust Google not to mine my DNS queries (all from my IP address) to sell more of my data; that's what led me first to Cloudflare and then to my own resolver.

2 Likes

Well, use those then:
http://www.root-servers.org/index.html

It might be difficult, since most the core central ones only accept connections from other DNS servers.
Hence the need for using the commercial ones.

You can't use the root servers as recursive DNS servers:

image

;; WARNING: recursion requested but not available

The root servers, like most authoritative servers, are configured to not do recursive resolution, which is what your ISP’s DNS servers (and other public ones) are set up for.

3 Likes

If you run unbound (or similar software) as your local DNS recursive resolver, you can use those and avoid the commercial third party third party DNS servers. But you can't just point to these from your PiHole.

(Oops, didn't refresh my page and didn't see RamSet's similar reply).

https://discourse.pi-hole.net/t/howto-using-pi-hole-as-lan-dns-server/533

And thats why big companies as MS only use the rootserver in their DNS and internet connections ?

So that it does not work…. No need for commercial DNS server, even not their own strange enough.

BTW, take google 23 nodes for DNS, rootserver 300 to 900 nodes

Reverse engineering, if you have 100 users registered and want them to do something, and 99 does, then what do you know about the one who does not and told you nothing..?

Just 1 very easy example

That’s thru you can type any upstream DNS, 2 ip4 and 2 ip6 And there are 13 (12) Rootservers. And as far as I know there no

Preloaded DNS server, just proposals. If there are preloaded DNS in Pi-hole and not changeable, I was not using Pi-hole and not having this discussion. I never have used the thing, maybe waited for some good things. But I think I ditched the whole thing and forget it.

Your information is very incorrect and I don't think it's a language barrier that is causing the confusion. If you do not use the Pi-hole as your DNS server, please do not come to our house and speak conjecture and false statements.

7 Likes

Here comes the point where I would like to see a proof for this statement from you. The root servers cannot be used to query arbitrary domains as they prohibit recursive resolution as already mentioned by @RamSet here:

https://discourse.pi-hole.net/t/add-the-ability-to-let-pi-hole-resolve-dns/2368/43?u=dl6er

I move this discussion to a new thread so we can continue discussing this matter without spaming this feature request. This thread will still be visible for everyone, we're not trying to hide anything.

2 Likes

If anyone is scared of being "harvested" by the commercial DNS resolver, they should use their ISP DNS.
Your ISP "knows" anyway all the activity you do, because your packets go trough it's server, but they don't rely on advertising to exist, they rely on you paying the bill.
Set your router to "Auto" acquire the DNS server, and type those numbers down. Then transplant those into the PiHole.

Example: I have Verizon FIOS, in my area the DNS IP's are 71.252.0.12 / 68.238.122.12 (they use Verizon Assist) or with .14 at the end without using Verizon Assist function.
Just don't try to use DNSSEC with them...