Use Unbound to Enhance the Privacy of Pi-Hole on a Raspberry Pi!
Вставка
- Опубліковано 22 сер 2024
- ✅ Written Instructions: www.wundertech...
🔔 Subscribe for more tech related tutorials and overviews: link.wundertec...
🚀 Product Recommendations: link.wundertec...
❤️ Check out our website: link.wundertec...
This tutorial will show how you can set up and configure Unbound on a Raspberry Pi! Increase the privacy of Pi-hole quickly and easily!
DISCLAIMER: The information in this video has been self-taught through years of technical tinkering. While we do our best to provide accurate, useful information, we make no guarantee that our viewers will achieve the same level of success. WunderTech does not assume liability nor responsibility to any person or entity with respect to damage caused directly or indirectly from its content or associated media. Use at your own risk.
WunderTech is a trade name of WunderTech, LLC.
Great tutorial. You might consider pausing briefly before hitting "enter" after your commands to give viewers a chance to see the command clearly.
Thanks for the excellent guide. Been running pi-hole for 6 months now and really like it but thought I might give Unbound an install as I'd read that they compliment each other nicely. All working first time so thank you :)
Thank you
Easy to understand, easy to deploy.
Amazing video. short, clear, and to the point. Thank you!
Glad that it helped, thank you for watching!
lol'd at 5:54 - "..pound sign ...or hashtag if you're younger.."
Pound sign is not same as # (and it’s not on my keypad) but maybe labelled as that on some PC Keyboards.
@@michaelbouckley4455 on UK locale made keyboards its a pound sign, US layouts its #
@@BoringThings2069 on UK keyboards in UK the pound sign is actually the pound sign (which I don’t have on this iPhone). # is somewhere else. On my Japanese keyboard laptop, mapped as US I have several wrong keys! But # is correct on shift 3
Not just for privacy, also helps prevent Denial of Service attacks.
Thanks for another great tutorial!
Thank you. it is true the internet seems slow
curious as to why use tee command instead of just directly sudo downloading the wget and output it to /var/lib/unbound/root.hints
Greetings WunderTech I want to thank you for having cleared my doubts with your tutorial, I would like you to do a tutorial for those of us who use IPv4 and IPv6. Thanks
I will add this to my list - thank you for watching!
Nice tutorial of pihole and recursive dns. I do have a comment about using a custom upstream. I saw that the IPv4 option was selected but not the ipv6 option. I’ve seen that this should be “::1#5353” or, 5335 without the quotes for custom #3. Is that important? Thanks again for a well modulated and informative tutorial.
If you're using IPv6, then yes, you can set it, however, most will only be using IPv4 so that's why it was set that way.
Hello
could you help and show this setup with docker pihole + unbound?
Actually the websites are opening much faster with unbound.
Great stuff thank you
Don't forget you can send DNS over TLS on UDP to further protect your requests.
Brilliant!
Great video and well explained BUT, after trying it on my new install using an Orange Pi zero 2 I get Pi hole to work but Unbound just kept giving me "Failed to start"
Not sure if this is because I'm using a Orange Pi zero 2 and not a Raspberry Pi or that perhaps something else has changed somewhere.
I can't say for certain since I haven't ever used an Orange Pi, but assuming the operating system is the same, I'd imagine that it should work. With that said, that's just a guess.
@@WunderTechTutorials I've flashed this as the OS Armbian_22.11.1_Orangepizero2_bullseye_edge_6.0.10.img
Soo dns is encrypted with unbound or not ?
No, you need to use DNS-over-HTTPS if you want encryption.
@@WunderTechTutorials i mean adguard home do it by default, is there a way to do it with pihole ? Idk if its really necessary too, maybe it will slow down my connection
@@WunderTechTutorials prople says : unbound (in forwarder mode) can be an option, how to do that ?
@@TREXYT docs.pi-hole.net/guides/dns/cloudflared/
@@WunderTechTutorials yes i've seen that, i think i won't use it since its for home network, and only my SIP can see my traffic, thanks a lot!
Appreciate the guide on this! I did properly get the SERVEFAIL and NOERROR messages for dnssec but I am noticing in my pi-hole data log that almost all queries and showing the Reply as REFUSED. Do you know if this is the expected result?
I don't believe that that's the expected result. Did you set it up on the local Raspberry Pi that's running Pi-hole?
@@WunderTechTutorials Thanks for the reply! I did have it configured on the local raspberry pi. What's strange is the test queries work without any issue so now it seems tough to try and diagnose. Any suggestions outside of starting over with a new raspbian lite image and starting over?
@@brentlaurin I wish I had a suggestion, but it's hard to say. The only thing I can think of is if you're using a firewall and haven't allowed access on the Unbound port (you can try this), but since you're accessing it locally, I'm not sure that would actually fix anything.
How can I use this with my pihole while also using Tailscale tunnel for my mobile devices? Do I add the tailscale ips?
I haven't had a chance to try out Tailscale yet, so I'm unfortunately not entirely sure. If you can set a Tailscale DNS server, I'd imagine you can just point it to the IP address of your Pi-hole install.
I subbed. I Commented on the pihole vid just then also. Great work.
I actually turn off my router every night... don’t need any extra rf signals polluting the air. Other than accurate and up to date stats, will Pihole still block and work correctly?
Thanks👍
Thanks so much! When you say "will it work", what exactly do you mean? Will Pi-hole work without the router? If so, no, it will not.
@@WunderTechTutorials sorry, what I meant was will it still be blocking sites in the list like it should...I thought that by turning it off it would need to re-cache all the sites. Well, even if so, that’s a minor thing, and I don’t really need to see constant stats, I’m mainly using it for my pi’s laying around the house, my actually devices and PC use NORD VPN, and they have their own dns servers. I did try using my pihole server on nordvpn (you can set your own dns), it works great
Thanks 👍
@@-someone-. Everything should stay as-is, so I wouldn't be too worried about that.
@@WunderTechTutorials hey! Sorry to bother you again, but I’m wondering can I use a picam at the same time? I set up pihole on diet pi. So maybe I’d have to run the set up again and add camera option? (I chose the minimal setup)
I usually set up a rtsp stream on my picams, but was also wondering would that affect the pihole in any way? The stream usually uses the IP address assigned to the pi, with a port number.
Thanks again
@@-someone-. I unfortunately haven't ever used picam so I'm afraid that I won't be much of a help. With that said, since it's an IP/port, as long as it's not a port conflict with Pi-hole, I don't think (educated guess) it will be a problem.
Could this be done on windows using docker, pihole and unbound. I have pihole set up on docker and i would like to use unbound. (Windows)
I'm sure that it can be - unfortunately, I'm not exactly sure what the differences are, but there's no reason off the top of my head why it shouldn't be possible.
it would be cool for a tutorial with adguard home + unbound in a docker
I will add it to my list!
5:46 all devices in my network loose internet access when i save the localhost ip with port
Hmm, it doesn't sound like Unbound is running. I would test it by pinging out to a DNS server (use Google's) and see if it's definitely DNS resolution.
only way i could get this to work without oodles of issues such as dnsmasq errors and servers could not be reached...was to change "5335" to "53" any input as to why?
Honestly, no, I'm not sure. The only way I've been able to get it to work (though I admit that I haven't tried any other way) is with 5335.
I have installed Unbound using docker (in Powershell) and have pointed my Pi-Hole instance (docker) to it as well, so far no problems at all. But I was wondering where all the files that must be generated over time are put.
I checked %AppData% and my C:\Users\LocalUser\ folder, but I can't find anything related to Unbound.
If anyone knows where it's filesystem is located I'd be very interested to hear.
I'm not exactly sure where it would be stored unfortunately. I haven't ever run Unbound in Docker, but I imagine it's in a volume mount somewhere.
Do you know how to get the latest Unbound version for RPi? The Raspbian repo doesn't list the latest Unbound version 14
Unfortunately, I am not sure 😞 You might be able to use a different repo, but the Raspbian one is the one that I always use.
is there any command to see if i have unbound installed ? i dont remember ;(
Another thing: So far i have Pi-Hole working on my pc but i want it to work on my mobile devices too... btw i dont have it installed in a raspberry my but in a synology NAS.... but is just the same config
Thanks for the tutorials
You can test it using this command: dpkg -s unbound
However, I will be honest in saying that I haven't set this up on a Synology yet, so I cannot promise that it will work. You might run into issues since the Synology implementation is generally implemented by using Docker.
Doesn't the Pi-Hole still need DNS forwarders? It still needs to query for itself right? What do you set those as?
Unbound queries root servers directly, so you shouldn't need to forward DNS.
@@WunderTechTutorials Thanks a lot!
Has anyone experienced drastic bandwidth drop after setting up both pi-hole and unbound? we used to get 250Meg/s via our fiber connection. After the setup, we only get about 20 meg per second . Any suggestions?
That's certainly strange as Pi-hole should only be used for DNS. Can you confirm that setting manual DNS on a device gets you back to your normal speeds?
I still see ISP IP in my Routers WAN IP settings. Is this correct or should it be showing something related to UNbound?
Yes, the ISP IP will always stay.
I need a bit of help... and if I installed PiHole in Docker, from an OpenMediaVault in a Raspberry Pi? How can I install Unbound with that setup?
I have set up Pi-hole on OMV, but unfortunately not with Unbound. I'm afraid I won't be much of a help for that reason - sorry about that 😞
@@WunderTechTutorials thanks for replying! Actually I installed OMV6 AND PiHole with your guide and it works flawlessly! I wondered about Unbound in that scenario. Would it be possible to add Unbound?
@@choro76 I'm sure it will be possible, I just haven't tried so I'm not exactly sure how it's done. I'll add it to my list for a possible future tutorial!
@@WunderTechTutorials thanks! Subscribed!
What I don't get is when unbound queries the root servers it sends those requests out in plain text right? So it kinda defeats the purpose of all this, or am I not fully understanding the process?
It's unfortunately not a simple answer. This explains it in detail: docs.pi-hole.net/guides/dns/unbound/
@@WunderTechTutorials I apologize, my question should have been.... Your ISP can still see your queries if you are using Unbound as your resolver, so if your goal is to escape your ISP this doesn't help correct? (The way to solve this would be to use DoT or DoH but then you'd have to use an upstream dns provider like cloudflare or google?)
Also, unbound is a recursive resolver which caches the queries, so isn't pihole's caching just redundant and can be turned off?
Im just trying to wrap my head around all the things. lol it seems what I need is to make my own upstream DNS resolver with HTTPS/TLS.
PS. Thank you for your reply!
@@gngn2973 The overall answer to your question is yes - DNS over HTTPS will hide your traffic from your ISP. Unbound will hide your traffic from DNS providers like Google or Cloudflare, but not your ISP.
nice on
how do i keep them synchronized ?
You need to set up two Pi-hole devices and set them both as the primary/secondary DNS servers.
@@jcw232000 Wherever you are setting the DNS servers. Either the device or router.
@@jcw232000 No, on your router or wherever the primary and secondary DNS servers are set, you have to use both IPs there.
ok so what do I do if my pihole isnt working when i run the dig command. I keep getting back "nxdomain" instead of "NOERROR"
That would mean that something in one of the steps above didn't configure properly. Is the file you created exactly as shown in the written instructions?
im always getting servfail when i set up inbound.
already flush new OS several time :(
Sorry to hear :(
That can be many different things unfortunately. This is a great thread that discusses it - can you try some of the items here? github.com/NLnetLabs/unbound/issues/98
does this tutorial use DNS over HTTPS?
It is not DNS-over-HTTPS (though you can configure it), but it's slightly complicated because Unbound is a recursive DNS server. So technically, the queries are private to you, but to answer your question, no, this does not use DNS-over-HTTPS.
@@WunderTechTutorials is it recommended to to set up DoH? Or is unbound secure enough? Sorry I'm very new at using pihole.
@@twistedfreak712 It's hard for me to answer that because they're different. I would say that if you trust your local network, you're probably fine just using Unbound, but the truthful answer is "it depends".
so if I use unbound, I won't be able to use Opendns for my network?
Yes, if you're using OpenDNS as the upstream DNS provider, this will replace that.
@@WunderTechTutorials so no I won't be able to keep using OpenDns?
@@macster1457 No, it will be one or the other (if you want to get the benefit of Unbound, that is).
@@WunderTechTutorials oh I see.. thank you.
i think it made my shit faster thanks bro
You forgot to uncomment #root-hints
I wonder, when this is about data privacy, why is it your website are trying to collect so much data as possible about, your video is about Privacy and yet, you website is loaded with tracking technology?
The website wasn't really monetized for over a year. The tracking comes from the ad partner I am using and was put in place to generate income to create new tutorials with new products (which will be coming soon). I'm sorry for the inconvenience, but my goal is to create valuable content and outside of asking for donations (or setting up a Patreon which has its own downsides), this is what I decided was best.