Networking tutorials on YT in a nutshell: - This is a computer! We must first switch on the computer! Then reach over and touch the mouse! - I'm going to change the attributes on this API here, then update the libraries for the database, which will allow more data visualization to take place on the next step, where we'll be able add identifiers and self closing tags to optimize the backend of the framework for the web server. This only works for version 1.6.344 of course!
Here, I'll teach you how to build a custom emulator for the PS5. First, you'll want to own a copy of an original PS5 game.. Now, I'm just going to assume you're already familiar with all the steps required to rip the files, choose an IDE, write the emulator, compile your code and start your custom application on compatible hardware. Then just hit "Enter" on the main screen and you're all set to play copies of your games on your PC! Please subscribe for more tutorials.
I was trying I way I would like setting this up. I don’t have unbound on the quality server running pole and running it that way within itself and then as far as the other systems, I have it pointing internally within our data center, and then also a MPLS between my home and the outside world which works for us again I think of it with, also using something similar to DNS filters product and some other solutions is the best way to secure your information seeing what’s on your information network also like that I can also pair this and docking thing as well
Showing this I have been looking at different ways to re-organizing our infrastructure as well as my home lab I have actually have pi installed in the cloud on our own servers as well as smaller versions of it on smaller devices, service quality commercial, but allowing us of the number of traffic that we have on it, I have found a pie is very easy to use and for those who are used to working with Cisco and all the flavors in betweenRoehling recommend putting pie hole on base if you have a lot of endpoint but a small thin server will work just as well and easily handles 200+ devices as well as in points and additional layers of that you can have one device and by pairing with Docker. Again thank
Nice video and good instructions. Some advice: Make sure that all the text you are pasting from somewhere can easily be reached, given the video! You can put all this info in description or create a github repository that would contain all the information and files needed, this is egregiously hard to follow.
I have been trying to run pihole and unbound as docker containers with traefik. So far I was not successful. Could you show how to integrate unbound as a docker container in your setup of traefik and pihole?
I'm watching this again after half year and I wonder if it's possible to completely migrate Unbound (config+caches) to new/different host/VM/CT? I'm getting about 11 000 cache hits, so it's working pretty well :D
@badpickle2347, create a topic on the VHT forums here: www.virtualizationhowto.com/community and I can give you more personalized help. Thank you for your comment!
I have found Technitium is much more robust and has DOH and AD blocking and custom blocking built in. The entire thing is administrated in a web page an runs on raspberry pi too.
Technitium (on HomeLab as recursive DNS w/ DoT, DoH and Sinkhole for advertisement) + FQDN on Cloudflare + Ngnix PM (For handling wildcard SSL Certificates)? If you make that video, it'll be mind blowing
DOT and DOH are available for client devices which connects to Unbound. But how exactly unbound improves privacy? All requests to root servers are not encrypted, it still will use DNSSEC to ensure that response was not modified, but your ISP (and anyone who can read your traffic) will see what requests Unbound is making. And yes, each recurse DNS request takes more time (30 times more in comparison with Cloudflare DNS), unbound will cache response, but for short time (15 min?). So - it is slow and does not add privacy. But in Forwarding Mode to Cloudflare or quad9 (for example) using DOT, you will get really fast DNS and much more privacy.
MacGyver, good points here all the way around, privacy is only as good as the weakest link. I think the sweet spot for unbound for sure is as a caching server and as you mention forwarding to another upstream DNS. It is cool that you can bypass and send to any servers you want, including root DNS though which I find interesting.
There is a docker-compose file to install both in one run.. everything is setup and you simply log into the web admin interfacr.. I got it running for my ansible docker play..
great video! for some reason when i check unbound as Upstream DNS Servers it cant no longer resolve local network DNS with SSL certificate (Nginx Proxy Manager/Let's Encrypt). any ideas on why?
I use unbound on pfsense, I will need to do more research on how to use what you are teaching on pfsense. One thing I find strange is often when I point my desktop dns to my DNS server, UA-cam will be in restricted mode. All comments will be unavailable.
hi sir but you didn't explain the point of exposing port 53 and how to prevent people from using our dns : i am running ubuntu on oracle cloud and i want to allow just people i know to use my dns but if i open port 53 i will end with unknown people using my dns and i don't want to use vpn as solution or tailscale i want to allow just a specefic devices to use it based on mac address not on ip
Younes, I have seen some solutions to use MAC addresses for filtering, but keep in mind this is not a very secure way of restricting traffic. there are some easy tools out there to change a MAC to anything you want it to be. so wouldn't take a lot to bypass this type fo security. I would recommend not trying to expose a DNS server to the public honestly as the big vendors out there have better means for securing public DNS than we do. However, can I ask what your use case is? Is there a reason you wouldn't want to use a VPN or site-to-site VPN for securing this type of connection?
@@VirtualizationHowto thanks for answering me my first issue is that i don't have a router support vpn and i don't want to configure each device one by one to use my dns i am just searching for the best solution for security i can expose the port 53 and i will not ending with unknown people using my dns and me and my family we don't have a static ip so for this reason i want just secure my instance and use the ip address as dns
Will this work for my local and lab name resolution also or will I have to run this and point my windows DNS server to this and itself to resolve both internal and external device?
Seems to be working, but if I type "unbound-control status" I get "Error setting up SSL_CTX client cert". How do I fix that? Thanks for the great video.
I am totally going to give this a try. I am currently using Adguard Home and have a second instance running on a backup server as setup by mostlychris ua-cam.com/video/KABWpAfyqss/v-deo.html I was wondering if you could do a video on how to make unbound highly available (if possible)? Assuming I can get this working with Adguard, this would create a single point of failure for my DNS. I'd like to have a backup instance of unbound running on the backup server with automatic failover in the event the primary goes down.
Why are you using docker containers for everything? It's an extra point of failure, it's less secure, it's out of your control, it's a huge inefficient resources hog compared to just plain Debian minimal server use. All this even on VM, wow, your electricity bill or energy footprint seem to not matter to you do they?
vm and docker do not really add up that much cpu overhead. vm has direct access to CPU cores, and docker is simply isolation of processes inside the linux OS. RAM on the other hand is a different issue.
@epictetus8028 great question....the main reason is I like to play around with lots of different solutions so I find myself configuring, and reconfiguring...I love PA and definitely one of my favorite security solutions, especially their DNS filtering
Networking tutorials on YT in a nutshell:
- This is a computer! We must first switch on the computer! Then reach over and touch the mouse!
- I'm going to change the attributes on this API here, then update the libraries for the database, which will allow more data visualization to take place on the next step, where we'll be able add identifiers and self closing tags to optimize the backend of the framework for the web server. This only works for version 1.6.344 of course!
Here, I'll teach you how to build a custom emulator for the PS5. First, you'll want to own a copy of an original PS5 game.. Now, I'm just going to assume you're already familiar with all the steps required to rip the files, choose an IDE, write the emulator, compile your code and start your custom application on compatible hardware. Then just hit "Enter" on the main screen and you're all set to play copies of your games on your PC! Please subscribe for more tutorials.
Any you must have pink, blue, or purple LED lighting in the background. A home lab will not work without LED lighting.
PiHole + UnBound + LAN-Cache = Dream setup.
I was trying I way I would like setting this up. I don’t have unbound on the quality server running pole and running it that way within itself and then as far as the other systems, I have it pointing internally within our data center, and then also a MPLS between my home and the outside world which works for us again I think of it with, also using something similar to DNS filters product and some other solutions is the best way to secure your information seeing what’s on your information network also like that I can also pair this and docking thing as well
Awesome tutorial. Im using Pi-Hole with Unbound in a Proxmox container and this works perfectly for me.
Are they pihole and unbound running in the same container (lxc), or do you have two lxc's
Showing this I have been looking at different ways to re-organizing our infrastructure as well as my home lab I have actually have pi installed in the cloud on our own servers as well as smaller versions of it on smaller devices, service quality commercial, but allowing us of the number of traffic that we have on it, I have found a pie is very easy to use and for those who are used to working with Cisco and all the flavors in betweenRoehling recommend putting pie hole on base if you have a lot of endpoint but a small thin server will work just as well and easily handles 200+ devices as well as in points and additional layers of that you can have one device and by pairing with Docker. Again thank
Great !. The only thing missing for everyone to get into it is the cron suggested for the reload of the root servers. Thanks
Nice video and good instructions.
Some advice:
Make sure that all the text you are pasting from somewhere can easily be reached, given the video! You can put all this info in description or create a github repository that would contain all the information and files needed, this is egregiously hard to follow.
Hi Brandon, thanks for your inspiration 🙂A video about Technitium DNS (like your article) would be nice.
10:24 I hate to be that guy, but the quick response there is because the DNS lookup is first hitting the local DNS client cache on Windows 11.
Would be nice to be able to copy and paste the commands from your description .-.
Fantastic video, Brandon! Thank you for sharing your experience. May I ask you questions in the future?
I have been trying to run pihole and unbound as docker containers with traefik. So far I was not successful. Could you show how to integrate unbound as a docker container in your setup of traefik and pihole?
I'm watching this again after half year and I wonder if it's possible to completely migrate Unbound (config+caches) to new/different host/VM/CT?
I'm getting about 11 000 cache hits, so it's working pretty well :D
Nice video Brandon, can you share you docker-compose file?!
It's always DNS.
Jeremy, yes it is :)
Omg I can't count the sys admin call ins for that at a uni campus. Huge.
i can never figure out how to follow this guide. Seem to be missing steps or other prerequisite i'm not aware of. intriguing
@badpickle2347, create a topic on the VHT forums here: www.virtualizationhowto.com/community and I can give you more personalized help. Thank you for your comment!
Excellent video on unbound. Could you do the same video for Adguard Home. That would be a great addition I think.
Sounds good Vincent, will keep that in mind for sure.
I was going to switch from adgaurd to pie hole to do this, is adgaurd better, have you tried both?
@@Lee-wh3ht I tried Adguard but I just didn't care for it, mainly based on the interface. I went with Pi-hole and unbound. Been very happy with it.
I have found Technitium is much more robust and has DOH and AD blocking and custom blocking built in. The entire thing is administrated in a web page an runs on raspberry pi too.
@tossacointoyourwitcher, thank you for your comment. Look for an upcoming post covering Technitium...definitely a great solution!
Technitium (on HomeLab as recursive DNS w/ DoT, DoH and Sinkhole for advertisement) + FQDN on Cloudflare + Ngnix PM (For handling wildcard SSL Certificates)? If you make that video, it'll be mind blowing
DOT and DOH are available for client devices which connects to Unbound.
But how exactly unbound improves privacy?
All requests to root servers are not encrypted, it still will use DNSSEC to ensure that response was not modified, but your ISP (and anyone who can read your traffic) will see what requests Unbound is making.
And yes, each recurse DNS request takes more time (30 times more in comparison with Cloudflare DNS), unbound will cache response, but for short time (15 min?).
So - it is slow and does not add privacy. But in Forwarding Mode to Cloudflare or quad9 (for example) using DOT, you will get really fast DNS and much more privacy.
MacGyver, good points here all the way around, privacy is only as good as the weakest link. I think the sweet spot for unbound for sure is as a caching server and as you mention forwarding to another upstream DNS. It is cool that you can bypass and send to any servers you want, including root DNS though which I find interesting.
Yeah, i think still having quad9 upstream is best practice
+1... I was going to post the same thing
Now do it using containers ! Please
There is a docker-compose file to install both in one run.. everything is setup and you simply log into the web admin interfacr..
I got it running for my ansible docker play..
Hello there
Would you consider to make a tutorial for a newbies on rpi - docker pihole + unbound?
Have a nice day
Good guide.
why you put sudo when root??
great video!
for some reason when i check unbound as Upstream DNS Servers it cant no longer resolve local network DNS with SSL certificate (Nginx Proxy Manager/Let's Encrypt).
any ideas on why?
Did you figure this out? I’m interested in a similar setup.
@@duduoson1306 gave up. I'm currently using pfsense HAproxy as my DNS resolver. Works perfectly. Pfsense has built-in Unbound support
cant find any hint in pihole docs about cron for unbound. is it not needed anymore ?
Are you running pihole container on the unbound server?
I use unbound on pfsense, I will need to do more research on how to use what you are teaching on pfsense. One thing I find strange is often when I point my desktop dns to my DNS server, UA-cam will be in restricted mode. All comments will be unavailable.
Rico, thanks for the comment! That is interesting on the restricted mode.
Why would we not want to use IP6 for this?
Good video.
hi sir tell me how i can enable safesearch through unbound and please share ith us the configuration
How can i use both Pi-hole and nginx-proxy-manager together as one DNS?
Hi
My DNS server is a HA MaaS region I still can use Pihole just as a filter if needed
hi sir but you didn't explain the point of exposing port 53 and how to prevent people from using our dns : i am running ubuntu on oracle cloud and i want to allow just people i know to use my dns but if i open port 53 i will end with unknown people using my dns and i don't want to use vpn as solution or tailscale i want to allow just a specefic devices to use it based on mac address not on ip
Younes, I have seen some solutions to use MAC addresses for filtering, but keep in mind this is not a very secure way of restricting traffic. there are some easy tools out there to change a MAC to anything you want it to be. so wouldn't take a lot to bypass this type fo security. I would recommend not trying to expose a DNS server to the public honestly as the big vendors out there have better means for securing public DNS than we do. However, can I ask what your use case is? Is there a reason you wouldn't want to use a VPN or site-to-site VPN for securing this type of connection?
@@VirtualizationHowto thanks for answering me my first issue is that i don't have a router support vpn and i don't want to configure each device one by one to use my dns i am just searching for the best solution for security i can expose the port 53 and i will not ending with unknown people using my dns and me and my family we don't have a static ip so for this reason i want just secure my instance and use the ip address as dns
Thanks.
Welcome!
NextDNS every day!
Will this work for my local and lab name resolution also or will I have to run this and point my windows DNS server to this and itself to resolve both internal and external device?
You can always configure your local DHCP server to send the address of your Pi-Hole as the DNS server at time of connection to the local network.
What? No O'Reilly book(s) to wade through? Lamorama.
Seems to be working, but if I type "unbound-control status" I get "Error setting up SSL_CTX client cert". How do I fix that? Thanks for the great video.
Robert, this usually means you are not running it with sudo. Give that a try and see if it helps. Thanks Robert!
I try, pihole, but the phones at home not resolve local like, home.pc.local
@yosoyestoyarto, thank you for the comment. Sign up on the VHT forums and we can discuss it further there: www.virtualizationhowto.com/community
I am totally going to give this a try. I am currently using Adguard Home and have a second instance running on a backup server as setup by mostlychris ua-cam.com/video/KABWpAfyqss/v-deo.html
I was wondering if you could do a video on how to make unbound highly available (if possible)? Assuming I can get this working with Adguard, this would create a single point of failure for my DNS. I'd like to have a backup instance of unbound running on the backup server with automatic failover in the event the primary goes down.
I disagree!!! Best DNS Server for Home Lab is Technitium ))))))
Why are you using docker containers for everything? It's an extra point of failure, it's less secure, it's out of your control, it's a huge inefficient resources hog compared to just plain Debian minimal server use. All this even on VM, wow, your electricity bill or energy footprint seem to not matter to you do they?
vm and docker do not really add up that much cpu overhead.
vm has direct access to CPU cores, and docker is simply isolation of processes inside the linux OS.
RAM on the other hand is a different issue.
I want easy and simple explanations, not these convoluted ultra complex explanations.
Why don't you run a DNS proxy on your Palo Alto?
@epictetus8028 great question....the main reason is I like to play around with lots of different solutions so I find myself configuring, and reconfiguring...I love PA and definitely one of my favorite security solutions, especially their DNS filtering