Want to increase being safe when surfing the internet?
Want to minimize the number of DNS lookup requests leaving your network?
Stay tuned and I will show you how
• Removing Cloudflare client
sudo systemctl stop cloudflared
• Verify it is stopped
sudo systemctl status cloudflared
• uninstall service
Sudo cloudflared service uninstall
Install Unbound
sudo apt install unbound
Sudo nano /etc/unbound/unbound.conf.d/pi-hole.conf
server:
# If no logfile is specified, syslog is used
# logfile: “/var/log/unbound/unbound.log”
verbosity: 0
interface: 127.0.0.1
port: 5335
do-ip4: yes
do-udp: yes
do-tcp: yes
# May be set to yes if you have IPv6 connectivity
do-ip6: no
# You want to leave this to no unless you have *native* IPv6. With 6to4 and
# Terredo tunnels your web browser should favor IPv4 for the same reasons
prefer-ip6: no
# Use this only when you downloaded the list of primary root servers!
# If you use the default dns-root-data package, unbound will find it automatically
#root-hints: “/var/lib/unbound/root.hints”
# Trust glue only if it is within the server’s authority
harden-glue: yes
# Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
harden-dnssec-stripped: yes
# Don’t use Capitalization randomization as it known to cause DNSSEC issues sometimes
# see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
use-caps-for-id: no
# Reduce EDNS reassembly buffer size.
# Suggested by the unbound man page to reduce fragmentation reassembly problems
edns-buffer-size: 1472
# Perform prefetching of close to expired message cache entries
# This only applies to domains that have been frequently queried
prefetch: yes
# One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.
num-threads: 1
# Ensure kernel buffer is large enough to not lose messages in traffic spikes
so-rcvbuf: 1m
# Ensure privacy of local IP ranges
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
private-address: 172.16.0.0/12
private-address: 10.0.0.0/8
private-address: fd00::/8
private-address: fe80::/10
Start your local recursive server and test that it’s operational:
sudo service unbound restart
dig pi-hole.net @127.0.0.1 -p 5335
You can test DNSSEC validation using
dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5335
dig sigok.verteiltesysteme.net @127.0.0.1 -p 5335
Finally, configure Pi-hole to use your recursive DNS server by specifying 127.0.0.1#5335 as the Custom DNS (IPv4):
⏱️TIMESTAMPS⏱️
0:00 – Intro
0:59 – What we will be covering
1:23 – What is Unbound
4:35 – Transitioning from Cloudflare to Unbound
5:45 – Unbound install
8:52 – Summary
================================================
*** Show Notes, Links and Resources ****
Here are the items mentioned in this video –
CanaKit Raspberry Pi 4 2GB Basic Starter Kit with Fan (2GB RAM)
https://amzn.to/35QBB8I
$63
———————————–
Click on this link to get the
SmartHome Account Creation Checklist
http://eepurl.com/go4fVP
➥➥➥ SUBSCRIBE FOR MORE VIDEOS ➥➥➥
Never miss a video about creating your own smart home
Subscribe ⇢ http://ronaldnutter.com/subscribe
To listen to an audio version of this episode while driving, TechBytes with Ron Nutter is available on iTunes, Google Podcasts, Stitcher and TuneIn. Go to TechByteswithRonNutter.com to subscribe today!
To subscribe to the TechbytesRN newsletter, click here – http://ronaldnutter.com/sample1
In return for subscribing to the newsletter, I will send you a chapter from my first DIY Smart Home Guide Book.
Visit http://www.ronaldnutter.com to see all the books Ron has written
DISCLAIMER: This video and description contains affiliate links, which means that if you click on one of the product links, I’ll receive a small commission. This helps support the channel and allows me to continue to make videos like this. Thank you for the support!
*===============================*
Become a Patreon supporter
https://www.patreon.com/techbytesrn
*===============================*
#TechBytesRN #smarthome #PiHole #Unbound
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | TuneIn | RSS