[Advanced] Running your own DNS server alongside Pi-hole

I've already discussed how I think Pi-hole is a must-have for any home network, but for those who would like to take their privacy up another step there's the option to run your own recursive DNS resolver with Unbound.

But I thought Pi-hole was a DNS server??

Well it is and it isn't. Pi-hole handles all your DNS queries and filters out the domains on the block list, but sends permitted domains on to a recursive DNS server of your choice.

The default option is Google's DNS servers (8.8.8.8 and 8.8.4.4) which are speedy and reliable servers, but as with all things Google, leave a bit to be desired on the privacy front. There are more privacy-respecting options built-in, like DNS.WATCH, Quad9, and Cloudflare which are perfectly acceptable options, but you still have to trust that they won't change their privacy policies in the future.

Running Your Own Recursive DNS Server

Luckily for those who don't mind spending a few minutes in the terminal, there is the option of running your own recursive DNS server. There are many options available, but Unbound is a simple, lightweight, open-source option that can easily be run alongside Pi-hole on something like a Raspberry Pi without issue. The official Pi-hole docs contain a handy guide to doing just that.

Credit: Pi-hole blog (https://pi-hole.net/2018/06/09/ftldns-and-unbound-combined-for-your-own-all-around-dns-solution/)

Benefits to Running Your Own DNS Server

  • Privacy - all DNS requests are done between your local server and the root DNS servers
  • Speed - for domains you frequent, IP addresses are stored in the cache and return in a few milliseconds instead of a request going out and back with the results
  • Nerd bragging rights

Drawbacks to Running Your Own DNS Server

  • Speed - for domains that you don't frequent and aren't in the cache, the query to root DNS servers can take around 1 second (for public DNS servers, chances are that someone has already queried that domain and it's already in the cache)
  • Another peice in the chain that could break
  • Requires occasional maintenance - like keeping the system up to date as well as the list of root level servers.

Thanks again to the Pi-hole team for their hard work and their blog post that inspired me to setup Unbound on my Raspberry Pi!

Show Comments