tl;dr What are the pros and cons of hosting your own DNS server via unbound (for the purposes of privacy)?
I am concerned that there may be misinformation being spread about self-hosting (not for a website) your own DNS sever. Please help me to clear up my own confusion/point me to what I need to learn to begin to understand and discern for myself.
I frequent subreddits such as r/pihole, r/privacytoolsIO, r/privacy, and r/theprivacymachine. Occasionally people recommend self-hosting your own DNS server on your LAN for the purpose of not giving your internet history to recursive DNS servers (think CloudFlare, Google, Quad9, NextDNS, etc.) and minimizing the requests that you’re sending out by having a local cache.
Here is the usual recommended setup: Unbound with DNSSEC and a cache. They recommend not forwarding requests to recursive DNS servers, however, wouldn’t this make my network traffic stand out more than if I had discerningly picked a handful of privacy-respecting recursive DNS servers in my Unbound configuration? Additionally, the only guide I have found that has included properly setting up TLS certificates has been this one: https://www.ctrl.blog/entry/unbound-tls-forwarding.html
I am currently using the following setup: https://docs.pi-hole.net/guides/unbound/
Based on my reading so far I think I should be using:
Please help an ignorant layman learn to understand this for himself, so I can take my own threat model and understand fully what I’m doing here.
submitted by /u/DavidJAntifacebook
Powered by WPeMatico