this post was submitted on 05 Nov 2024
1 points (100.0% liked)

Pi-hole® - A black hole for Internet Advertisements

6 readers
1 users here now

"The Pi-hole® is a DNS sinkhole that protects your devices from unwanted content" Please read the rules before posting, thanks!.

founded 1 year ago
MODERATORS
[email protected]
1
How to setup Unbound to use DNS over TLS on Alma Linux (zerobytes.monster)
submitted 1 week ago by [email protected] to c/[email protected]
0 comments fedilink hide all child comments
 
The original post: /r/pihole by /u/benuski on 2024-11-05 00:14:35.

Hello! This may be common knowledge, but I wanted to share my configuration that sets up Unbound to forward queries to an upstream provider using DNS over TLS. There is a guide on the Pihole site for cloudflared, but as team members said in the comments here that this is only because someone wrote it and made a pull request for it to be integrated.

I started with the basic Alma Linux LXC container and the provided Unbound configuration provided on the Pihole docs site, and added the DNS over TLS configuration at the bottom.

 # TLS settings
 tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

Forward all queries over TLS

forward-zone: name: "." forward-tls-upstream: yes # Cloudflare DNS over TLS # forward-addr: 1.1.1.1@853#cloudflare-dns.com # forward-addr: 1.0.0.1@853#cloudflare-dns.com # Quad9 DNS over TLS forward-addr: 9.9.9.9@853#dns.quad9.net forward-addr: 149.112.112.112@853#dns.quad9.net

By default, this setup does not fallback to recursive resolution of DNS requests by the root nameservers, though you can configure to do so if you wish.

Hope this helps, and any tweaks or suggestions are welcome!

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here