Comment on DNS server
InnerScientist@lemmy.world 3 weeks agoThere are 13 root name servers, they container info about which DNS is authorative (can tell you about) a given TLD (like .com or .de) then that repeats for every part of your query with that given server.
Something. Foo. Bar. Com. (<root name server>) ^ most of the time the same as. ^ DNS for baz or bar dns again ^ DNS for Bar ^ DNS server for the .com tld ^ the one unbound asks first, not part of the domain
The root server ips are known to unbound and static.
Then it will ask that server? Like I said unbound remove the middle man and somewhat increases privacy (debatable if only you use it but anyway)
Onomatopoeia@lemmy.cafe 2 weeks ago
Ah, unbound has the root DNS servers hard coded. That’s a significant point.
Any reason you couldn’t do the same with any other DNS server such as PiHole?
I’m really trying to understand why I’d run two DNS servers in serial, instead of one. All this sounds like it’s just a different config that’s been built in - is there something else I’m missing that unbound does differently?
InnerScientist@lemmy.world 2 weeks ago
Because pi-hole asks the configured DNS the whole domain, the root server will promptly <access denied> because that’s not how DNS is supposed to work.
There’s a difference between asking about the individual domain parts of the domain to the corresponding authorative DNS server and just sending the whole thing to a root server. If you did that then the root server would get ddosed to death.
Pi-hole can’t ask the root servers, it can only forward. Unbound can forward or be authorative or ask the root servers or do all of those at once.