Comment on [deleted]
FutileRecipe@lemmy.world 1 year agoWith Unbound, you can set it up as a recursive DNS server. Hence, cutting out the middle man. docs.pi-hole.net/guides/dns/unbound/
Comment on [deleted]
FutileRecipe@lemmy.world 1 year agoWith Unbound, you can set it up as a recursive DNS server. Hence, cutting out the middle man. docs.pi-hole.net/guides/dns/unbound/
Vexz@kbin.social 1 year ago
You don't cut the middle man, you create the middle man with Unbound. And Unbound needs to ask other DNS servers on the internet to resolve DNS queries. Your local DNS server can't just magically know which IP is behind a domain like for example google.com. It needs to ask other DNS servers that know the answer. So unless you're not using hyperlocal you will always need a DNS server on the internet to browse the web.
FutileRecipe@lemmy.world 1 year ago
tl;dr: Cut out Cloudfare’s recursive resolver (or anyone else’s) and run your own via PiHole and Unbound.
Umm, Unbound is on your machine. So you’re saying you are your own middle man lol…which is the same as cutting out the middle man as you (rather, your server) are you.
It asks the authoritative nameservers, which is who external DNS servers ask. By using Unbound, you are cutting out those external DNS servers, because you/Unbound is the DNS server. You are asking the authoritative name server directly instead of inserting someone else to ask on your behalf.
I copy/pasted the above quote from the article you linked. Again, Unbound (your machine) is asking the DNS nameserver. You’re saying you are your own middleman lol. I’m saying cut out Cloudfare’s recursive resolver and run your own via PiHole and Unbound. Did you read the article I linked?
Vexz@kbin.social 1 year ago
Tell me you didn't read the article without telling me you didn't read the article. Let me point out the relevant part for you:
"A recursive resolver (also known as a DNS recursor) is the first stop in a DNS query. The recursive resolver acts as a middleman between a client and a DNS nameserver. After receiving a DNS query from a web client, a recursive resolver will either respond with cached data, or send a request to a root nameserver, [...]"
See that last part with "or send a request to a root nameserver"? That is the DNS server on the internet your Unbound DNS server will ask if it doesn't have the answer cached for you already.
Exactly! Since the Unbound DNS server is your server you created your middle man server yourself. "middle man" has a very negative taste but in this case it really isn't bad at all.
Okay, so you get it but you don't get it fully. Again: Your Unbound DNS server can't magically know which IPs are behind a domain name. So what does it do? It asks a DNS server on the internet because they know the answer. When you Unbound DNS server got the answer it then tells your computer.
YES! And where do you think is the DNS server Unbound asks if it doesn't know the answer because it's not cached yet? It's some server on the internet.
I said you create your own middle man. Unbound is your middle man in this case because you make it look up the IPs behind the domains and it tells your computer these IPs then.
Instead of:
<Client> --> asks --> <DNS server on the internet> --> answers --> <Client>
You do:
<Client> --> asks --> <Unbound DNS (the middle man)> --> asks --> <DNS server on the internet> --> answers --> <Unbound DNS (the middle man)> --> answers --> <Client>
Let me say it again: Your Unbound DNS server being the middle man isn't a bad thing so please don't think "middle man" is always a negative term.
I just linked Cloudflare's article about it because they explain it well. Doesn't mean one must use Cloudflare's DNS servers.
Yes, I did. But I knew what a recursive resolver is before I checked the link because I'm a professional IT administrator and I know how DNS works. It's part of my job.