This has benefits and drawbacks:īenefit: Privacy - as you're directly contacting the responsive servers, no server can fully log the exact paths you're going, as e.g. It is obvious that the methods are very different and the own recursion is more involved than "just" asking some upstream server. You can easily imagine even longer chains for subdomains as the query process continues until your recursive resolver reaches the authoritative server for the zone that contains the queried domain name. Your recursive server will send the reply to your Pi-hole which will, in turn, reply to your client and tell it the answer to its request.The authoritative server will answer with the IP address of the domain.Your recursive server will send a query to the authoritative name servers: "What is the IP of ?".The TLD server answers with a referral to the authoritative name servers for.Your recursive server will send a query to one of the TLD DNS servers for.The root server answers with a referral to the TLD servers for.Your recursive server will send a query to the DNS root servers: "Who is handling.is true in our example, the Pi-hole delegates the request to the (local) recursive DNS resolver. Lastly, your Pi-hole will save the answer in its cache to be able to respond faster if any of your clients queries the same domain again.Īfter you set up your Pi-hole as described in this guide, this procedure changes notably:.
UNBOUND DNS HOW TO
In only a few simple steps, we will describe how to set up your own recursive DNS server. On behalf of the client, the recursive DNS server will traverse the path of the domain across the Internet to deliver the answer to the question. Recursive name servers, in contrast, resolve any query they receive by consulting the servers authoritative for this query by traversing the domain.Įxample: We want to resolve. If I'm the authoritative server for, e.g.,, then I know which IP is the correct answer for a query. The first distinction we have to be aware of is whether a DNS server is authoritative or not. When you operate your own (tiny) recursive DNS server, then the likeliness of getting affected by such an attack is greatly reduced. This scenario has already happened and it isn't unlikely to happen again.
Instead of your bank's actual IP address, you could be sent to a phishing site hosted on some island.
UNBOUND DNS FREE
However, as has been mentioned by several users in the past, this leads to some privacy concerns as it ultimately raises the question: Whom can you trust? Recently, more and more small (and not so small) DNS upstream providers have appeared on the market, advertising free and private DNS service, but how can you know that they keep their promises? Right, you can't.įurthermore, from the point of an attacker, the DNS servers of larger providers are very worthwhile targets, as they only need to poison one DNS server, but millions of users might be affected. After applying the blocking lists, it forwards requests made by the clients to configured upstream DNS server(s). Pi-hole includes a caching and forwarding DNS server, now known as FTL DNS. Unbound Pi-hole as All-Around DNS Solution ¶ The problem: Whom can you trust? ¶ Optional: Dual operation: LAN & VPN at the same time Setting up Pi-hole as a recursive DNS server solutionĭisable nf entry for unbound (Required for Debian Bullseye+ releases)
0 kommentar(er)
