You're running Pi-Hole wrong! Setting up your own Recursive DNS Server!
Переглядів 1,224,875
3 роки томуHuge thanks to Linode for bringing you this video. Wanting your own personal cloud services, but don't have the time, money, or space to set up your own server rack? Let Linode host them for you! Visit linode.com/CraftComputing and get a $100 60-Day credit just for signing up.
Pi-Hole is an awesome service to run in your house. It keeps ads from loading on every device, and will run on any Raspberry Pi, Docker container or virtual machine you'd like. But did you know it can do SO much more than just block ads? You can also completely bypass 3rd party DNS servers like 8.8.8.8, 1.1.1.1, 208.67. 222.222, or the ones ran by your ISP.
But first... What am I drinking???
Freigeist Bierkultur's Aufschneider, a 'Hoppy German-style Hefeweizen Ale'. This reminded me a lot of a Radler... you know, a lager mixed with grapefruit soda? But think of a Hefe mixed with a Pale Ale. It's better than it sounds, but it's also neither a Pale Ale, nor a Hefe. Not bad, but not for me.
Installation Steps
Install Ubuntu Server 20.04 (ubuntu.com/download/server)
Install Pi-Hole - sudo curl -sSL install.pi-hole.net | bash
Set the Web Admin Password - pihole -a -p [password]
Install Unbound DNS - sudo apt install unbound
Create Unbound Configuration File - sudo nano /etc/unbound/unbound.conf.d/pi-hole.conf
Copy example config - docs.pi-hole.net/guides/dns/u...
Restart Unbound to apply Configuration - sudo service unbound restart
Disable Forwarding DNS in PiHole
Set Custom DNS in PiHole - 127.0.0.1#5335
And you're done! Bonus points for sending all DNS traffic through a VPN Gateway to encrypt all outbound requests - • VPN Everything! OpenVP...
Links to items below may be affiliate links for which I may be compensated
Find the parts I recommend on my Amazon store: www.amazon.com/shop/craftcomp...
Follow me on Twitter @CraftComputing
Support me on Patreon or Floatplane and get access to my exclusive Discord server. Chat with myself and the other hosts on Talking Heads all week long.
/ craftcomputing
www.floatplane.com/channel/Cr...
Music:
George Street Shuffle by Kevin MacLeod
Link: filmmusic.io/song/3800-george...
License: filmmusic.io/standard-license
@CraftComputing 3 роки тому
I should start making all of my tutorial passwords "solarwinds123".
@frizzletits8511 3 роки тому
Yes
@TundraMantis 3 роки тому
@@frizzletits8511 love the vid. Just some little fact, Ubuntu is pronounced Ooh-Boon-tu but pronounced fast.
@WaffleClap 3 роки тому
@@TundraMantis Really? I've always pronounced it like Ubuntu, but maybe I'll start pronouncing it as Ubuntu instead ;D
@TundraMantis 3 роки тому
@@WaffleClap Lol. A lot of Americans, like in the video pronounce it Ooh Bun to. Like a bread roll slipped in the middle there ;) The boon is like a fast boen. Just sounds better ;)
@Bob_Smith19 3 роки тому
Can’t wait to see how bad the SolarWinds hack actually is. It will slowly trickle out over the next few years. It’s a lot worse then they’re letting on.
@praecorloth 3 роки тому
People hating on Ubuntu Server for being boring have never worked in IT. You don't want interesting infrastructure.
@tin2001 3 роки тому
I'm even more boring. My servers are all Debian.
@asdasddas100 3 роки тому
@@tin2001 Yup. I always run Debian for my servers
@timmy7201 3 роки тому
@@tin2001 Debian for the server and Manjaro on the Desktop/Laptop.
@dissolvanizer 3 роки тому
Ubuntu isn't boring. It's irritating, Debian is less irritating.
@TheDamnhook 3 роки тому
FreeBSD anyone ?
@user_16309 3 роки тому
"Use whatever you like, this isn’t the place for that argument." Great saying, I’m using that!
@leopantheraleo 3 роки тому
Use whatever you like, this isn’t the place for that argument.
@bottom 2 роки тому
😂
@alexanderalvarado9675 3 роки тому
I appreciate how you actually say what keys you are pressing. A lot of videos and online tutorials just say "enter this" "type this there" without actually detailing the smaller steps. To someone just starting with all this stuff, it is very helpful. Thanks!
@spawnterror 2 роки тому
You're welcome!
@jordanallen8115 2 роки тому
@@spawnterror r/notopbutok
@svampebob007 2 роки тому
@@jordanallen8115 r/notreddit
@Pteromandias 2 роки тому
@@jordanallen8115 r/gobacktoreddit
@jordanallen8115 2 роки тому
@@Pteromandias my b this is r/notreddit , wrong app.
@russellbaker4256 Рік тому
Packed content, accepting as many defaults as poss, concise explanations as you go - just perfect. Now pihole is setup for my domain controllers to forward dns queries too
@NetworkCowboy 3 роки тому
It is 1am and you literally made me get out of bed to setup Pi Hole as a recursive DNS server never thought I needed such thing in my life.
@seanhartigan5040 3 роки тому
me_irl
@fubarsnafu4994 2 роки тому
Sleep is a requirement not mandatory just ask any corporate HR
@joeygarcia4277 Рік тому
What are the benefits of this again?
@goose_clues Рік тому
you need it
@TheBinklemNetwork Рік тому
@@duotronic6451 no
@PrivateBaba 3 роки тому
Thanks UKposts for suggesting this video. I literally fell in love with the chancel.
@teksyndicate 3 місяці тому
I keep coming back to this every time I change/upgrade things... cheers!
@saschadolenec3207 4 місяці тому
I came here because of the Pi-Hole + Unbound setup without knowing you're doing a beer review at the end. You got me with that. As a German usually not drinking industry-pilsener but always trying to get craftbeer from local breweries the last part made the tutorial perfect. I was able to smell the hops just by listening. Thanks!
@Thewickedjon 3 роки тому
Jeff slowly creeping his way to #1 on my list of favorite techtubers, well done sir
@AmitCantPlay 3 роки тому
This man has saved my life so much times. Im the only IT person at my job and his tutorials help me alot.
@nixxblikka 2 роки тому
And what exactly for do you need pihole at a your job?
@boxlid214 3 роки тому
Works great on the recent releases of Mint (20.1), just enter the "skip OS check" command Pi-Hole gives you after the first time you run it and it fails. After that, no problems at all. Thanks for the clear tutorial and also linking everything in the description. Well done.
@l4te4oot91 2 роки тому
Will definitely be setting recursive up. Great video, straight to the point!
@omgbbqwtf2 3 роки тому
I just got my PiHole up and running and this is a great second step making it recursive. Thank you!
@streamingjunkie4397 3 роки тому
I echo that. I have mine running for two days on a refurbished HP Thin Client and I am pleased with it
@pccreator25 3 роки тому
This was a great video, perfect execution and easy to follow. Videos like these will make those starting out in the tech world enjoy what it has to offer... And make the experienced ones smile in agreement. ;)
@RaymondMaas 3 роки тому
Good one, never thought of that! Got this running on a Pi Zero now and it works great so far!
@MooreWoodWorks 3 роки тому
Thanks Jeff! I’ve been using pi-hole All Wrong for over a year! Thanks for the very detailed "how-to" video. It was very easy to follow and I had my extra rpi3 up and running with a fresh install of the os, pi-hole and unbound in less than 30 minutes! Great job... Thanks again.
@CRy3Gen 2 роки тому
Do you have a link to a Video of how to do that please.
@marcpitman 3 роки тому
Thank you! I set up unbound after watching this and it was super easy.
@Sean_Cockrell Рік тому
Great video. I know this was Pi-Hole specific but 2 notes for others that are interested. You need to serve your Pi-Hole DNS IP to your network clients via your DHCP server otherwise its a manual setup on every single device and easy to bypass (as in change your DNS to something else) and the second related to the first is, on your firewall you should capture all DNS requests not going to / coming from Pi-Hole and then forward them back to Pi-Hole therefore making your Pi-Hole your exclusive internal DNS server and non by-passable. Some devices actually try use a hardcoded DNS ignoring your network DNS settings.
@asuravojl Рік тому
the first thing seems to be pretty easy to do. What about the second step? How can i capture all dns requests not going to and coming from pihole and forward it back to it?
@Sean_Cockrell Рік тому
@@asuravojl the directing DNS internally is really dependent on your firewall. For example on a Mikrotik you would create a NAT. In English that would be, if source address = your lan subnet and destination not PIhole IP, UDP port 53 action dst nat to pi hole ip. If this can’t be done at least having your dhcp server hand out the dns ip is still decent.
@robertcampbell2117 3 місяці тому
@@asuravojl Not all firewalls support redirecting. The easy solution is to block DNS port to all devices except for the Pihole. Then if they try to bypass the PiHole DNS it gets blocked.
@davidg5898 3 роки тому
Just wanted to drop a thanks! I got a RasPi 0W for free a few days before you posted this, so it was perfect timing. My Pi-Hole w/ DNS has been working fantastically ever since.
@gittesilberglarsen1262 Рік тому
Good job. Appreciate your miticulous and yet rapid progression. This style is well suited for recorded presentations where repeate is just a click away.
@yannduranx 5 місяців тому
meticulous, not miticulous, seeing as you appreciate meticulousness, lol
@hooami6245 3 роки тому
Right on time! I’ve been having some issue just this week setting up Pi-hole! Bro u always come in clutch!!
@frizzletits8511 3 роки тому
JEFF GEERLING
@joeslacker1020 2 роки тому
How do I make a whitelist for the internet and block everything else not in my whitelist?
@WalkableBuffalo 2 роки тому
That was super easy, thank you! Finally made use of an old B+ sitting around doing nothing.
@mrc1500 4 місяці тому
Love this! Already had a Pi 4 running Pi-Hole and your video just made that experience much better. Thanks, man.
@kanishkaveediyabandara3028 2 роки тому
Good job Craft Computing! Clear and straightforward. Thank you.
@tuliof 3 роки тому
Thanks, this motivated me to finally put my dusty RPi 3 to good use.
@NovaspiritTech 3 роки тому
awesome job with the video and great job on the linode placement!! flowed right in. hahah!!
@CraftComputing 3 роки тому
Nothing like a "while we're waiting on this, let me tell you about" transition. Eat your heart out, Linus!
@damiansmith4156 3 роки тому
I have 13 hdd i want to hook up in my server but I'm limited on x8 slots. What would you recommend that i get? I also have a lsi megaraid 9260 IT mode but that only gives me 8 outs.
@PolntBlank 3 роки тому
Checkout novas video on the raspberry pi imager
@kaylanorris5292 2 роки тому
@@CraftComputing yeah, that's cool while we're waiting.
@kaylanorris5292 2 роки тому
@@PolntBlank whatever that is, OOk?
@rv8-m948 7 днів тому
Two years after watching this video for the first time, my comment is the same. You have to watch more than once but absolutely worth the effort. I rate this one of my top most useful videos. As I was a home brewer for years, back when Olympia and Coors was it, I enjoyed the hop talk.
@SpikeMoby 3 роки тому
Nice, I've just started the Virtualising journey and now have this running in a container looking up via oVPN in another container thanks to another of your videos. Cheers!
@TechieM2 3 роки тому
Great video! I never really looked at Pi-Hole before (I thought it was specific to Pis). I've been doing adblocking using custom scripts to update lists and rebuild my BIND configs. I just tossed up a VM, followed your instructions mostly (changed the forwarder to my existing server with my BIND install), and gave it a quick test. I think I'll be setting up both networks to use this for blocking instead of the custom lists now (much easier to whitelist in as well). The stats are a nice bonus.
@joeslacker1020 2 роки тому
How do I make a whitelist for the internet and block everything else not in my whitelist?
@bjarnenilsson80 Рік тому
Yea that is the one thing pi-Hole might have goofed on in their branding, the name is far to connected with the Raspberry pi. but hey it runns on the pi so the devs might just have wanted to cash in on all the pi hype
@JustinHammond 3 роки тому
When you clicked the video thinking the title said “you’re SAYING pi-hole wrong” and wondered what on earth was in an 18 minute video about semantics 😂
@Tommy2Tomatoes Рік тому
Had your video saved for a good long while till i finally got round to setting up unbound. Great tutorial. In 2023 worked perfeclty on my pre-existing PiHole setup. I made a balls up by not restarting the DNS service before pointing PiHole to Unbound. But after that everything is working. Thanks good sir!
@codewaka8648 2 роки тому
Saw a craft beer in this man's hands and already fell in love.
@chandlerm2571 3 роки тому
Nice tutorial, I am glad to see someone else appreciates the recursive properties and actually made a high quality video on it! To anyone reading, DO NOT RUN THIS ON A VPS UNLESS YOU KNOW WHAT YOU ARE DOING.
@Roko131 3 роки тому
Why not?
@lctsi 3 роки тому
@@Roko131 misconfiguration, via failure to secure your resolver, could result in your resolver being used in DDoS attacks.
@nortonofnorthamerica 2 роки тому
@@lctsii was under the immpression installing unbound as he does should take care of that. Is that not correct ?
@migillett 3 роки тому
Great tutorial! I'll need to try out the recursive DNS setup. One thing I've done too is go into my router and setup DNS masquerading. That way any devices that have hard-coded DNS servers will automatically be forwarded to the PiHole. It's easy-ish to do on an Edgerouter X. However, I had to do something a little different when I upgraded to my UDM Pro. On the UDM Pro I basically allowed DNS requests from PiHole and dropped all other DNS requests from RFC1918 to WAN.
@reef2home 2 роки тому
How was this done?
@mikgandii3897 2 роки тому
Does this work for iPones?
@nurk_barry 2 роки тому
I tried getting Pi-hole running on a lubuntu install and had some trouble, found your video and immediately subbed, I look forward to learning a lot from you.
@PedroS-nv1sl 2 місяці тому
This is hands down one of the best tutorials I've come across. I absolutely love your channel!
@sherazmalik2179 3 роки тому
Awesome tutorial. Thanks for this. Could you consider doing a HA setup with 2 pi-hole servers? Both syncing all changes such as whitelists, blacklists and recursive DNS records etc.
@l0gic23 2 роки тому
I believe UKpostsr TechnoTim did this. Check him/his vids out
@unclerubo 3 роки тому
Love these videos, Jeff, and I will consider installing unbound on my Rpi as well. The only point I think you could have mentioned but didn't is setting your router DHCP server to direct your clients to the pihole server as default for DNS requests, so you don't have to do it manually, but I also get why you didn't :)
@Chase07450 3 роки тому
I also thought this was a lapse... should have pointed that out to make it complete.
@fredrik354 2 роки тому
Wroth mentioning that while it's useful to configuring your router to point at Pi-hole (you should), it's not all devices that will honor that. An example would be iPhones where the device would automatically point to iCloud's relay unless you, for each network, manually specify that DNS server to use.
@kirm8137 2 роки тому
Excellent man, just excellent. I ran Pi-hole as a recursive DNS server for a while and then started to have problems. I can now see where I made my mistake. Thanks so much.
@PaulLittlefield 3 роки тому
Both of my pi-holes tweaked and making a big difference, thank you!
@BCKammen 3 роки тому
Been running PiHole for a few years, and never knew about the Unbound. Thank you. Keeping my network and ads more secure.
@Teleport73 3 роки тому
Thank for the very clearly explained video. Could you also create a guide to add Unbound as a docker container, to run alongside an existing Pi-hole container please? Preferably using Portainer. I'm still a little new to all this.
@badpickle2347 5 місяців тому
I think im trying your docker container setup - did or were you able to find a solution? TY
@GlaucoSAmaral 2 роки тому
Dude, you solved two problems instead of one, I needed to create my own email server for my company and I was facing problems with local DNS, in addition to too many ads and dubious advertising! Thank you very much!
@nunyabusiness2127 Рік тому
Great job. I appreciate that you keep your videos succinct and short.
@MingYuanYu 3 роки тому
Great video! I'm running pihole & unbound in an LXC container and it works as well.
@BenHoughton 3 роки тому
LXC makes much more sense than an entire Ubuntu Server VM for this.
@trazac 3 роки тому
@@BenHoughton He also massively over provisions by giving it 4 cores and 4GiB of RAM. It will use like 1/8 of either resource.
@ketatgenhorst 2 роки тому
This was a great tutorial and as one of the old linux types who always stands ready to debate distribution types, much respect to how you disarmed us. Nothing left for us to do except... Nano? Seriously? Real typers type on vi ;) Kidding. I set this up on an R-Pi 4 and the setup could not have gone better. Will subscribe.
@GodofGrunts 2 роки тому
You could yell at him for his pronunciation of Ubuntu lol
@timothyfoote6658 2 роки тому
yeah but no one can get out of VIM! LOL
@Kaminskip 2 роки тому
I have came back to this tutorial loads of times for refreshers :) Cheers!
@nerdaxic 2 роки тому
Great tutorial and explanations, managed to set up everything working nicely. Thank you!
@Pekeliini 3 роки тому
If nothing else, this video made me finally update the password for my pihole admin page. Now I don't have to go digging it out of my password manager every time I want to login. So thanks for that.
@realcartoongirl 3 роки тому
i didn't have a password because no one goes around messing with my pi hole in my network
@mannb1023 3 роки тому
Is password manager worth it
@MrNaesme 3 роки тому
@@mannb1023 Yes. Always. A little annoying having to open it all the time, but ultimately more secure (as long as your master password is secure and it's hosted in a way that's secure).
@BeamDeam 2 роки тому
@@MrNaesme or just use a password manager that has a browser addon like Bitwarden and then you also don't need to think about it being open.
@j0nrages851 3 роки тому
This video made me a patreon/Merch buyer. Keep bringing us tools of the open web! Down with the Tech Oligarchy!
@tdtrecordsmusic 3 роки тому
If u are serious about this then checkout scanlime-in-progress . It's a YT channel where these dev's are working towards this. Maybe catch em when their live and help throw some idea's around. Last time I was there the topic was >> What software should we write so we can be less dependent on big tech
@SirPoopyPants 2 роки тому
The value of this video was exceptional! Thank you! liked and subscribed as a result!
@nate806 3 роки тому
I wish i knew about unbound and making pi-hole recursive when i set this up last year. thanks you for posting this, and making it very straight-forward
@geoffhalsey2184 3 роки тому
Just out of interest, as I'm running Mint, I thought this could be an an ideal use of a local lxc container. Tried it, all worked, no additional hardware or hypervisor required.
@tonvanbaalen1493 3 роки тому
Thanks for the great video. I liked the idea so i gave it a try. I tried to install pi-hole exactly as you showed in this video, but with no success. There are some differences however. I made a virtual machine on my Windows10 desktop with hyper-V and installed Ubuntu, same version and same tools like SSH-server, and Unbound, same versions, same configuration. During testing I found no differences with the number of adds on MSN and other sites. I noticed that the configuration of pi-hole was only on IP-4 level and not on IP-6. That might be the reason, because my provider and my router all support IP-6. Another thing was that after rebooting my machine, nothing was working anymore because my ubunto server virtual machine got a different ip address (IP-4). I am not a linux guru but had a linix server about 15 years ago. So i know a little bit but not enough to solve this. I tried to give a fixed IP address, but on IP4 only, and that was not working, so I removed the whole setup. When someone has some ideas to solve this problem I will start from scratch again.
@eduardozavala8658 2 роки тому
I really appreciate a simple tutorial like this, it gave me an idea for next proyects, thx!
@bradfeet3418 Рік тому
Ive been trying to setup unbound and finally found this tutorial which explain it very well. Good job.
@TechnoTim 3 роки тому
Fantastic end to end tutorial! Nice work!
@giovannibajetto 3 роки тому
Two of my favorite channels are talking to each other! OMG :-)
@angrynerd2103 3 роки тому
@@giovannibajetto same!
@joeslacker1020 2 роки тому
How do I make a whitelist for the internet and block everything else not in my whitelist?
@DanielStinebaugh 3 роки тому
Nice and simple explanations, Would love to hear you explain the benifits/concerns between using a recursive dns server (unbound) as opposed to DoH options
@Alexcide007 Рік тому
@@JivanPal Would I have to pay for a cert? If so what are the costs? Maybe a video can be done about this.
@JivanPal Рік тому
@@Alexcide007 No, you can get SSL/TLS certs for free these days using Let's Encrypt. Plenty of tutorials available. Personally, I like to use the DNS (DNS-01) challenge mechanism, which also allows you to create wildcard certs.
@Alexcide007 Рік тому
@@JivanPal Thanks for the advice, I am going to add this to my list!
@paulpinder 2 роки тому
Absolutely fantastic - thanks for the easy to follow instructions - my pihole is now running super well and operating much more effectively. Also, who cant love a man who love his beer!
@davenpro 3 роки тому
The major downside to making your pihole setup a full recursive resolver, is that you lose the ability to do DNS over https which obfuscates your DNS lookups from your last mile provider (i.e. Comcast, Charter, Cox, etc). Additionally, if not properly secured, open recursive DNS resolvers can be and frequently are used as amplifiers in distributed denial of service (DDoS) attacks.
@thebamplayer Рік тому
Normally you firewall should be configured in a way, that ongoing dns requests are blocked.
@mjodr 5 місяців тому
DoH is not as secure as you might think it is and it is significantly slower than regular lookups. I gave up on it in the interest of speed and because the more I read about it the more I realized it might not be doing much hiding at all. DNS needs a full re-engineer from the ground up as it has always had problems and I don't like any of the current solutions to try and fix them.
@jfbeam 5 місяців тому
An open resolver is only a problem if the internet can reach it. Nothing in this video does that.
@dandyman5609 2 роки тому
Great video! My 12 old son managed to do this by himself following your tutorial first time! You should also consider making a part two of this guide to block UKposts ads too! I know it's quite tricky but managing a "moving target" like UKposts would be great practice!
@dandyman5609 2 роки тому
@@wojtek-33 I mean if you ever tried blocking youtube ads with pi-hole, it is difficult and far from permanent. In other words - not very effective. However, trying to do that teaches a lot, that's why I suggested to do it.
@dandyman5609 2 роки тому
@@wojtek-33 read the message again and think what is wrong with your statement
@dandyman5609 2 роки тому
@@wojtek-33 alright dude
@mrmotofy Рік тому
Use browser extensions like UKposts adblocker etc...DON'T use apps
@dandyman5609 Рік тому
@@mrmotofy you missed my point completely :)
@abrudner 3 роки тому
This is the solution I've been looking for. The webmin BIND interface took me a while to get the hang of. This is simple. Thank you!
@randleqgod 3 роки тому
Your pihole tutorial was the only one that worked for me. Thank you!
@linuxfornoobscom 3 роки тому
great tutorial, now I need the last thing - how to make pihole as backup dns with possibility to synchronize DNS records and pihole settings from primary pihole based recursive dns server.
@henryasbridge5161 3 роки тому
there is a project called pihole-cloudsync, this uses a git repo to sync your blocklists, local dns doodads and settings from a master pihole
@linuxfornoobscom 3 роки тому
@@henryasbridge5161 found Gravity Sync, should be working without the need for git. look for Techno Tim channel, he has a guide.
@GeertSamuel Рік тому
This video is lit. No bs, straight to the point and everything explained.
@JoseOrtiz1 Рік тому
Thank you! What you put together here is perfect!
@djvincon 3 роки тому
Cool, video. You can enhance the Experience by logging in to your router and add pihole as the dns adres. This way all traffic wil be routed to pihole
@weswes10 3 роки тому
This is what i did... now everything on the lan gets ads blocked...except youtube on the roku... theys tricksy
@Demonslay335 3 роки тому
Only problem is most (home) routers don't actually broadcast the new DNS via DHCP, they do their own recursive lookup. Not a huge deal for performance, just adding yet another hop, but it sucks that PiHole only logs 100% of queries as coming from the router.
@nevoyu 2 роки тому
I think you should do a video on the docker container. It's a lot less overhead than a full virtual machine.
@joshuapettus6973 5 місяців тому
You still need a machine to run the docker container on... hence why he went with his vps provider. To go with the added headaches of docker within the VPS would be silly and outside the scope of the demonstration. Docker does have more overhead then 0 after all.
@TechnologyGeek862 2 роки тому
Oh man the unbound makes my pi-hole way faster than before. I've seen this video couple times before but never got to installing the unbound until now. Well worth it. Thank you
@TehPoopDood 2 роки тому
Absolutely brilliant! Already set this up and it works wonders! Thank you so much for this vid!
@timothyfoote6658 2 роки тому
it blocks about 40% of my traffic just from ads!! It's insane!
@williamsk001 3 роки тому
Another option you may not have considered for running pi-hole is running it in a Docker container. More efficient than a full Ubuntu VM for sure, but I'll have to look into getting an Unbound docker image after seeing this video. Thanks!
@daevski Рік тому
I run it as a docker container, but that container runs on a dedicated "server" in a closet that I can SSH into. In my case, I'm using an old Mac mini.
@williamsk001 Рік тому
@@daevski Yeah all of my containers run on a dedicated small server. I even have a separate unRAID box I could run containers on if I run out of capacity on the main server.
@robertrudik3022 3 роки тому
You forgot to cover another important area. There are people already running AD and dns service (I believe you too) and they want to use pihole without loosing functionality of theirs current dns setup. Would be great to see how you handle pihole running as forwarder or behind your current dns server. Also changing dns entry is much effective on dhcp server than single client so I believe this was done just for presentation purpose. Cheers.
@Zoyx 2 роки тому
Received my Raspberry pi zero 2 W in the mail yesterday. Just gave it the recursive DNS server treatment. Working great! Thanks for the help.
@emilymarriott5927 2 роки тому
Oh, nice. Also very easy to setup when you already have a running pihole. Also, yes. that DNS Records section is so useful. .local domains are so much easier to remember than IP addresses.
@Newman0072 3 роки тому
Please consider a follow up to this about pi-vpn, that would be a good topic to cover
@aurelia8028 2 роки тому
Ooh yeah I'd definitely like that. For some reason I can never get pivpn to work proberly over time. It will work for a few hours or days and then just stop working for whatever reason.
@user-ik2es8ki5y 2 роки тому
@@aurelia8028 WireGuard works great.
@billtheunjust 2 роки тому
@@aurelia8028 I've been running pivpn for a few years now, I can help you debug it if you'd like.
@JivanPal 3 роки тому
Thanks for the excellent tutorial! Can we configure Unbound to listen on a Unix socket rather than listening on port 5335, and then configure Pi-Hole to talk to Unbound on that Unix socket rather than on localhost:5335?
@CollinBaillie 2 роки тому
Since PiHole is using a DNS resolver, which as a standard uses TCP or UDP, typically on port 53, I'd say no to the unix socket. Why would you want to use a unix socket instead of a network port?
@EarlOfBurl 2 роки тому
Perfect tutorial! Thank you very much. Didn't know about "unbound" but now I'm using it and it's still very fast. Now my 8GB RPI 4 gets something to do other than being my NAS. :)
@DCxALBRECHT 3 роки тому
just set this up this morning. thank you for the video!
@SteenSchutt 3 роки тому
You should also stop the DHCP service on your router and enable the one within PiHole. That way you won't have to configure DNS on everything on your network. Some routers will allow you to set the IP of a DNS server as well, but sometimes they still act as DNS and forwards the request to the server you specify, instead of just giving the client the IP address when it requests a DHCP lease.
@meyerbro Рік тому
But lots of routers let you setup the default DNS for any client that connects to it. This way you keep all the current IPs/hostnames you already have. Am I missing something? Thanks!
@xenotastic Рік тому
@@meyerbro Exactly. I'm using a FritzBox and can define the DNS server to use for DHCP clients.
@joshuapettus6973 5 місяців тому
@@meyerbro Indeed the router can do that itself. The real benefit from using pihole as the DHCP server is that it then knows the hostnames of all your devices, which is useful for the logs as with useful for internal in network DNS. In the house I can remote into myhostname.lan as oppose to 192.168.0.X
@hiddenfromyourview 3 роки тому
Great video! One thing I was unclear on was how unbound adds any real value. Your DNS chain is: pihole > unbound > DNS root servers. Why not just point the pihole directly to the root servers so that it looks like: pihole > DNS root servers ? This allows for you to run pihole on platforms and services, (such as docker) that may not have unbound bundled or available.
@DanCave 2 роки тому
Why not use Bind instead? Wait, bind? What's that :D ;)
@Jacob-tp1ue Рік тому
This is because pihole can't run a recursive DNS server on it's own - It needs a 3rd party implementation.
@computer215 3 роки тому
Thank you.. just set this up this morning... very easy with your well done instructions
@ryanjohnson4972 2 роки тому
I forgot how much I love Pi-Hole! Now with unbound it's super nice. Great tutorial!
@timothyfoote6658 2 роки тому
now to figure out how to block google/youtube ads(cant on a smart tv).... GGGRRRR
@ScrungleGaming 3 роки тому
I'm pretty sure this is essentially a alcohol review channel with a computer related pre-show Not that that's a bad thing
@NenadKralj 3 роки тому
😆😆😆 I love the spin 😂😂😂😂 at end 😅
@iwinrar5207 3 роки тому
How dare you tell me I'm using my holes wrong
@xen4985 3 роки тому
Well that's kinda concerning if you use your Pi-Hole the way you say you do
@chrisumali9841 3 роки тому
Thanks for the demo and info, have a great day
@Zoyx 10 місяців тому
I just had to rebuild my pi-hole server. This guide is still valid. Only subtle changes since this came out.
@One_Guy 3 роки тому
could you do a more in depth video on unbound? thanks!
@joeslacker1020 2 роки тому
How do I make a whitelist for the internet and block everything else not in my whitelist?
@JarrodCoombes 3 роки тому
Anyone wanting to do this, know that you can get away with 10Gb of storage, 2 Cores and 512Mb of RAM (though I'd suggest 1Gb) for this. DNS is *very* light on resources. Also note that getting DNS results from the authoritative terminal does not save your from DNS hacks intercepting and changing raw DNS queries is trivial to do this. Better to forward your DNS queries to a server that support DoH (and set that up).
@kouhaiii3182 Рік тому
thank you! i was wondering what were the minimum system requirements as i have low-end hardware
@chemicle Рік тому
Thanks so much Jeff - changed everything in my house - definitely a great vid.
@jacobreuter 2 роки тому
I run this on a little raspi and love it. Thanks for the video man
@clausdk6299 3 роки тому
Just remember: Doing it this way, your ISP can see what websites you visit, since the unbound sends out the request on port 53 to the root servers...
@Stinosko 3 роки тому
Unbound is only used for any new websites so your ISP can see what websites you visit but not how often after the first request if i understand it correctly?
@ShainAndrews 3 роки тому
@@Stinosko Correct.
@clausdk6299 3 роки тому
Not sure about PI-hole ( might be pi-hole caches the IP longer ). But usually it use the TTL values for the DNS records, defined on the domain itself.
@CraftComputing 3 роки тому
@Claus DK - That's why I mentioned in the video description "Bonus Points for tunneling your DNS traffic over a VPN" 😉
@Stinosko 3 роки тому
Some vpn allow setting up a dns within their software so you don't need to do it on every network adapter. I use PIA and that one has the option for it 🙂
@albertoneto1177 3 роки тому
just tested using hyper-v, didnt know it could make such a diference, buying a pi 3 now.
@c187rocks 3 роки тому
If you don't plan on doing anything else with the pi3 save yourself a few bucks and get a pi zero. It's more than enough for this application and its small form-factor gives you more options to tuck it away.
@wrenskimpy9175 3 роки тому
@@c187rocks it’s important to note that a Pi Zero doesn’t have an Ethernet port.
@c187rocks 3 роки тому
@@wrenskimpy9175 Good point. Although a basic USB dongle for a buck takes care of that which still brings the total cost lower than a pi 3.
@joshportelli 3 роки тому
@@c187rocks I've been running like this for years. Purposely got a pi0 without wifi with micro USB to ethernet adapter for the lowest possible power usage.
@BornInTheUSA 2 роки тому
Excellent video and easy to follow. This method blocks a lot more ads than standard install. Thanks.
@rv8-m948 2 роки тому
Ah...a video I have to see more than once to understand...but I think worth it. Thanks! Update: I did as you say and it works...noticeably well on my Raspberry Pi4. I tested it using my PC before reassigning my router local network DNS to Pihole.
@UnprotectedDesignFlaw Рік тому
Could you please consider making a tutorial combining: - PiHole + Unbound + LanCache That would be kinda nice.
@Liqtor Рік тому
The script that rebuild the Lancache lists must run on RaspberryPi hardware (if you're using this tutorial)
@asiermontesbea 3 роки тому
What about disabling the DNS cache of Pi-Hole? So Unbound handle all the caching Also disabling DNSSEC since Unbound can handle that as well and Pi-Hole and Unbound would be doing the same job twice. I have the same setup just with these two additions. Great video btw
@angrynerd2103 3 роки тому
You 100% need to disable dnssec on pihole otherwise there will be issues with dnssec data not being passed through. The cache is less important but it can further decrease latency. I encourage you also to hit up the unbound conf manual and see if there are any additional options that would benefit you. Using a modified config i have managed to get my average queries down to 7ms.
@asiermontesbea 3 роки тому
@@angrynerd2103 Yeah, that as well. But maybe that's more "advance" and not as straight forward as, I believe, this tutorial was meant to be.
@mitcentauri6237 2 роки тому
You inspired me to spin up my first Ubuntu Server VM on my TrueNAS and then follow the rest of your guide. Thank you!
@Ouchmyface. 3 роки тому
Shouldn't you also add the ipv6 loopback ( [::1]:5335 ) to the upstream dns servers for ipv6 queries? Keep it up with the awesome videos! Love the channel.
@zairman 2 роки тому
From what I read, it's not needed because it points to the same place in the kernel.
@mf1315 Рік тому
Hmmm don’t think that’s right
@jamestzashi 3 роки тому
I love the local DNS settings, i've it set up for all of my local services, jellyfin.lan etc its great no need to remember IPs
@Bob_Smith19 3 роки тому
Glad he mentioned this. In the past I modified the config file. But it was really out of date. Two minutes in the web interface and everything was updated.
@espenlund 3 роки тому
I just enable "Conditional forwarding" and let my router do that.
OBOZTV
Переглядів 148 тис.
Jim's Garage
Переглядів 17 тис.
LED Screen Factory-EagerLED
Переглядів 4,1 млн
LED Screen Factory-EagerLED
Переглядів 4,1 млн