nextdns VS Unbound

Block 45.76.93.104 and 2001:19f0:6c00:1b0e:5400:4ff:fecd:7828 at the firewall if possible.

Ensure that DNS-over-HTTP (DoH) is enabled where it can be.

Set upstream DNS servers that block malware, such as 1.1.1.2 or NextDNS

Delete "fritz.box" from the domain search list in DNS settings.

Educate your parents to be cautious about directly typing domain names or searching from the OmniBox.

https://nextdns.io/

https://blog.cloudflare.com/introducing-1-1-1-1-for-families...

I've tried hosted Pi-Hole and AdGuard Home. They are good as long as I'm around to fix stuffs. Then I tested something which can be global (home) and also for individual devices -- Control-D, NextDNS, and Adguard DNS. All of them works pretty well. If I really have to choose, then it would be in the order of NextDNS > Control-D > AdGuard DNS. Affiliated with none, and have decided to subscribe to all three to further test them for this year.

https://controld.com

https://nextdns.io

https://adguard-dns.io

Okay but NextDNS' own homepage says it "blocks ads and trackers on websites and in apps" - https://nextdns.io

I first used Safari on Windows around 2006. Put me off forever.

You just need Firefox and the extensions that mean ads are never seen.

That said, take a look at https://nextdns.io

just run snort and get nextdns.io account and use those DNS servers to control your DNS.

I'm using NextDNS which can be integrated into TailScale MagicDNS. It works seamlessly. You may need to pay if you have a high usage rate. I pay for the Pro version but that's less than $30 CAD a year. I did have in house Raspberry PI and Pi-Hole DNS but it was a lot of work.

pretty much to the same effect of a pihole, yet you can get up and running in minutes. You can then configure wherever you please: your browser, your laptop, your phone, or even your router.

[0]: https://nextdns.io

dnsmasq and unbound are impacted to

https://github.com/NLnetLabs/unbound/releases/tag/release-1....

https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/20...

As are any other DNSSEC validators that followed the specifications.

Bind9 has its problems but this is not its fault this time.

Are you familiar with https://pi-hole.net/ ?

In my house I want DNS resolution to be performed by my own DNS resolver (https://github.com/NLnetLabs/unbound), after I block ad domains.

DoH circumvents that.

So yep it's an unbound thing: https://github.com/NLnetLabs/unbound/issues/438 there was a PR to allow a user to change the depth of a chase. I doubt F5 would have that version of unbound in any current software but support may be able to check or look at a lab 17.1 to see what version it is--you could then manually edit the conf file but it wouldn't persist through upgrades..

That's confirms in issue#362 I found.

The last time I checked, Unbound does not support upstream DoH. You can configure it to reply to DoH requests from clients, but you can't use it to forward queries to another DoH provider like Cloudflare or Quad9. Has that changed? The pull request has been open for 3 years.

And, while the documentation for unbound.conf doesn’t say a whole lot about the iterator module specifically as far as I can tell, the code says:

Gravity-Sync won't do that. But searching around on GH, I found this : https://github.com/NLnetLabs/unbound/blob/master/contrib/unbound_cache.sh

Version 1.15.0 Configure line: --with-libexpat=/usr/local --with-ssl=/usr --disable-dnscrypt --disable-dnstap --with-libnghttp2 --enable-ecdsa --disable-event-api --enable-gost --with-libevent --with-pythonmodule=yes --with-pyunbound=yes ac_cv_path_SWIG=/usr/local/bin/swig LDFLAGS=-L/usr/local/lib --disable-subnet --disable-tfo-client --disable-tfo-server --with-pthreads --prefix=/usr/local --localstatedir=/var --mandir=/usr/local/man --infodir=/usr/local/share/info/ --build=amd64-portbld-freebsd12.3 Linked libs: libevent 2.1.12-stable (it uses kqueue), OpenSSL 1.1.1n-freebsd 15 Mar 2022 Linked modules: dns64 python respip validator iterator BSD licensed, see LICENSE in source package for details. Report bugs to [email protected] or https://github.com/NLnetLabs/unbound/issues

"Unbound" for example https://github.com/NLnetLabs/unbound