Unbound
nextdns
Our great sponsors
Unbound | nextdns | |
---|---|---|
40 | 967 | |
2,737 | 2,868 | |
3.7% | 3.4% | |
9.4 | 7.3 | |
8 days ago | 26 days ago | |
C | Go | |
BSD 3-clause "New" or "Revised" License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Unbound
-
Just one bad packet can bring down a vulnerable DNS server thanks to DNSSEC
dnsmasq and unbound are impacted to
https://github.com/NLnetLabs/unbound/releases/tag/release-1....
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/20...
As are any other DNSSEC validators that followed the specifications.
Bind9 has its problems but this is not its fault this time.
-
Encrypted Client Hello – the last puzzle piece to privacy
Are you familiar with https://pi-hole.net/ ?
In my house I want DNS resolution to be performed by my own DNS resolver (https://github.com/NLnetLabs/unbound), after I block ad domains.
DoH circumvents that.
-
Running PiHole on a second server
Gravity-Sync won't do that. But searching around on GH, I found this : https://github.com/NLnetLabs/unbound/blob/master/contrib/unbound_cache.sh
-
pfBlockerNG-devel v3.1.0_7 / v3.1.0_14
Version 1.15.0 Configure line: --with-libexpat=/usr/local --with-ssl=/usr --disable-dnscrypt --disable-dnstap --with-libnghttp2 --enable-ecdsa --disable-event-api --enable-gost --with-libevent --with-pythonmodule=yes --with-pyunbound=yes ac_cv_path_SWIG=/usr/local/bin/swig LDFLAGS=-L/usr/local/lib --disable-subnet --disable-tfo-client --disable-tfo-server --with-pthreads --prefix=/usr/local --localstatedir=/var --mandir=/usr/local/man --infodir=/usr/local/share/info/ --build=amd64-portbld-freebsd12.3 Linked libs: libevent 2.1.12-stable (it uses kqueue), OpenSSL 1.1.1n-freebsd 15 Mar 2022 Linked modules: dns64 python respip validator iterator BSD licensed, see LICENSE in source package for details. Report bugs to [email protected] or https://github.com/NLnetLabs/unbound/issues
-
"Jeez why you need an adblocker" they say...
Unbound DNS
- How can I persist/retain Unbound cache across reboot?
-
Does OpenDNS Family Shield still work or did they get rid of it?
Many users (myself included) opt to leave out third party resolvers entirely and deploy a local recursive nameserver. I use Unbound. In the default recursive operation it queries the root nameservers directly, with responses validated using DNSSEC. So there's no potential of a third party upstream providing incorrect records, either accidentally or deliberately, and no one server gets the opportunity to log the full path of your resolution chain. Your ISP, Cloudflare, Google, OpenDNS or whatever may super duper pinkie promise not to log your resolution history or use it for whatever purpose, but why give them the opportunity to?
-
Private DNS Mode Setting?
The next logical step in this chain usually looks something like "OK, so my queries and their responses are secure, but why do I trust [my ISP/this third party/this faceless megacorporation] exactly?", and...honetly, you shouldn't. One or two more questions and the next thing you know you're running your own full recursive resolver stack.
-
When do you think Chrome on Android will get extension support?
I wasn't personally particularly happy with any one provider's offering, and didn't want to needlessly include a third party, so I stood up my own APDNS proxy with an iterating nameserver behind it.
-
NextDNS with OPNsense or Unifi USG
I have nextdns CLI installed on OPNSense but I'm looking for a plugin for OPNsense since I have zero visibility with the CLI Anyone know if this is coming soon or in the works? this page says "coming soon": https://github.com/nextdns/nextdns/wiki and this says that nextdns doesn't work with with unbound: https://github.com/NLnetLabs/unbound/issues/132
nextdns
-
Runs on your OpenWrt box: AdGuard Home is network-wide blocking ads and tracking
I ran a competing project[0] on my home network for a few years before I discovered NextDNS[1]. What I lost in performance (requests don't leave my house) I gained in portability: ALL my devices can take advantage – at home and away – and time-saved. PiHole works 90% of the time, but when it did stop working, I'd have to spend a bit of time fixing it. At $20/year, I simply couldn't compete with NextDNS.
Note: This isn't a shill for NextDNS; I love these kinds of projects and think they absolutely should exist, but NextDNS just happens to be one of those dead-simple SaaS tools that is an insanely good value.
I used Pi-Hole, then went to NextDNS, then to AdGuard DNS, tinkered with AdGuard Home, and currently testing Control-D. They are all actually pretty good, similar features, and it has become just a matter of personal choice.
In all fairness, when I have some time and can invest in decent hardwares, I might go back to AdGuard Home with one of the paid services as backup for travel, and when for the other family members.
Pi-Hole works really well but once-a-while, when I'm traveling, it will decide to act up and it's a whole IT support with the family over phone for minutes if not hours. I'm not smart enough to setup a secure enough tunnel and the like, and haven't read up enough on the topic. This follows similar pattern with AdGuard Home.
NextDNS, AdGuard DNS, Control-D are easy and just works, especially with the devices that the family uses. I think I bought one of those AdGuard Lifetime license, so I use that to block client-side rendered ads in conjunction with either AdGuard DNS or NextDNS or Control-D. Right now, Control-D is doing pretty good with my test-drive.
Okay but NextDNS' own homepage says it "blocks ads and trackers on websites and in apps" - https://nextdns.io
- Great Forgotten Sci-Fi Movies of the 1980s
-
Google Chrome will limit ad blockers starting June 2024
pretty much to the same effect of a pihole, yet you can get up and running in minutes. You can then configure wherever you please: your browser, your laptop, your phone, or even your router.
[0]: https://nextdns.io
-
Cloudflare 1.1.1.1 DNS resolving issues
It's not open, but I'm happy with https://nextdns.io/
There is https://www.dns0.eu and https://nextdns.io.
I like the 300K requests per month free tier that nextdns.io has. Comes with plenty of filters.
-
“1.1.1.1 is now handling more than 1.3T requests per day”
you can also have a look at nextdns [0][1]. I set it up on both my mac nad iOS. NextDns provides a panel where you can see what got blocked and some other analytics for you. Even though I use Brave on iOS and Arc with uBlock Origin still that wasn't enough and nexDNS blocked some additional ~8% trackers. It's free for first 300k requests per month.
-
Comestic adblocking in iOS
On my journey, I've experimented with various DNS filtering methods. I've used the AhaDNS Blitz (previously known as PiHoleDNS), and its performance was okay in my opinion. But, Reddit's chatter about NextDNS made me try it out. and I've been giving it a whirl over the past few weeks. Its user interface is nice and it allows significant control over various block lists.
-
A collection of useful Mac Apps
NextDNS - Price: Free (with an optional pro version available) DNS resolver for macOS that blocks ads, trackers, and malware.
What are some alternatives?
AdGuardHome - Network-wide ads & trackers blocking DNS server
Bind - Mirror of https://gitlab.isc.org/isc-projects/bind9, please submit issues and PR/MRs in the GitLab. Any issues and PRs opened here will be closed without a comment.
PowerDNS - PowerDNS Authoritative, PowerDNS Recursor, dnsdist
Knot Resolver - Knot Resolver - resolve DNS names like it's 2024
Knot DNS - A mirrored repository
dnsmasq - mirror of dnsmasq (git://thekelleys.org.uk/dnsmasq.git ). This account is NOT maintained by dnsmasq developers. I am happy to give account to them. Please feel free to contact me. 1584171677[at]qq[dot]com
Pi-hole - A black hole for Internet advertisements
blokada - The official repo for Blokada apps.
blahdns - A small hobby ads block dns project with doh, dot, dnscrypt support.
dnscrypt-proxy - dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols.
DoH
SponsorBlock - Skip YouTube video sponsors (browser extension)