You don’t cut the middle man, you create the middle man with Unbound. And Unbound needs to ask other DNS servers on the internet to resolve DNS queries. Your local DNS server can’t just magically know which IP is behind a domain like for example google.com. It needs to ask other DNS servers that know the answer. So unless you’re not using hyperlocal you will always need a DNS server on the internet to browse the web.
tl;dr: Cut out Cloudfare’s recursive resolver (or anyone else’s) and run your own via PiHole and Unbound.
You don’t cut the middle man, you create the middle man with Unbound.
Umm, Unbound is on your machine. So you’re saying you are your own middle man lol…which is the same as cutting out the middle man as you (rather, your server) are you.
And Unbound needs to ask other DNS servers on the internet to resolve DNS queries.
It asks the authoritative nameservers, which is who external DNS servers ask. By using Unbound, you are cutting out those external DNS servers, because you/Unbound is the DNS server. You are asking the authoritative name server directly instead of inserting someone else to ask on your behalf.
Here’s an explanation by Cloudflare: A recursive resolver (also known as a DNS recursor) is the first stop in a DNS query. The recursive resolver acts as a middleman between a client and a DNS nameserver…Most Internet users use a recursive resolver provided by their ISP, but there are other options available; for example Cloudflare’s 1.1.1.1.
I copy/pasted the above quote from the article you linked. Again, Unbound (your machine) is asking the DNS nameserver. You’re saying you are your own middleman lol. I’m saying cut out Cloudfare’s recursive resolver and run your own via PiHole and Unbound. Did you read the article I linked?
tl;dr: Cut out Cloudfare’s recursive resolver (or anyone else’s) and run your own via PiHole and Unbound.
Tell me you didn’t read the article without telling me you didn’t read the article. Let me point out the relevant part for you:
“A recursive resolver (also known as a DNS recursor) is the first stop in a DNS query. The recursive resolver acts as a middleman between a client and a DNS nameserver. After receiving a DNS query from a web client, a recursive resolver will either respond with cached data, or send a request to a root nameserver, […]”
See that last part with “or send a request to a root nameserver”? That is the DNS server on the internet your Unbound DNS server will ask if it doesn’t have the answer cached for you already.
Umm, Unbound is on your machine. So you’re saying you are your own middle man lol…
Exactly! Since the Unbound DNS server is your server you created your middle man server yourself. “middle man” has a very negative taste but in this case it really isn’t bad at all.
It asks the authoritative nameservers, which is who external DNS servers ask. By using Unbound, you are cutting out those external DNS servers, because you/Unbound is the DNS server. You are asking the authoritative name server directly instead of inserting someone else to ask on your behalf.
Okay, so you get it but you don’t get it fully. Again: Your Unbound DNS server can’t magically know which IPs are behind a domain name. So what does it do? It asks a DNS server on the internet because they know the answer. When you Unbound DNS server got the answer it then tells your computer.
Unbound (your machine) is asking the DNS nameserver.
YES! And where do you think is the DNS server Unbound asks if it doesn’t know the answer because it’s not cached yet? It’s some server on the internet.
You’re saying you are your own middleman lol.
I said you create your own middle man. Unbound is your middle man in this case because you make it look up the IPs behind the domains and it tells your computer these IPs then.
Instead of:
\ –> asks –> \ –> answers –> \
You do:
\ –> asks –> \ –> asks –> \ –> answers –> \ –> answers –> \
Let me say it again: Your Unbound DNS server being the middle man isn’t a bad thing so please don’t think “middle man” is always a negative term.
I’m saying cut out Cloudfare’s recursive resolver and run your own via PiHole and Unbound.
I just linked Cloudflare’s article about it because they explain it well. Doesn’t mean one must use Cloudflare’s DNS servers.
Did you read the article I linked?
Yes, I did. But I knew what a recursive resolver is before I checked the link because I’m a professional IT administrator and I know how DNS works. It’s part of my job.
Trust me, I fully get it. You are trying to be pedantic and “technically correct,” Um Actually style. I am speaking from the perspective of this sub (privacy and enhancing it). You are your network. You are not a middleman in the context of yourself or your network. You are not losing privacy in relation to yourself. That’s being ridiculous. It’s like saying “I didn’t cook this steak at my house, um actually, my stove and pan did. Well, they (and I and the butter/oil) were the middleman. Let’s not forget the fire. Etc.” Again, ridiculous.
Also, you’re right in that you have to ask a DNS server to resolve a name to an IP. But in this context, DNS servers ask the root name server. Those DNS servers are the middlemen, rootname is not. With Unbound and recursive, you are asking the authoritative root name server. They are not a middleman to themselves…they are the authority in DNS (it’s in the name). Also, Unbound as Recursive does answer the question of OP which was “what DNS to use?” When you configure a recursive resolver, you don’t (shouldn’t) change it away from the root nameservers and insert a middleman (someone/something you don’t control), and it doesn’t do it by default. OP was clearly asking about non-authoritative DNS servers to use aka “should I use Quad9, CloudFlare, etc?” And my answer was…none. Cut out those middlemen that don’t need to be there/asked (which takes away some privacy as you’re asking a person who doesn’t need asked), and ask the root nameservers yourself via Unbound recursively.
You seem to be stuck talking from the perspective of the client/PC. Next, are you gonna say “you’re not actually going to the site. You’re going to the switch, then the router, and a firewall, maybe traversing a DMZ, could be a proxy in there, then going through the core backbone routers of the internet, down into their network. Of course, if there’s a VPN in there, that changes things. Let’s not forget the middleman of your own NIC and CPU, not to mention the keyboard, motherboard, mouse, etc. Oh, of course fiber and cabling. Those are all middlemen.” Do you see how fundamentally ridiculous that is?
Anyway, sorry for not reading all of that, but I’ll make it short and stop discussing because I feel like this is leading nowhere.
Unless you’re using hyperlocal and cover all TLDs and wanna browse the internet there’s technically no way around but to use an online DNS server. So coming back to the privacy aspect of this topic the question is: Which one do you trust?
As I’ve said before: myself. Using unbound as a recursive resolver and cutting out the middlemen of CloudFlare, Quad9, Google, etc.
Edit: or do you want the authoritative name/root servers my recursive resolver asks? Ok. I didn’t give these as that’s who everybody asks, to include Google, Quad9, etc…hence me harping on saying cutting out those middlemen and asking the root servers directly. https://www.iana.org/domains/root/servers
You don’t cut the middle man, you create the middle man with Unbound. And Unbound needs to ask other DNS servers on the internet to resolve DNS queries. Your local DNS server can’t just magically know which IP is behind a domain like for example google.com. It needs to ask other DNS servers that know the answer. So unless you’re not using hyperlocal you will always need a DNS server on the internet to browse the web.
Here’s an explanation by Cloudflare.
tl;dr: Cut out Cloudfare’s recursive resolver (or anyone else’s) and run your own via PiHole and Unbound.
Umm, Unbound is on your machine. So you’re saying you are your own middle man lol…which is the same as cutting out the middle man as you (rather, your server) are you.
It asks the authoritative nameservers, which is who external DNS servers ask. By using Unbound, you are cutting out those external DNS servers, because you/Unbound is the DNS server. You are asking the authoritative name server directly instead of inserting someone else to ask on your behalf.
I copy/pasted the above quote from the article you linked. Again, Unbound (your machine) is asking the DNS nameserver. You’re saying you are your own middleman lol. I’m saying cut out Cloudfare’s recursive resolver and run your own via PiHole and Unbound. Did you read the article I linked?
Tell me you didn’t read the article without telling me you didn’t read the article. Let me point out the relevant part for you:
“A recursive resolver (also known as a DNS recursor) is the first stop in a DNS query. The recursive resolver acts as a middleman between a client and a DNS nameserver. After receiving a DNS query from a web client, a recursive resolver will either respond with cached data, or send a request to a root nameserver, […]”
See that last part with “or send a request to a root nameserver”? That is the DNS server on the internet your Unbound DNS server will ask if it doesn’t have the answer cached for you already.
Exactly! Since the Unbound DNS server is your server you created your middle man server yourself. “middle man” has a very negative taste but in this case it really isn’t bad at all.
Okay, so you get it but you don’t get it fully. Again: Your Unbound DNS server can’t magically know which IPs are behind a domain name. So what does it do? It asks a DNS server on the internet because they know the answer. When you Unbound DNS server got the answer it then tells your computer.
YES! And where do you think is the DNS server Unbound asks if it doesn’t know the answer because it’s not cached yet? It’s some server on the internet.
I said you create your own middle man. Unbound is your middle man in this case because you make it look up the IPs behind the domains and it tells your computer these IPs then.
Instead of:
\ –> asks –> \ –> answers –> \ You do:
\ –> asks –> \ –> asks –> \ –> answers –> \ –> answers –> \ Let me say it again: Your Unbound DNS server being the middle man isn’t a bad thing so please don’t think “middle man” is always a negative term.
I just linked Cloudflare’s article about it because they explain it well. Doesn’t mean one must use Cloudflare’s DNS servers.
Yes, I did. But I knew what a recursive resolver is before I checked the link because I’m a professional IT administrator and I know how DNS works. It’s part of my job.
Trust me, I fully get it. You are trying to be pedantic and “technically correct,” Um Actually style. I am speaking from the perspective of this sub (privacy and enhancing it). You are your network. You are not a middleman in the context of yourself or your network. You are not losing privacy in relation to yourself. That’s being ridiculous. It’s like saying “I didn’t cook this steak at my house, um actually, my stove and pan did. Well, they (and I and the butter/oil) were the middleman. Let’s not forget the fire. Etc.” Again, ridiculous.
Also, you’re right in that you have to ask a DNS server to resolve a name to an IP. But in this context, DNS servers ask the root name server. Those DNS servers are the middlemen, rootname is not. With Unbound and recursive, you are asking the authoritative root name server. They are not a middleman to themselves…they are the authority in DNS (it’s in the name). Also, Unbound as Recursive does answer the question of OP which was “what DNS to use?” When you configure a recursive resolver, you don’t (shouldn’t) change it away from the root nameservers and insert a middleman (someone/something you don’t control), and it doesn’t do it by default. OP was clearly asking about non-authoritative DNS servers to use aka “should I use Quad9, CloudFlare, etc?” And my answer was…none. Cut out those middlemen that don’t need to be there/asked (which takes away some privacy as you’re asking a person who doesn’t need asked), and ask the root nameservers yourself via Unbound recursively.
You seem to be stuck talking from the perspective of the client/PC. Next, are you gonna say “you’re not actually going to the site. You’re going to the switch, then the router, and a firewall, maybe traversing a DMZ, could be a proxy in there, then going through the core backbone routers of the internet, down into their network. Of course, if there’s a VPN in there, that changes things. Let’s not forget the middleman of your own NIC and CPU, not to mention the keyboard, motherboard, mouse, etc. Oh, of course fiber and cabling. Those are all middlemen.” Do you see how fundamentally ridiculous that is?
Looks like my answer wasn’t saved, great…
Anyway, sorry for not reading all of that, but I’ll make it short and stop discussing because I feel like this is leading nowhere.
Unless you’re using hyperlocal and cover all TLDs and wanna browse the internet there’s technically no way around but to use an online DNS server. So coming back to the privacy aspect of this topic the question is: Which one do you trust?
As I’ve said before: myself. Using unbound as a recursive resolver and cutting out the middlemen of CloudFlare, Quad9, Google, etc.
Edit: or do you want the authoritative name/root servers my recursive resolver asks? Ok. I didn’t give these as that’s who everybody asks, to include Google, Quad9, etc…hence me harping on saying cutting out those middlemen and asking the root servers directly. https://www.iana.org/domains/root/servers
And…who do you trust?