Do you use a DNS, does it have any benefits ?

My UDM SE is configured to get its DNS from an Ubuntu VM with Adguard Home installed which I have deployed in Oracle Cloud's free tier. I have the Oracle Cloud security set to only accept requests from my static IPv4 address, as well as my /56 IPv6 range, plus 443 and 22 again from my home addresses. I then installed certificates on it and enabled HTTPS. Its forwarder is set to Quad9 only. I've never had a single issue with it since deployment and it's super fast. If it breaks I could have it back up within 30 mintutes as I've saved all of the steps I did.
 
chrcoluk said:
I used to use my own personal DNS server years ago hosted in a DC, but now not viable as it gets me banned on Prime, Netflix etc. It triggers their anti VPN code.

I do use now however cloudflare DNS, the anitmalware version. I also use it as encrypted HTTPS DNS.

Benefits are makes harder for ISP to snoop on your activity, more reliable (I feel ISP dns in past had reliability issues), and if you pick something like anti malware there is security benefits as well.

This is all also cached locally on my firewall which also has filters in place, so my entire LAN benefits from local cache, and I redirect all external DNS queries via my firewall as its becoming more and more common for apps to try and use their own hardcoded DNS servers.

To clarify the firewall is pfsense, using "dns resolver" which is unbound, and I have cloudflare configured as the forwarder HTTPS version. For performance reasons you are going to get much more cache hits from using a heavily used forwarder vs doing direct queries.
Click to expand...
Thank you, im new to this so its a little confusing, I dont really understand everything, this maybe a little complicated for me.
ChrisD. said:
My UDM SE is configured to get its DNS from an Ubuntu VM with Adguard Home installed which I have deployed in Oracle Cloud's free tier. I have the Oracle Cloud security set to only accept requests from my static IPv4 address, as well as my /56 IPv6 range, plus 443 and 22 again from my home addresses. I then installed certificates on it and enabled HTTPS. Its forwarder is set to Quad9 only. I've never had a single issue with it since deployment and it's super fast. If it breaks I could have it back up within 30 mintutes as I've saved all of the steps I did.
Click to expand...
Thanks you,
So are you using VM to run Ubuntu which then runs ad guard home ?


Sorry to everyone if im asking dumb question, I'm new to all this so thing do get a little confusing for me, a lot of options but I don't fully understand everything, also I only use windows even on my micro server. so i dont really know about simple things like pi hole and other simple thing most of you do,

would it be simple to run for a novice like me or Maybe I should start with something simple and then look into it more as I go along ?
 
2013 said:
I do have a micro server running windows 10 which I've been using for plex, but ive not used linux a much.
What about using something like docker, I think docker does work on window but I have never used it.

this is the only other DNS Ive found with a ad blocker https://controld.com/free-dns?

Yes, I'm very new to all the and things are a little confusing complex, just trying to get my head around things.
Which DNS do you recommend for my need from the information I have provided ?

How could I do this (if the router is already announcing the PiHole/AGH as the DNS server.)

at this point Im getting more confused and starting consider using Quad9 or 1.1.1.1 and look in to the ads side at a later date.



Well that would be something else to learn, after learning how to linux (cant be too hard).:D:cry:
I do have a micro server for plex but Ive been running windows.
Click to expand...
I've not heard of Controld and haven't heard of anyone else trying them so I wouldn't jump to them yet.

Docker will work. I've also never used it though so it's outside my experience, but have seen a few using it to run PiHole on their Windows servers.

If you want to try the Docker method then go with PiHole, it's more mature and very light to run. Once it's up and running in the router settings you just put in the IP address of your Windows server in the DNS settings.

As for using a public DNS instead of your own so you don't need to fiddle with Docker, either Quad9, or if you want adblocking, Adguard's public DNS.

Personally using Cloudflare but that's more for performance reasons. They do claim better privacy than your ISP and Google's DNS, but Quad9 is still more trusted in that area.
 
ChrisD. said:
My UDM SE is configured to get its DNS from an Ubuntu VM with Adguard Home installed which I have deployed in Oracle Cloud's free tier. I have the Oracle Cloud security set to only accept requests from my static IPv4 address, as well as my /56 IPv6 range, plus 443 and 22 again from my home addresses. I then installed certificates on it and enabled HTTPS. Its forwarder is set to Quad9 only. I've never had a single issue with it since deployment and it's super fast. If it breaks I could have it back up within 30 mintutes as I've saved all of the steps I did.
Click to expand...

What sort of responce times are you getting.
I've been looking for another solution for a while now.
 
If you want the malware filtered version of cloudflare it is 1.1.1.2

cloudflare also have an android app making it super easy to use on your mobile network.
 
Last edited:
I use Cloudflare (1.1.1.1)
The main reason I do is just to make life as difficult as possible for anyone trying to collect my data.
But that's just one precaution I take, of many.
 
I don't trust anyone with my data so I have an internet directory of every site and their IP address. When I want to go to a web site, I look it up in the directory and type the IP in manually. Who needs DNS?

/s
 
Orcvader said:
I've not heard of Controld and haven't heard of anyone else trying them so I wouldn't jump to them yet.
Click to expand...
ControlD are the customisable DNS service run by Windscribe VPN. They're reputable as far as these things go. OP, it sounds like you're quite a bit of learning behind being able to run your own server, let alone safely and reliably. First learn Linux, basic networking and how DNS works, and then add the services (AdGuard Home) on top of your existing knowledge base.

Custom DNS services which allow you to block ads and trackers include NextDNS, AdGuard DNS (free service isn't customisable but will block ads, the personal/paid service allows you to set everything up yourself on their website), RethinkDNS, DNSWarden (and more).

If you're choosing blocklists, whether for your own use or on a provided service, Hagezi Pro++ is about the best set and forget comprehensive list you can get - no other lists required. It's more aggressive than OISD but tends to not have any false positives (your naughty sites, payment gateways and shopping will all work fine). Those two names won't mean anything to you yet, but by the end of the week they ought to (if you read around).

Edit: As an easy 'how to do this' guide rather than a 'how this all works from the ground up, and how to run your own' guide, check out Yokoffing's NextDNS config guide on Github. NextDNS is probably the fastest customisable DNS service you can get and it's cheap per year. You can follow the linked guide to set it up safely - again I'd recommend just using Hagezi's Pro++ list only and see how you get on.
 
Last edited:
2013 said:
Hi I was wondering if you use a DNS instead of the ISP DNS ?
Ive been thinking if I should start using a DNS instead

I was wondering if it had any benefits like more privacy, slight speed increases, ad blocking and more ?

also what are the downsides ?

Could someone recommend a good DNS you would use.
Click to expand...
I use 8.8.8.8 or 1.1.1.1

I do it because Virgin routers block naughty websites and I can’t be bothered to call them up to have the family filter deactivated.
 
You must log in or register to reply here.
Back
Top Bottom