this post was submitted on 11 Aug 2025
29 points (93.9% liked)

Selfhosted

50456 readers
342 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
29
DNS server (lemmy.world)
submitted 3 days ago by iturnedintoanewt@lemmy.world to c/selfhosted@lemmy.world
32 comments fedilink hide all child comments
 

Hi guys! So...I have a self-hosted DNS server. Initially I'd use pihole, with unbound, and the more or less basic blocklists. But from time to time things would start acting wonky. Sometimes a reboot would fix it. Sometimes...not really and I was really not sure what was going wrong, but it was clearly DNS. Changing the clients settings from my own server to something like 9.9.9.9 would immediately get it sorted out.

So I went with an adguard server. In the last few days I've started to notice weird behaviors. Today I've lost the Azure desktop I was connected, and it was very clearly looking like DNS. So I checked...and yup, 9.9.9.9 again would sort it all out. So...I'm not sure what's going wrong. I'm selfhosting these on an LXC container in proxmox. Nothing else seems to have issues connecting, and I see almost no resources being used. Any ideas? Any other DNS server I might be able to try?

Thanks!

you are viewing a single comment's thread
view the rest of the comments
[–] InnerScientist@lemmy.world 4 points 3 days ago (1 children)

Pi-hole forwards the requests to another DNS server. Unbound can ask the root servers and go down the DNS chain.

[–] Onomatopoeia@lemmy.cafe 2 points 2 days ago* (last edited 2 days ago) (1 children)

Guess I'm not following, both still have to request from other (upstream) DNS servers, so what does unbound add?

Thanks!

[–] InnerScientist@lemmy.world 2 points 2 days ago (1 children)

Forwarding: just passes the DNS query to another DNS server (e.g. your ISP's). Home routers use forwarding to pass DNS queries from your home network's clients to your ISP's DNS servers. For example, for foo.example.com, a forwarding DNS server would first check its cache (did it already ask this question before), and if the answer is not in its cache, it would ask its forwarder (your ISP's DNS server) for the answer, which would respond with either a cached response, or would perform recursion until it figured out the answer.

Recursion: the DNS server receiving the query takes it upon itself to figure out the answer to that query by recursively querying authoritative DNS servers for that domain. For example, for foo.example.com, a recursor would first query the root servers for what DNS servers are responsible for the .com TLD, then it would ask those servers for example.com, then it would query the servers for example.com for foo.example.com, finally getting the answer to the original query.

Copy-pate from here.

Basically, it remove one middle man from the DNS resolving.

[–] Onomatopoeia@lemmy.cafe 2 points 2 days ago* (last edited 2 days ago) (2 children)

Cool, thanks for the clarification. This is good info to have in here in general.

So unbound by default discovers other DNS servers, if I'm understanding that correctly. I've never used it, does it not use your ISP's DNS by default, or does that depend on user config?

What if your PiHole is configured to use other than your ISP's DNS?

[–] pishadoot@sh.itjust.works 1 points 2 days ago (1 children)

If pi hole is configured to use another DNS it will still forward your request, just not to your ISP DNS server. Essentially you're providing your DNS requests to a 3rd party, for a slight boost to performance (because they'll have tons of stuff cached and can do recursive queries faster if you're requesting a site not in their cache.) Your web pages will load faster because you don't have an SBC trying to manually figure out what's the IP for bigfuckdaddyhairbrushemporium.net

The downside is you're exposing your DNS queries to a 3rd party and it's a bit of a privacy hit, as the upstream DNS server you select has your public IP correlated with your DNS requests. Doesn't really matter to most, but it does for some.

[–] Onomatopoeia@lemmy.cafe 1 points 10 hours ago

Thanks for the clarification.

How is that different than unbound? Isn't it also forwarding requests?

[–] InnerScientist@lemmy.world 1 points 2 days ago* (last edited 2 days ago) (1 children)

There are 13 root name servers, they container info about which DNS is authorative (can tell you about) a given TLD (like .com or .de) then that repeats for every part of your query with that given server.

Something
^ most of the time the same as.
Foo.
^ DNS for baz or bar dns again.
Bar.
^ DNS for Bar.
Com.
^ DNS server for the .com tld

^ the one unbound asks first, not part of the domain

Giving us the IP of something.foo.bar.com
Though the DNS name would be something.foo.bar.com.

The root server ips are known to unbound and static.

Then it will ask that server? Like I said unbound remove the middle man and somewhat increases privacy (debatable if only you use it but anyway)

[–] Onomatopoeia@lemmy.cafe 1 points 10 hours ago* (last edited 10 hours ago) (1 children)

Ah, unbound has the root DNS servers hard coded. That's a significant point.

Any reason you couldn't do the same with any other DNS server such as PiHole?

I'm really trying to understand why I'd run two DNS servers in serial, instead of one. All this sounds like it's just a different config that (in the case of unbound) has been built in - is there something else I'm missing that unbound does differently?

Why couldn't you just config the TLD's as your upstream DNS in whatever local DNS server? Isn't that what enterprises do?

[–] InnerScientist@lemmy.world 1 points 8 hours ago* (last edited 8 hours ago)

Because pi-hole asks the configured DNS the whole domain, the root server will promptly because that's not how DNS is supposed to work.

There's a difference between asking about the individual domain parts of the domain to the corresponding authorative DNS server and just sending the whole thing to a root server. If you did that then the root server would get ddosed to death.
Pi-hole can't ask the root servers, it can only forward. Unbound can forward or be authorative or ask using the root servers and go down the chain or do all of those at once.