I should clarify I wasn’t a upper level sys admin managing those servers, I just used them or maintained accounts being a rank and file technician
While I get the fundamental concept of DNS as a phonebook for your IPs. I am not sure why it is joked around if something goes haywire or someone breaks something.
Is it because if you get no DNS, people can’t log in through their AD accounts, browse the Internet?
Afaik DNS is a bit of a rabbit hole topic, maybe that’s why people joke about it due to DNS being this “No one really knows how this magic name matching box works”?
Please correct me, I’d genuinely like to know why this is prevalent from you guys.
100% of the internet depends on it, and 90% of technical people can’t be bothered to learn how it works and understand it. Partly because they only touch it once every 5 years. They get what they need done but don’t understand why it worked, so it ends up feeling like black magic to them.
The worst part isn’t even that they don’t understand it, but that they think they know everything about it after learning the basics. Suddenly you get people blocking port 53/udp “because DNS uses UDP” and people using .dev and .local as internal domain names.
Still not as misunderstood as NTP, though.
what’s wrong with .local?
It’s fine to use if you’re using it for Bonjour/mDNS (which is enabled by default on basically everything these days). If not, any computer in your network can take on a .local domain of their choosing and your computers will happily resolve it before hitting the DNS server, or you may end up in a race between normal DNS and mDNS. Or you can manually disable mDNS on every machine and hope nothing else causes conflicts, I guess.
If you need a TLD for fake internal domains, use .internal; that has recently been reserved for internal use and won’t end up in any standard protocols. There’s also a weaker blacklist list that’s part of the gTLD application process which includes .local, but that’s not necessarily set in stone.
If anyone you know claims to have expertise in the computer field and doesn’t know everything about DNS (there’s not much to know) then those people are clueless and by no means are they experts.
But there is. Between DNSSEC and EDNS you need to stay on top of stuff or your assumptions may be wrong. many supposed facts about DNS were assumptions by textbook authors that were invalidated years later, and that’s with the stuff that complies with the standards.
DNS from the 20th century was simple modern DNS really isn’t.
used to feel this way about dns until I setup my pihole. I love how dns controls so much behind the scenes.
DNS isn’t supposed to control that much PIhole is a hack, it would be more accurate to say PIhole controls so much behind the scenes. DNS is supposed to do exactly this domain.com->1.2.3.4 nothing more and nothing less anything else is a hack when cloud flair runs all your traffic traffic through a proxy that is them hacking the system domain.com->change-1.2.3.4
Does Pi Hole do anything Ad Guard’s Public DNS servers can’t? https://adguard-dns.io/en/public-dns.html seems easier this way which is why I ask.
what do you think is pointing adservers to a black hole and not being able to reach my home network?
The actual answer is a hosts list file that Unbound is augmenting within PiHole as a daemon. The entire core function of PiHole is leveraging Unbound. Without it, PiHole remains a useless GUI and minimal linux OS.
In fact, you can completely ditch PiHole, if you know what you’re doing, and simply run Unbound as a daemon in a minimal container and do exactly what PiHole does, or run it bare-metal on your own hardware instead of buying their overpriced devices.
I think I can spare the 55mb of ram my pihole container takes up
It’s crazy to read that when my Unbound has a 1.6 million host size block-list with regex filtered domains and uses at less than half that amount of RAM.
I’ll keep that in mind for the next time I need to run a DNS server on a Pentium II system
Or you can leverage that extra RAM to generate more of that weird AI furry porn you enjoy so much.
So happy to see someone explaining this because it’s always driven me crazy the amount of people pushing PiHole when you can do it so much more simply.
Is Pihole not the simpler way, since it configures Unbound for you?
Yes it’s simple but not the simplest way.
Does this block the ads itself or do I need additional configs?
PiHole blocks ad by using Unbound. Additional configs for what?
Like, when I install uBlock it comes with everything it needs. If I run Unbound does it block ads out of the box or do I need to point it to some list?
Unbound is a high-level DNS server. It needs you to provide it hosts in a list or provide it with regex scripts (for dynamic and more efficient blocking). It can block ads at the DNS level just like PiHole (because that’s literally what PiHole and AdGuard use under the hood, but add their fancy GUIs)
I would avoid it unless you know what you’re doing, and recommend reading the docs on their website and testing/breaking it within a Docker container.
It’s the difference between buying a car from a dealership (PiHole, AdGuard, etc) or building your own from scratch (Unbound). One is very limited, whereas building it and running it yourself you get to do way more than what’s spoon fed to you.
Playing real fast and loose with the term “technical people.” If you mean just in general people familiar with and comfortable with tech, yeah that’s fine. If you mean those who work or hobby in the IT industry, well then they’re not very good at their jobs and probably should not have those jobs.