Unbound

1. Description

Unbound is a validating, recursive, caching DNS resolver.

2. Configuration

Using Unbound and Pi-hole on DietPi (installed with dietpi-software)

diff -u --label /home/alan/repos/3p/dietpi/.conf/dps_182/unbound.conf --label /ssh\:framboise\:/etc/unbound/unbound.conf.d/dietpi.conf /home/alan/repos/3p/dietpi/.conf/dps_182/unbound.conf /home/alan/.cache/emacs/tramp.cbZOhP.conf
--- /home/alan/repos/3p/dietpi/.conf/dps_182/unbound.conf
+++ /ssh:framboise:/etc/unbound/unbound.conf.d/dietpi.conf
@@ -16,9 +16,9 @@
 
        # Set interface to "0.0.0.0" to make Unbound listen on all network interfaces.
        # Set it to "127.0.0.1" to listen on requests from the same machine only, useful in combination with Pi-hole.
-       interface: 0.0.0.0
+       interface: 127.0.0.1
        # Default DNS port is "53". When used with Pi-hole, set this to e.g. "5335", since "5353" is used by mDNS already.
-       port: 53
+       port: 5335
 
        # Control IP ranges which should be able to use this Unbound instance.
        # The DietPi defaults permit access from official local network IP ranges only, hence requests from www are denied.
@@ -46,7 +46,7 @@
        do-udp: yes
        do-tcp: yes
        do-ip4: yes
-       do-ip6: yes
+       do-ip6: no
 
        # Maximum number of queries per second
        ratelimit: 1000

Diff finished.  Tue Jan 13 23:40:38 2026

DNS over TLS configuration file

# /etc/unbound/unbound.conf.d/dietpi-dot.conf

server:
    # DNS over TLS
    tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
    forward-zone:
      name: "."
      forward-tls-upstream: yes
      forward-addr: 9.9.9.9@853#dns.quad9.net

Unbound

Table of Contents

1. Description

2. Configuration

3. References