unbound does dns over tls using tcp only. possibly the issue?
i'm not familiar with the private internet access dns or your include conf
hopefully someone that has mixed a vpn and unbound see this so they could help
Top question is incorrect since one can use UDP were as TCP will slow request down with regards to DNSSEC and as for PIA, this has no bearing when this is disable as there is no differences.
i stand by my comment of unbound doing dns over tls tcp only
i've found dnssec is sped up if you enable ipv6
*
just noticed you don't have the tls cert bundle setting in your unbound conf
tls-cert-bundle: "/etc/ssl/ca-bundle.crt"
When it comes to IPv6 and VPN services there is plenty of info with regards to this leaking protocol, still no go, did you disable the "Use DNSMasq for DNS"?
unbound.conf has to be in /jffs/etc folder or doesn't work.
E900, yeahuh that is correct --- glad you finally told'em
DD-WRT default 'unbound' looks to '/jffs/etc/' for its unbound.conf ...if not there it creates its own and uses '/tmp/unbound.conf'
Server IP/Name: 216.239.35.0 or 216.239.35.12 (Google NTP servers)
.
Do we really need those ntp servers or we can use closer one. I use one from pool.ntp.org
?
Set 'Time Zone'
Leave 'Server IP/Name' blank
has always worked for me ....and I don't care what the silly DD-WRT 'unbound' wiki says. Mine has always been blank using unbound or not. DD-WRT will resort to NTP IP and do it all just fine by itself.
Joined: 05 Mar 2018 Posts: 21 Location: In your Heart
Posted: Tue Apr 28, 2020 10:31 Post subject:
jauch888888 wrote:
Do we really need those ntp servers or we can use closer one. I use one from pool.ntp.org?
You need to use an IP address for the NTP server instead of the domain name.
http://www.pool.ntp.org/zone/@
Pick your zone and then look up the ip for that domain.
has always worked for me ....and I don't care what the silly DD-WRT 'unbound' wiki says. Mine has always been blank using unbound or not. DD-WRT will resort to NTP IP and do it all just fine by itself.
In DNSCrypt v2 (DoH) if you do not use the IP address of the NTP server and use the domain name, DNSCrypt v2 does not work and you cannot surf the Internet, that's why I always use the IP address of the NTP server, to avoid problems.
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Thu Apr 30, 2020 7:17 Post subject:
jauch888888 wrote:
the best is to use 2 dns servers from the same provider? and I guess two is enough, dont need to add 3 or 4?
btw, a big difference in latency, I tested with namebench, cache latency bench, no DoT (my isp dns servers vs 4 dns servers (DoT) one at the time.
my isp - 44 ms average vs 150 to 300ms for clean browsing, adguard, quad9, cloudflare etc..
thanks
encrypted vs non-encrypted - it takes resources and time...
ISP vs public DNS - witch is close ??
so what you expect...?
ISP DNS is it safe and they do not collect logs ??
Public Encrypted DNS (DoT), how did you test it... what did you use, any settings to share expose, otherwise how could we guess?
When you need help, be more specific...what did you do, what settings you had, different try's and so on... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
the best is to use 2 dns servers from the same provider? and I guess two is enough, dont need to add 3 or 4?
btw, a big difference in latency, I tested with namebench, cache latency bench, no DoT (my isp dns servers vs 4 dns servers (DoT) one at the time.
my isp - 44 ms average vs 150 to 300ms for clean browsing, adguard, quad9, cloudflare etc..
thanks
encrypted vs non-encrypted - it takes resources and time...
ISP vs public DNS - witch is close ??
so what you expect...?
ISP DNS is it safe and they do not collect logs ??
Public Encrypted DNS (DoT), how did you test it... what did you use, any settings to share expose, otherwise how could we guess?
When you need help, be more specific...what did you do, what settings you had, different try's and so on...
As I wrote, I used namebench and I tested the cache latency.
the performance between router and a DoT server. So I configured DoT on the router to use only the one server i want to test. Then setup namebench so that it only testing router's IP address and only testing 100 % cache misses.
I have R7800 and last build.
EDIT: finaly I found the fastest, is the new one, next DNS... impressive.
40ms latency, stubby