Unbound is a great, self-hosted DNS server that you can run easily at home. It's highly customizable and efficient and can vastly improve the built-in DNS cache and resolver in your router. It's a project everyone can tackle, and while it can be intimidating at first, setting up a DNS server can have huge benefits for your network. Here are some of our top reasons why we think, in no particular order, everyone should set up a home unbound DNS server.
4 Unbound can improve your privacy
DNS-over-TLS and DNS-over-TLS can
Hosting your own DNS server can come with a host of privacy improvements, helping to protect your online presence and household from unwanted snooping or targeted advertising. Unbound supports DNS-over-TLS and DNS-over-HTTPS, two technologies that encrypt your DNS requests. This prevents any unwanted actors from sniffing the websites you're visiting. Although your traffic is encrypted via HTTP, each website visit necessitates a DNS request for its IP address. This request is typically in plaintext if using standard DNS and is easy to intercept. If you're on a Wi-Fi network, anyone else on the network (or with the password, without necessarily being connected) could promiscuously sniff all DNS requests from each device and build up a profile over time of each device's DNS habits. Similarly, your DNS server provider (even something like 8.8.8.8 or 1.1.1.1) or ISP could profile your IP address to build up an advertising profile of the types of users that live in your household.
You may not think this is a lot of information to share. Still, your rough location and timing of requests are enough to build up a fairly comprehensive picture of who you're likely to be, and some of the advertising insights this can offer can be more intrusive than you might think.
We should note that there's a lot of argument/discussion online about the benefits of DNS-over-TLS versus DNS-over-HTTPS and the benefits running your own DNS recursive resolver external to your network can bring. If you're seriously concerned about your privacy, researching this issue is a good way to get started understanding what works for you.
Other DNS servers support DNS-over-TLS and DNS-over-HTTPS, but Unbound gives you the option to force this for all recursive (i.e., external) DNS requests
3 Improved latency and caching response times
Reduce the amount of requests you're making before hitting a webpage
Close
Another great reason to run your own DNS caching server and resolver with unbound is to improve caching and response times for your queries. This can make your internet browsing experience feel noticeably faster, especially if you're using an old, clunky ISP-provided router for your network DNS resolver. By offering higher performance (and, in theory, lower latency), the IP address of websites you're connecting to is returned faster, allowing your browser to get on with the heavy lifting of downloading a webpage you're accessing quicker.
Additionally, having a large DNS cache available can help improve the ratio of cache hits to misses. This means you need to make fewer DNS requests to start with and more often hit your network-wide DNS cache for a standard webpage than wait extra milliseconds for a DNS request to be resolved. This might not feel like much, but it can make a noticeable difference in your internet browsing experience. It is a great way to improve your internet speed (especially the "feel" of snappiness) on your home connection.
This is important because while a lot of consideration goes into making webpages load quickly (and asynchronously), none of this can happen until the DNS request for the URL you've entered has returned. If not handled quickly, DNS can function as a significant bottleneck in the whole process of loading a webpage.
Related
How I made a home VPN with dynamic DNS for secure remote access
Never fret about IP changes again by combining your own self-hosted VPN with DDNS
Posts 1
2 It's a great learning experience
Level up your skills and improve your lab at the same time
There are plenty of other great reasons to host your own DNS server, but one that is a little more specific to unbound (as opposed to 'setup and forget' tools like Pi-hole) is that it's a great learning experience. DNS is a core internet protocol that is incredibly simple and deceptively complicated, as we've previously covered on XDA. Learning about how DNS works is an excellent introduction to understanding some other core network protocols like HTTPS and understanding how routing on the internet works more generally.
Unbound is a relatively simple tool with a lot of depth of configuration available, and tuning your DNS server to your exact needs, as well as setting up your own zoning and domains, is an excellent exercise for anyone looking to get into homelabbing, network engineering, or just as a developer looking to expand their skill set.
1 Run your own domains locally
Having internal domains is a huge improvement to your home lab
A final valid reason to run your own unbound server on your network is to support your internal domains. There's enormous potential here for everything from complex split-horizon DNS setups to just running your own internal domain. An internal domain is excellent for your home lab; you don't necessarily need to own the domain you're using or have it be a valid TLD. Even better, if your internet goes down, you won't be beholden to third-party DNS servers, meaning your local services, like your NAS or media server, won't go down alongside your internet. This is great, as nothing is more frustrating than your local copies of your media breaking along with your internet because your services refer to each other via DNS.
Having a local unbound server is a great addition to any home lab
Whether you're just getting started with your home lab, looking to upgrade your network, or want a fun learning experience, setting up your own DNS server at home with Unbound is a great way to gain some new skills and simplify connecting to your services. DNS on your router is often inflexible and clunky and can even hamper your performance, so this is an excellent all-around upgrade. We think that adding a DNS server to your network is one of the true 'everyone should try it' upgrades, and though learning about DNS can be a bit intimidating, it's worth it in the end.