So I’ve been a pihole user for a long long time…but seeing the advancements in AdGuard Home and some of the nicer UI facets, I was interested in giving it a try. I also have an active directory domain that I need to manage as well.
So, prior to recently, I had routed all DNS requests thought the AD DCs, and their upstream resolver was PiHole, and then Pihole routed to its internal install of cloudflared with DNS over HTTPS to the cloudflare DNS services.
More recently, I changed my DNS services in DNS to point directly to pihole, managed my local dns records in pihole and then used conditional forwarding to my AD DCs for local DNS resolution. The biggest benefit I saw in this adjustment is that I can identify what hosts are making what requests.
More recently than that, I brought Adguard Home into the environment and am using it as a secondary DNS server. I ended up taking it out of the mix for the moment. My thought process was having one DNS server on each of my active VM hosts just in case…but managing internal DNS records in adguard home is a bit of a pain in the ass, and there is no way to import in bulk.
So, the questions, 1) do you just use one or the other… pihole, vs adguard home… 2) do you use multiple dns servers or just a single one upstream…3) whats your preferred method of internal dns management in conjunction w/ pihole/adguard home?
Opnsense Unbound
I use nextdns as I can use that when mobile but if you want a local solution adguard home has DOH/DOT built in and a nicer interface than pihole IMHO
Pinhole+unbound
clients>pihole>unbound
Same. Although I really wish Pihole supported wildcard domains in local DNS. I haven’t quite figured out how to add wildcard domain with unbound.
It does, but you have to tinker a bit more than usual. Because pihole uses dnsmasq, you can modify the dnsmasq configuration file to allow for wildcard subdomains. Unfortunately, while this will be picked up by pihole, you can view or modify it through their Web interface, so it’s much less convenient.
Wait, is your unbound querying the root servers directly? Aren’t services that use cdn having their performance affected ?
I use Unbound as a DNS resolver and pfBlockerNG for ad blocking. My firewall blocks external DNS, DoH, & DoT servers except for dns.adguard-dns.com, which I use on my phone.