Local DNS: AdGuard with Unbound on OPNsense

Using Unbound DNS for local hosts. DHCP is set to point all devices to an AdGuard Home dns server for internet filtering and recursive lookups. AdGuard runs on a small standalone server. AdGaurd forwards any local queries to unbound for local host IPs. In the event Unbound is queried for non-local hosts, DNS over TLS is set for anonymity. Using Cloudflare’s Family Filter for extra protection. Using Quad9 as backup if cloudflare isn’t reachable.

Cloudflare IP’s and URL’s
  • DNS:53
    • 1.1.1.1 = unfilterd
    • 1.1.1.2 = security: malware filter
    • 1.1.1.3 = family: malware + adult content filter
  • TLS:853
    • tls://one.one.one.one or 1.1.1.1:853
    • tls://security.cloudflare-dns.com
    • tls://family.cloudflare-dns.com
  • HTTPS:443
    • https://cloudflare-dns.com/dns-query
    • https://security.cloudflare-dns.com/dns-query
    • https://family.cloudflare-dns.com/dns-query

Cloudflare DNS Test


Diagram

DNS Diagram


AdGuard Home

DNS Settings


Unbound

General Settings

Overrides

Local Hostnames to IP’s

DNS over TLS

Danny Eckes
Danny Eckes

Welcome to my personal blog! This site is dedicated to my personal interests in IT, Photography, and Cooking. Running an IT homelab and needed a website for proof of concept and constant tinkering. I figured recipes would make good content. Let's face it, finding recipes online can be challenging! Between navigating past countless ads and lengthy superfluous instructions, it takes far too long to find the actual recipe. Posting recipes here for my quick reference. Hope you can find them useful as well. Pictures (taken with mobile) and instructions written for myself.

Articles: 59