Using Unbound DNS for local hosts. DHCP is set to point all devices to an AdGuard Home dns server for internet filtering and recursive lookups. AdGuard runs on a small standalone server. AdGaurd forwards any local queries to unbound for local host IPs. In the event Unbound is queried for non-local hosts, DNS over TLS is set for anonymity. Using Cloudflare’s Family Filter for extra protection. Using Quad9 as backup if cloudflare isn’t reachable.
Cloudflare IP’s and URL’s
- DNS:53
- 1.1.1.1 = unfilterd
- 1.1.1.2 = security: malware filter
- 1.1.1.3 = family: malware + adult content filter
- TLS:853
- tls://one.one.one.one or 1.1.1.1:853
- tls://security.cloudflare-dns.com
- tls://family.cloudflare-dns.com
- HTTPS:443
- https://cloudflare-dns.com/dns-query
- https://security.cloudflare-dns.com/dns-query
- https://family.cloudflare-dns.com/dns-query
Diagram
AdGuard Home
DNS Settings
Unbound
General Settings
Overrides
Local Hostnames to IP’s
DNS over TLS
