[Question] Unbound and AdGuard Home with OpenWrt?

hexagonwin@lemmy.sdf.org to Selfhosted@lemmy.world – 14 points –

Hello. I just upgraded my ramips router (ipTIME A3004NS-dual, 256mb ram, 64GB USB) to OpenWrt 23.05, so far it's working well. I'd like some extra privacy (my country is known to do some internet censoring) and filter connections to sites I do not want (advertisements, telemetry) and AdGuard Home paired with Unbound seems perfect for this.

Before upgrading I used to run a DoH setup on OpenWrt with CloudFlare's DNS, but I now want to remove dependencies to these public 'private' DNS servers.

I did try searching a lot, but unfortunately as I'm pretty new to networking and hosting things I'm not quite able to understand what I read. Some guides mention using Unbound but still does setup Google/CloudFlare DNS, is that used as a fallback of some sort?

If someone has already done something similar I'd very much appreciate some guidance on how this should be done.. Thanks!

EDIT: I think I got it working.. but I'd be glad if someone can please tell me a way to test it. dnsleaktest.com shows "None" for hostname..

I followed [1] to install unbound, then changed unbound's port to 5353, set AdGuardHome's port to 53 and set AdGuardHome's DNS settings (Upstream, Bootstrap, Private reverse) to 127.0.0.1:5353. After a reboot it seems to work properly, except that I can no longer connect to other machines using their hostnames. (Previously I could just ssh the machine darkstar using ssh hexagonwin@darkstar, now I need to ssh hexagonwin@192.168.1.XXX) [1]: https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#replacing_dnsmasq_with_odhcpd_and_unbound

2

I use unbound forward DNS over TLS to nextdns, I try to keep it simple.

Yeah, but I'm wanting to only connect to 'root DNS' servers (is that the right term?) instead of servers like NextDNS or Cloudflare. Anyway, my configuration is working now, I should probably document them later..