You're running Pi-Hole wrong! Setting up your own Recursive DNS Server!

I should start making all of my tutorial passwords "solarwinds123".

People hating on Ubuntu Server for being boring have never worked in IT. You don't want interesting infrastructure.

"Use whatever you like, this isn’t the place for that argument." Great saying, I’m using that!

I appreciate how you actually say what keys you are pressing. A lot of videos and online tutorials just say "enter this" "type this there" without actually detailing the smaller steps. To someone just starting with all this stuff, it is very helpful. Thanks!

I came here because of the Pi-Hole + Unbound setup without knowing you're doing a beer review at the end. You got me with that. As a German usually not drinking industry-pilsener but always trying to get craftbeer from local breweries the last part made the tutorial perfect. I was able to smell the hops just by listening. Thanks!

This man has saved my life so much times. Im the only IT person at my job and his tutorials help me alot.

It is 1am and you literally made me get out of bed to setup Pi Hole as a recursive DNS server never thought I needed such thing in my life.

Packed content, accepting as many defaults as poss, concise explanations as you go - just perfect. Now pihole is setup for my domain controllers to forward dns queries too

Great video. I know this was Pi-Hole specific but 2 notes for others that are interested. You need to serve your Pi-Hole DNS IP to your network clients via your DHCP server otherwise its a manual setup on every single device and easy to bypass (as in change your DNS to something else) and the second related to the first is, on your firewall you should capture all DNS requests not going to / coming from Pi-Hole and then forward them back to Pi-Hole therefore making your Pi-Hole your exclusive internal DNS server and non by-passable. Some devices actually try use a hardcoded DNS ignoring your network DNS settings.

I keep coming back to this every time I change/upgrade things... cheers!

Thanks TH-cam for suggesting this video. I literally fell in love with the chancel.

Works great on the recent releases of Mint (20.1), just enter the "skip OS check" command Pi-Hole gives you after the first time you run it and it fails. After that, no problems at all. Thanks for the clear tutorial and also linking everything in the description. Well done.

Two years after watching this video for the first time, my comment is the same. You have to watch more than once but absolutely worth the effort. I rate this one of my top most useful videos. As I was a home brewer for years, back when Olympia and Coors was it, I enjoyed the hop talk.

Jeff slowly creeping his way to #1 on my list of favorite techtubers, well done sir

I just got my PiHole up and running and this is a great second step making it recursive. Thank you!

Had your video saved for a good long while till i finally got round to setting up unbound. Great tutorial. In 2023 worked perfeclty on my pre-existing PiHole setup. I made a balls up by not restarting the DNS service before pointing PiHole to Unbound. But after that everything is working. Thanks good sir!

Just wanted to drop a thanks!
I got a RasPi 0W for free a few days before you posted this, so it was perfect timing. My Pi-Hole w/ DNS has been working fantastically ever since.

Will definitely be setting recursive up. Great video, straight to the point!

Thanks Jeff!
I’ve been using pi-hole All Wrong for over a year! Thanks for the very detailed "how-to" video. It was very easy to follow and I had my extra rpi3 up and running with a fresh install of the os, pi-hole and unbound in less than 30 minutes!
Great job... Thanks again.

This is hands down one of the best tutorials I've come across.
I absolutely love your channel!

Love this! Already had a Pi 4 running Pi-Hole and your video just made that experience much better. Thanks, man.

That was super easy, thank you! Finally made use of an old B+ sitting around doing nothing.

This was a great video, perfect execution and easy to follow. Videos like these will make those starting out in the tech world enjoy what it has to offer... And make the experienced ones smile in agreement. ;)

Good one, never thought of that! Got this running on a Pi Zero now and it works great so far!

Dude, you solved two problems instead of one, I needed to create my own email server for my company and I was facing problems with local DNS, in addition to too many ads and dubious advertising! Thank you very much!

Right on time! I’ve been having some issue just this week setting up Pi-hole! Bro u always come in clutch!!

Thank you! I set up unbound after watching this and it was super easy.

Good job. Appreciate your miticulous and yet rapid progression. This style is well suited for recorded presentations where repeate is just a click away.

Excellent man, just excellent. I ran Pi-hole as a recursive DNS server for a while and then started to have problems. I can now see where I made my mistake. Thanks so much.

Thanks, this motivated me to finally put my dusty RPi 3 to good use.

Great video! I never really looked at Pi-Hole before (I thought it was specific to Pis). I've been doing adblocking using custom scripts to update lists and rebuild my BIND configs. I just tossed up a VM, followed your instructions mostly (changed the forwarder to my existing server with my BIND install), and gave it a quick test. I think I'll be setting up both networks to use this for blocking instead of the custom lists now (much easier to whitelist in as well). The stats are a nice bonus.

I tried getting Pi-hole running on a lubuntu install and had some trouble, found your video and immediately subbed, I look forward to learning a lot from you.

Nice, I've just started the Virtualising journey and now have this running in a container looking up via oVPN in another container thanks to another of your videos. Cheers!

The major downside to making your pihole setup a full recursive resolver, is that you lose the ability to do DNS over https which obfuscates your DNS lookups from your last mile provider (i.e. Comcast, Charter, Cox, etc). Additionally, if not properly secured, open recursive DNS resolvers can be and frequently are used as amplifiers in distributed denial of service (DDoS) attacks.

Great tutorial! I'll need to try out the recursive DNS setup. One thing I've done too is go into my router and setup DNS masquerading. That way any devices that have hard-coded DNS servers will automatically be forwarded to the PiHole. It's easy-ish to do on an Edgerouter X. However, I had to do something a little different when I upgraded to my UDM Pro. On the UDM Pro I basically allowed DNS requests from PiHole and dropped all other DNS requests from RFC1918 to WAN.

I wish i knew about unbound and making pi-hole recursive when i set this up last year. thanks you for posting this, and making it very straight-forward

Thank you very much!
My 12 year old fanless INTEL board was the recursive DNS here, running FreeBSD.
Electrolytic cap failure on the old INTEL motivated me to find a new HW platform for the DNS,
and thus my first Pi.
Working w/ FreeBSD makes me dizzy, not going back there again.
(And I started w/ UNIX system-3 on a PDP-11/70)….
Raspberry Pi OS looks very familiar to me, and I now, thanks to your fine tutorial, I have a new DNS!

awesome job with the video and great job on the linode placement!! flowed right in. hahah!!

When you clicked the video thinking the title said “you’re SAYING pi-hole wrong” and wondered what on earth was in an 18 minute video about semantics 😂

Thank you for this video, I didn't even know I was running Pi-Hole wrong!
Only one thing you maybe missed: you have to restart unbound service after adding the pihole configuration file.

Good job Craft Computing! Clear and straightforward. Thank you.

Awesome tutorial. Thanks for this. Could you consider doing a HA setup with 2 pi-hole servers? Both syncing all changes such as whitelists, blacklists and recursive DNS records etc.

Nice tutorial, I am glad to see someone else appreciates the recursive properties and actually made a high quality video on it! To anyone reading, DO NOT RUN THIS ON A VPS UNLESS YOU KNOW WHAT YOU ARE DOING.

Both of my pi-holes tweaked and making a big difference, thank you!

I just had to rebuild my pi-hole server. This guide is still valid. Only subtle changes since this came out.

This video made me a patreon/Merch buyer. Keep bringing us tools of the open web! Down with the Tech Oligarchy!

Thank for the very clearly explained video. Could you also create a guide to add Unbound as a docker container, to run alongside an existing Pi-hole container please? Preferably using Portainer. I'm still a little new to all this.

Received my Raspberry pi zero 2 W in the mail yesterday. Just gave it the recursive DNS server treatment. Working great! Thanks for the help.

Oh, nice. Also very easy to setup when you already have a running pihole.
Also, yes. that DNS Records section is so useful. .local domains are so much easier to remember than IP addresses.

This was a great tutorial and as one of the old linux types who always stands ready to debate distribution types, much respect to how you disarmed us. Nothing left for us to do except...
Nano? Seriously?
Real typers type on vi ;)
Kidding. I set this up on an R-Pi 4 and the setup could not have gone better. Will subscribe.

Love these videos, Jeff, and I will consider installing unbound on my Rpi as well.
The only point I think you could have mentioned but didn't is setting your router DHCP server to direct your clients to the pihole server as default for DNS requests, so you don't have to do it manually, but I also get why you didn't :)

Ah...a video I have to see more than once to understand...but I think worth it. Thanks! Update: I did as you say and it works...noticeably well on my Raspberry Pi4. I tested it using my PC before reassigning my router local network DNS to Pihole.

Ive been trying to setup unbound and finally found this tutorial which explain it very well. Good job.

If nothing else, this video made me finally update the password for my pihole admin page. Now I don't have to go digging it out of my password manager every time I want to login. So thanks for that.

Thanks for the great video. I liked the idea so i gave it a try.
I tried to install pi-hole exactly as you showed in this video, but with no success. There are some differences however. I made a virtual machine on my Windows10 desktop with hyper-V and installed Ubuntu, same version and same tools like SSH-server, and Unbound, same versions, same configuration. During testing I found no differences with the number of adds on MSN and other sites. I noticed that the configuration of pi-hole was only on IP-4 level and not on IP-6. That might be the reason, because my provider and my router all support IP-6. Another thing was that after rebooting my machine, nothing was working anymore because my ubunto server virtual machine got a different ip address (IP-4). I am not a linux guru but had a linix server about 15 years ago. So i know a little bit but not enough to solve this. I tried to give a fixed IP address, but on IP4 only, and that was not working, so I removed the whole setup. When someone has some ideas to solve this problem I will start from scratch again.

Thanks! Just added unbounded to my pihole docker-compose stack. It has appeased my paranoia for now.

Followed the video and instructions and now my pi-hole is working great. Thank you.

Nice and simple explanations, Would love to hear you explain the benifits/concerns between using a recursive dns server (unbound) as opposed to DoH options

Just out of interest, as I'm running Mint, I thought this could be an an ideal use of a local lxc container. Tried it, all worked, no additional hardware or hypervisor required.

I have came back to this tutorial loads of times for refreshers :) Cheers!

The value of this video was exceptional! Thank you! liked and subscribed as a result!

Great video! I'm running pihole & unbound in an LXC container and it works as well.

Great video! My 12 old son managed to do this by himself following your tutorial first time! You should also consider making a part two of this guide to block TH-cam ads too! I know it's quite tricky but managing a "moving target" like TH-cam would be great practice!

I had just recently set up a workstation running Ubuntu 20.04 Server and pi-hole. I was using pi-hole as ad-blocker and home dns. Added unbound and got the recursive function working! I did have to manually start the service though, I also set it to auto-start on boot with:
sudo systemctl start unbound
sudo systemctl enable unbound
I also changed the port from 5335 to something a little more custom. If you edit the config file after starting the server as I did to change the port, restart the services with
sudo systemctl restart unbound
Thanks for making this video! Helpful!

This is the solution I've been looking for. The webmin BIND interface took me a while to get the hang of. This is simple. Thank you!

Cool, video. You can enhance the Experience by logging in to your router and add pihole as the dns adres. This way all traffic wil be routed to pihole

This has been an excellent guide to follow, even at 2024. Thanks!!!

Please consider a follow up to this about pi-vpn, that would be a good topic to cover

I think you should do a video on the docker container. It's a lot less overhead than a full virtual machine.

Great tutorial and explanations, managed to set up everything working nicely.
Thank you!

Absolutely fantastic - thanks for the easy to follow instructions - my pihole is now running super well and operating much more effectively. Also, who cant love a man who love his beer!

great tutorial, now I need the last thing - how to make pihole as backup dns with possibility to synchronize DNS records and pihole settings from primary pihole based recursive dns server.

How dare you tell me I'm using my holes wrong

I ended up just installing a docker with both pihole and unbound together, works out of the box!

You should also stop the DHCP service on your router and enable the one within PiHole. That way you won't have to configure DNS on everything on your network. Some routers will allow you to set the IP of a DNS server as well, but sometimes they still act as DNS and forwards the request to the server you specify, instead of just giving the client the IP address when it requests a DHCP lease.

Fantastic end to end tutorial! Nice work!

Oh man the unbound makes my pi-hole way faster than before. I've seen this video couple times before but never got to installing the unbound until now. Well worth it. Thank you

I followed your guide with one exception I used a container with debian template instead of a VM. Works sweet thanks brother

Another option you may not have considered for running pi-hole is running it in a Docker container. More efficient than a full Ubuntu VM for sure, but I'll have to look into getting an Unbound docker image after seeing this video. Thanks!

Been running PiHole for a few years, and never knew about the Unbound. Thank you. Keeping my network and ads more secure.

I followed this tutorial on an Optiplex 7040 Micro running Ubuntu 20.04 Desktop. Worked great!

You forgot to cover another important area. There are people already running AD and dns service (I believe you too) and they want to use pihole without loosing functionality of theirs current dns setup. Would be great to see how you handle pihole running as forwarder or behind your current dns server. Also changing dns entry is much effective on dhcp server than single client so I believe this was done just for presentation purpose. Cheers.

Just remember: Doing it this way, your ISP can see what websites you visit, since the unbound sends out the request on port 53 to the root servers...

Fantastic! Now all I need from you is a tutorial for steam cache server, same service for window update and game pass, and same time act as a back up unit.

I'm a teacher and a self-proclaimed Linux-geek. You are a skilled communicator.

Anyone wanting to do this, know that you can get away with 10Gb of storage, 2 Cores and 512Mb of RAM (though I'd suggest 1Gb) for this. DNS is *very* light on resources.
Also note that getting DNS results from the authoritative terminal does not save your from DNS hacks intercepting and changing raw DNS queries is trivial to do this. Better to forward your DNS queries to a server that support DoH (and set that up).

Great video! One thing I was unclear on was how unbound adds any real value. Your DNS chain is: pihole > unbound > DNS root servers. Why not just point the pihole directly to the root servers so that it looks like: pihole > DNS root servers ? This allows for you to run pihole on platforms and services, (such as docker) that may not have unbound bundled or available.

Perfect tutorial! Thank you very much. Didn't know about "unbound" but now I'm using it and it's still very fast. Now my 8GB RPI 4 gets something to do other than being my NAS. :)

You inspired me to spin up my first Ubuntu Server VM on my TrueNAS and then follow the rest of your guide. Thank you!

Thanks for the excellent tutorial! Can we configure Unbound to listen on a Unix socket rather than listening on port 5335, and then configure Pi-Hole to talk to Unbound on that Unix socket rather than on localhost:5335?

You forgot a pretty important step in your video, you have to restart the unbound service post install and config creation. It's listed in the docs but you forgot to mention that in the video. Oddly enough however PiHole will still show queries to Unbound but you wont get any webpages on the client until you restart the service.

Saw a craft beer in this man's hands and already fell in love.

I forgot how much I love Pi-Hole! Now with unbound it's super nice. Great tutorial!

WAT. In 5:30 you started curl with sudo, but then piped output of curl to bash without sudo :D
There's even information about from in red color "Script called with non-root privileges"

could you do a more in depth video on unbound?
thanks!

Thank you! Followed your video and set up my own cloud based pihole / recursive DNS server with my wireguard tunnel :)

Great job. I appreciate that you keep your videos succinct and short.

Shouldn't you also add the ipv6 loopback ( [::1]:5335 ) to the upstream dns servers for ipv6 queries? Keep it up with the awesome videos! Love the channel.

What about disabling the DNS cache of Pi-Hole? So Unbound handle all the caching
Also disabling DNSSEC since Unbound can handle that as well and Pi-Hole and Unbound would be doing the same job twice.
I have the same setup just with these two additions.
Great video btw

2 years later and this vid is still very relevant, did it via docker on my side though