What's new

Knot Resolver vs unbound?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

knot replaces BIND as a reference implementation...

unbound is still a very good choice, as many know the mechanics and work with it...
 
Any thoughts on Knot Resolver (https://www.knot-resolver.cz/) vs unbound?
I looked at these 2 recently, I found kresd doesn't recurse through certain records as you might expect.
For example, with a CNAME pointing to a record in different DNS domain, kresd only returns the CNAME, it doesn't then recursively lookup what that record resolves to on the next DNS server (at least when I last checked - a year or so back I suppose)

unbound is one of the 2 DNS software implementations documented for Red Hat 9 (bind being the other) - it's agood choice 👍
 
knot replaces BIND as a reference implementation...

unbound is still a very good choice, as many know the mechanics and work with it...
knot DNS (knotd) is knot's authoritative DNS server.
Knot Recursor (kresd) is their recursor software.
 
How do I use that? My understanding is it's just a caching forwarder, not a recursive resolver.
 
Last edited:
Yes, forwarder and it does what is needed very well. Replacing it with resolver has pros and cons. Unbound is an available add-on for Asuswrt-Merlin firmware, but not necessarily better for the specific task. What was broken in Dnsmasq and needed fixing by replacing it with Unbound?
 
Your ISP knows exactly where you connect by IP address and still has quite accurate browsing history of your account. This "privacy" is about the same as using their own DNS servers with the difference your local DNS resolution is actually much slower until your own cache is build up.
 
Your ISP knows exactly where you connect by IP address and still has quite accurate browsing history of your account.
unless and until pains are taken to prevent it. You may not agree with or see the point of using them at a home level, but they are available, if people should care to roll up their sleeves and dig into managing the result
 
unless and until pains are taken to prevent it

All commonly discussed methods are ineffective for hiding activities. As you often say - education first. DNS encryption is for MITM and eventual DNS redirection, doesn't do much for privacy. Own resolver is splitting DNS queries to multiple servers, but the resolved IPs get to the ISP anyway. Commercial VPN is replacing physical ISP with virtual one. The VPN company gets the data, the physical ISP knows exactly what VPN is in use. Privacy is promises in advertisements, no guarantees. In case of illegal activities no VPN will protect a customer paying $4/month and who violates Terms and Conditions. No logs and allowed to operate in logs required jurisdictions? Sure. TOR is easily detectable and is equal to drawing attention to yourself. There is no guarantee TOR exit points are not run by someone who actually wants to see what's going on. Connected to Internet - someone knows what are you doing. Total Internet privacy and security - disconnect the service. Increased life privacy and security - cabin in the woods in no predators area, no cell phone.
 
Last edited:
unless and until pains are taken to prevent it. You may not agree with or see the point of using them at a home level, but they are available, if people should care to roll up their sleeves and dig into managing the result
I 100% agree....it's always nice to have options available regardless of what your ISP knows or doesn't know.
 
Last edited:
What options you guys have in mind? Let’s see what they can and cannot do.
The options available thru AMTM!
 
None of them will prevent eventual logging of activities upstream. Read post #14 again.
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top