DNSSEC + Unbound + Pi-hole

Anybody tried using this combination on Yunohost? Any thoughts on DNSSEC in general?

I’m very interested in personal privacy on the internet so these seem like good things to look into.

I already run Pi-hole on my Yunohost and wanted to go a step further.

I have been trying out unbound on another little server on my network. I’m worried about trying it on Yunohost lest I destroy my system in ways I don’t anticipate. (I did install it quickly on my Yunohost but it didn’t work immediately, so I gave up on it)

It seems easy to install but difficult to get to work properly. I can’t get it to resolve things very well on my extra computer, and this whole DNSSEC thing isn’t working very well either.

I’m going through this tutorial to make my own ‘travel router’ with Wireguard on Armbian.

Hoping I can learn enough to try and make this work with Yunohost later, specifically using Unbound with Pi-hole on Wireguard network.

I have zero knowledge on any of this, but just take care with pi-hole + YunoHost, there is an incompatibility with pi-hole version > 3.3.1

Pi-Hole can’t be updated beyond version 3.3.1, because higher versions use an integrated version of dnsmasq. This would require disabling the version of dnsmasq used by YunoHost.

(but there is a pi-hole and a wireguard app too, which is nice)

I tried to read the link you provided and I suggest a way simpler list :

  1. Install YunoHost on a server somewhere you trust, and on a raspberry-pi
  2. Install pi.hole in the server
  3. Install the unbound app in the server
  4. ??? connect the raspberry to your server via unbound (this is the part I have absolutely no idea about)
  5. Install Wi-Fi Hotspot on the raspberry-pi

Maybe use the vpn client app on the raspberry, but I do not think it is compatible with wireguard.

Nearly everything is already present, I hope you will manage to build your project :smiley: