Hello everyone, good day. Just one of the normies seeking guidance.
On a spare machine I installed Ubuntu Server with BIND9 as a DNS Server. So far the configuration was ok, an it seems to be working. In addition, I have a pfsense with DNS Forwarder installed.
Are there any benefits for a home user to have an dedicated DNS server (local at home)? Are there any performance improvements with the internet experience? Do the setup offers any kind of additional security?
Are you asking if you should use an external DNS service like google or openDNS or resolve your own DNS queries? Because you can resolve your own with pfsense using the DNS resolver (unbound) instead of the DNS forwarder (dnsmasq).
Essentially the difference is that an external DNS server can be faster because if there’s low latency between you and the DNS server and that DNS server is fairly active so there’s a good DNS cache hit rate then you will resolve your addresses faster, so browsing will feel faster. But running your own resolving DNS server will guarantee that you are getting the correct results, because you know that no one is messing with the results. That doesn’t make it immune from MITM attacks and whatever but you know the server isn’t blocking results or redirecting you or anything like that.
If you do run a resolver you should still configure an external DNS server in the resolver to act as a backup or if it gets results faster then you get the best of both worlds.
The usual reason for running a DNS server on your LAN is to create entries for a local/private domain.
For instance, if you owned the domain jorheccou.tech, you could configure nas.jorheccou.tech in BIND9 to resolve to your NAS’s local IP. Since the DNS server is on your local network, nas.jorheccou.tech would only be visible on your LAN.
For bonus points, you can add jorheccou.tech as the search domain in DHCP and you would only need to type http://nas or admin@nas (for ssh) instead of the FQDN or IP address.
Right, well there’s no difference then really. Unbound running on pfsense is doing the same things that bind running on a different machine can do. So really it’s just up to you how you want to use it.
