First off, I'm a Linux and terminal NOOB so I've never got my hands dirty with any of cool stuff I've seen everyone else doing.
I know I'm several years late to the party but I finally decided to pull the trigger and got around to:
1) installing Raspbian Buster Lite + PiHole (using LTT PiHole Setup article)
2) installing Stubby for DNS-over-TLS (using plip blog)
3) adding CloudFlare as upstream resolver for Stubby
4) making my D-LINK DIR 825 R1 (from Afrihost Pure Fibre) use PiHole for DNS
It seems to be working nicely. I have a question or two:
1) I was thinking of enabling DNSSEC in Stubby but there are a few options there that I don't really understand:
Should I leave the directory mentioned above (in the Stubby config file) as "/var/cache/stubby"? I'm just using the default "pi" user for everything (the way it is setup by default) and I haven't created different users etc.
2.) I see that Stubby wiki mentions:
Anyone noticed any big slow downs or major issues?
3.) Any other recommendations or add-ons I could do.
It's running on a Raspberry Pi 3B that has been in it's packaging for years.
I know I'm several years late to the party but I finally decided to pull the trigger and got around to:
1) installing Raspbian Buster Lite + PiHole (using LTT PiHole Setup article)
2) installing Stubby for DNS-over-TLS (using plip blog)
3) adding CloudFlare as upstream resolver for Stubby
4) making my D-LINK DIR 825 R1 (from Afrihost Pure Fibre) use PiHole for DNS
It seems to be working nicely. I have a question or two:
1) I was thinking of enabling DNSSEC in Stubby but there are a few options there that I don't really understand:
Storage of Zero-config Trust anchor
When the system-level user does have a home directory, stubby will store the for Zero configuration DNSSEC dynamically acquired root trust anchor in a subdirectory called ".getdns" of that home directory. If the system-level user does not have a home directory or the home directory is not writeable or readable, stubby will fallback to the current working directory.
This can be overruled by supplying a "appdata_dir" in the stubby.yml configuration file. When a "appdata_dir" was specified, that directory will be used for storing data related to Zero configuration DNSSEC immediately, without the other paths being tried. It is recommended for systemd setups using the provided systemd.service file(s) to have a "appdata_dir" directive set to "/var/cache/stubby" in the stubby.yml configuration file.
Should I leave the directory mentioned above (in the Stubby config file) as "/var/cache/stubby"? I'm just using the default "pi" user for everything (the way it is setup by default) and I haven't created different users etc.
2.) I see that Stubby wiki mentions:
Note that using DNSSEC can add a small performance overhead because it increases the number of queries required to resolve a DNS request.
Anyone noticed any big slow downs or major issues?
3.) Any other recommendations or add-ons I could do.
It's running on a Raspberry Pi 3B that has been in it's packaging for years.