Windows 10 Optimization Guide suggestion - Unbound DNS server?

Hi all,

I was wondering, for the Windows 10 optimization guide, it is recommend using another DNS provider. I was wondering if it had been considered to recommend that users install their own DNS Server.

I personally use Unbound. It's has a very small footprint, easy to install and equally easy to configure and or tweak. I would be willing to help draft instructions as well as share my configuration file. This way users could actually run an even faster DNS service, which their queries would be private, off their own machine.

If anyone is interested or think this might be of value, let me know and I can draft a simple install guide etc.

Unbound can be found here: Unbound (yes there is a Windows version).

Their documentation is here (it's got a lot of options) so don't let your brain explode, 98% of them won't matter to you:

Unbound documentation

And if you are curious, once Unbound is installed, it installs as a service. The configuration for that service is located here:

C:\Program Files (x86)\Unbound and in this file: service.conf

Here is what my service.conf looks like, just open it in notepad, (you could copy and paste it in to the service.conf file and save it), then just go into services and restart the unbound service it would then have my settings applied.

# Unbound configuration file on windows.
# See example.conf for more settings and syntax
server:
# verbosity level 0-4 of logging
verbosity: 0


# if you want to log to a file use
#logfile: "C:\unbound.log"


# on Windows, this setting makes reports go into the Application log
# found in ControlPanels - System tasks - Logs
#use-syslog: yes




server: auto-trust-anchor-file: "C:\Program Files (x86)\Unbound\root.key"
port: 53
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
prefetch: yes
prefetch-key: yes
hide-identity: yes
hide-version: yes
harden-glue: yes
harden-dnssec-stripped: yes
outgoing-range: 512
num-queries-per-thread: 1024
num-threads: 2
msg-cache-size: 128m
rrset-cache-size: 256m
msg-cache-slabs: 8
rrset-cache-slabs: 8
infra-cache-slabs: 8
key-cache-slabs: 8
key-cache-size: 16m
so-rcvbuf: 1m
so-sndbuf: 1m
cache-min-ttl: 3600
cache-max-ttl: 172800
infra-host-ttl: 60
infra-lame-ttl: 120
unwanted-reply-threshold: 10000
infra-cache-numhosts: 10000
infra-cache-lame-size: 10k
val-clean-additional: yes
minimal-responses: yes
### Block popular advertising companies
local-zone: "doubleclick.net" redirect
local-data: "doubleclick.net A 127.0.0.1"
local-zone: "googlesyndication.com" redirect
local-data: "googlesyndication.com A 127.0.0.1"
local-zone: "googleadservices.com" redirect
local-data: "googleadservices.com A 127.0.0.1"
local-zone: "google-analytics.com" redirect
local-data: "google-analytics.com A 127.0.0.1"
local-zone: "ads.youtube.com" redirect
local-data: "ads.youtube.com A 127.0.0.1"
local-zone: "adserver.yahoo.com" redirect
local-data: "adserver.yahoo.com A 127.0.0.1"

After that, you just would need to go into your network adapter and get rid of your other DNS server settings, and set your DNS to 127.0.0.1, apply and BAM - it's a lot faster and you have a lot more privacy this way.

Feel free to try, not try, set me on fire or ignore this post all together. If you hate it, just uninstall and go back to whatever you were using before. OpenDNS, I mean CiscoDNS will always be there waiting :)

Thanks,

Johnathonm

While I am certainly no fan of the Google ecosystem, sometimes, especially when trouble shooting DNS problems, I tap into their public DNS service to see if that works... They started this public service awhile back. 2009 I think.
Striaght from Google:
**************************************************************************************************** ***
The Google Public DNS IP addresses (IPv4) are as follows:

• 8.8.8.8
• 8.8.4.4

The Google Public DNS IPv6 addresses are as follows:

• 2001:4860:4860::8888
• 2001:4860:4860::8844

You can use either address as your primary or secondary DNS server. You can specify both addresses, but do not specify one address as both primary and secondary.

You can configure Google Public DNS addresses for either IPv4 or IPv6 connections, or both.
**************************************************************************************************** *****
Again, If I'm having host resolution problems, I try the IPv4 settings and see if I can reach Google. If that works then it's a clue.
I suppose you could use Google DNS all the time as your default if you wanted to.
That's just not my flavor of ice cream, Ha!
Just an FYI.
From the heart of the Bayou,
Mr. J - Now I'm off to read about "unbound", thanks for the tip!

I didn't know about the IPv6 privacy issue, thanks for that!
Ya, I reckon anytime I use Google for anything, privacy is pretty much out the window. I just don't trust those folks.
Mr. J.