New
#1
Windows 10 Optimization Guide suggestion - Unbound DNS server?
Hi all,
I was wondering, for the Windows 10 optimization guide, it is recommend using another DNS provider. I was wondering if it had been considered to recommend that users install their own DNS Server.
I personally use Unbound. It's has a very small footprint, easy to install and equally easy to configure and or tweak. I would be willing to help draft instructions as well as share my configuration file. This way users could actually run an even faster DNS service, which their queries would be private, off their own machine.
If anyone is interested or think this might be of value, let me know and I can draft a simple install guide etc.
Unbound can be found here: Unbound (yes there is a Windows version).
Their documentation is here (it's got a lot of options) so don't let your brain explode, 98% of them won't matter to you:
Unbound documentation
And if you are curious, once Unbound is installed, it installs as a service. The configuration for that service is located here:
C:\Program Files (x86)\Unbound and in this file: service.conf
Here is what my service.conf looks like, just open it in notepad, (you could copy and paste it in to the service.conf file and save it), then just go into services and restart the unbound service it would then have my settings applied.
# Unbound configuration file on windows.
# See example.conf for more settings and syntax
server:
# verbosity level 0-4 of logging
verbosity: 0
# if you want to log to a file use
#logfile: "C:\unbound.log"
# on Windows, this setting makes reports go into the Application log
# found in ControlPanels - System tasks - Logs
#use-syslog: yes
server: auto-trust-anchor-file: "C:\Program Files (x86)\Unbound\root.key"
port: 53
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
prefetch: yes
prefetch-key: yes
hide-identity: yes
hide-version: yes
harden-glue: yes
harden-dnssec-stripped: yes
outgoing-range: 512
num-queries-per-thread: 1024
num-threads: 2
msg-cache-size: 128m
rrset-cache-size: 256m
msg-cache-slabs: 8
rrset-cache-slabs: 8
infra-cache-slabs: 8
key-cache-slabs: 8
key-cache-size: 16m
so-rcvbuf: 1m
so-sndbuf: 1m
cache-min-ttl: 3600
cache-max-ttl: 172800
infra-host-ttl: 60
infra-lame-ttl: 120
unwanted-reply-threshold: 10000
infra-cache-numhosts: 10000
infra-cache-lame-size: 10k
val-clean-additional: yes
minimal-responses: yes
### Block popular advertising companies
local-zone: "doubleclick.net" redirect
local-data: "doubleclick.net A 127.0.0.1"
local-zone: "googlesyndication.com" redirect
local-data: "googlesyndication.com A 127.0.0.1"
local-zone: "googleadservices.com" redirect
local-data: "googleadservices.com A 127.0.0.1"
local-zone: "google-analytics.com" redirect
local-data: "google-analytics.com A 127.0.0.1"
local-zone: "ads.youtube.com" redirect
local-data: "ads.youtube.com A 127.0.0.1"
local-zone: "adserver.yahoo.com" redirect
local-data: "adserver.yahoo.com A 127.0.0.1"
After that, you just would need to go into your network adapter and get rid of your other DNS server settings, and set your DNS to 127.0.0.1, apply and BAM - it's a lot faster and you have a lot more privacy this way.
Feel free to try, not try, set me on fire or ignore this post all together. If you hate it, just uninstall and go back to whatever you were using before. OpenDNS, I mean CiscoDNS will always be there waiting :)
Thanks,
Johnathonm