docs
docs copied to clipboard
pi-hole
Technical inaccuracy in documentation
Versions
- Pi-hole:
- AdminLTE:
- FTL:
Platform
- OS and version:
- Platform:
Expected behavior
Your web documentation for running pihole with unbound (found here https://docs.pi-hole.net/guides/dns/unbound/) states that, once the changes have been made as described in the guide,
5 (bullet 5). Your recursive server will send a query to the DNS root servers: "Who is handling .net?" 7 (bullet 7). Your recursive server will send a query to one of the TLD DNS servers for .net: "Who is handling pi-hole.net?"
This should read as follows:
- Your recursive server will send a query to the DNS root servers: "What is the IP of pi-hole.net?"
- Your recursive server will send a query to one of the TLD DNS servers for .net: "What is the IP of pi-hole.net?"
Debug Token
- URL:
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
Add any other context about the problem here.
The documentation is correct. Unbound has qname minimisation enabled by default. Qname minimisation sends the minimum amount of information to each level of nameserver - just enough to get to the next lower level nameserver. The root servers are asked which nameserver is handling the desired TLD, then that nameserver is given sufficient information to get you to the next level of nameserver, etc.
From the unbound manual:
qname-minimisation: yes or no Send minimum amount of information to upstream servers to enhance privacy. Only send minimum required labels of the QNAME and set QTYPE to A when possible. Best effort approach; full QNAME and original QTYPE will be sent when upstream replies with a RCODE other than NOERROR, except when receiving NXDOMAIN from a DNSSEC signed zone. Default is yes.
Additional discussion and details:
https://www.isc.org/blogs/qname-minimization-and-privacy/
https://blog.verisign.com/security/maximizing-qname-minimization-a-new-chapter-in-dns-protocol-evolution/
https://datatracker.ietf.org/doc/rfc9156/
