Exactly. Unbound, Stubby would extend DNSMasq and allow encrypted DNS.
If you are using AGH you can do that internally from AGH and you do not need those external programs.
Interestingly it appears that NextDNS's client is somewhat lacking and current guidance is to use AGH as a proxy to using NextDNS as an upstream provider. So just install AGH, setup NextDNS as upstream, disable any filtering in AGH and you are done.
I have compiled an up to date OpenWrt and AGH install thread here :
Hi Directnupe: can you help me in setting up Unbound along with Adguardhome on Openwrt(RPi4) pls. i tried to follow up your Guide, but somehow i end up breaking the internet and in the end no Internet and not Adblocking + Unbound setup is complete.
Why is it so difficult to install Unbound in Openwrt compared to Stubby? I could install and configure Stubby under 1 Minute, but almost never Unbound. Why? And there are not enough posts on Internet also regarding this.
I have tried n number of times to setup Unbound but finally gave up.
I am running Stubby with Banip and Adguard with Nextdns as it's upstream server. I am quite happy with its performance. I would have been even more happier if the Unbound setup has finally worked up for me. That's the only incomplete Project I have right now with my Adblock setup in my network.
To be frank I couldn't get Dnscrypt-Proxy 2 also to work. Did you get Dnscrypt-Proxy 2 to work with openwrt?? Also the anonymous Dns???
Is it really that simple in installing Unbound on Openwrt??? I was really lost in editing Settings. I will try it today once I come back home.
Can you tell me how to use Nextdns in Unbound here? Should I have to edit any settings in Unbound for example ext.conf/ srv.conf???
Are you sure that I have to edit only those what you have pointed out and nothing else? Just those commands using ssh and I am done setting up Unbound purposely and working???
Hi. I agree your point, but I literally see huge difference in processing / opening a website in terms of speed in opening a website and blocking ads while using Stubby / Unbound compared to adguard.
That's what making me go after this Unbound installation or dedicated dns resolver.
Eben after using Dns over Quic in AGH, I am not finding it as fast as Stubby. That's my personal experience...
Maybe you can help with Unbound setup. Can you?
unbound and stubby was THE way to do encrypted DNS when the standards were set and the start to encrypt DNS began. However they can be tricky to configure and are not easy if you have no knowledge of SSH or editing files under linux.
AGH rolls the DNS encryption into an adblocking client. Once installed it is far easier to configure due to having a webgui. Its one service to setup and maintain instead of multiple interconnecting ones.
Also if you are using NextDNS then AGH is the client they recommend to use as NextDNS's client is problematic.
Why not Adblock + Stubby (it did also DoT and encrypt the dns requests AFAIK right)?
Why are you suggesting Adblock +Dnscrypt-Proxy / Adblock +DoH? Is it having a faster processing speed and less latency compared to my method ( Adblock +Stubby) ??? Pls elaborate, I want to know, that's why you may find my question as silly....
You mean you have only Openwrt +AGH installed for Adblocking and no other dns resolver (DoH /DoT) installed. with your setup, you mean to say AGH is faster than dnsmasq. Is this what you are trying to say??
just making the observation/asking the question about how anything can be "noticably" (much) faster than using AGH on it's own...
i.e. how did you notice / test?
(unless I misunderstood the statement)
re-reading the above... what you are observing is could be the difference of the former not blocking (much?) at all?, or the latter having overloaded lists... etc... and not a reflection of dns much at all...
don't disagree with your claim... just trying to breakdown what exactly was behind the difference... and how you tested that...