homelab

Adguard home

Two PiHole servers. One is hosted via docker on my primary file server and the other is hosted in a Hyper-V VM on my sole windows box. The VM one is also my DHCP server.

Unbound on my OPNsense firewall. I don't have advice for you, do you have some specific goals besides just having a DNS?

Technitium

I run Unbound on my opnsense firewall.

I have a philosophy of sticking close to reference implementations and upstream in the homelab because it forces me to learn principles rather than implementations. I use bind9, but that upstreams to pihole on a different port. It is hard to configure for sure, editing zone files in vi, but I learn a lot analyzing the reference syntax to understand features. I also use isc-dhcp-server for DHCP, again manually populating dhcpd.conf.

Bind can peer with other instances; right now it is it's own ipam vm on my proxmox with bind/isc-dhcp/pihole docker, but I'm looking at dropping some hardware at a family member's for a site 2.

I have a total of 4 (for now) DNS servers, 2 within the lab (AlmaLinux on Proxmox), 1 running on OpnSense and 1 on a VPS (AlmaLinux). All are running Unbound + dnscrypt-proxy for external resolution, the AlmaLinux ones also have unbound-exporter for telemetry.

The pair in the lab also run Keepalived with 2 VIPs for active/active setup (VIP 1 active/backup for DNS1/2, VIP2 active/backup for DNS2/1). All servers target the VIP addresses for resolution with options timeout:1 attempts:3 rotate in the /etc/resolve.conf file.

For internal DNS records I run FreeIPA (as well for server/ldap auth) with zone transfers to all Unbound instances, this way there's no dependency on FreeIPA and the lab to be online for DNS resolution of internal records and it prevents the need for forwarding those queries to FreeIPA.

All instances also have a scheduled service to download and apply a blocklist from https://github.com/StevenBlack/hosts

I would like to look into Unbound views for the OpnSense instance to be able to resolve different records if the source it IOT/Untrusted zone vs LAN/Trusted zone, for now I have BIND tied to specific IPs used by IOT/Untrusted exclusively without access to resolve the lab zones.

Two Pi-Hole docker container on two different servers. OpnSense DNS Plugin. Fallback, NextDNS Alternative, AdGuard is also a good DNS.

Two pihole servers, one n VM vlan, one on device VLAN with OpnSense delivering them both via DHCP options. I sometimes update lists, like yearly... At best. They've been there over 7 years. Calling them robust is correct. The hypervisors are 3 proxmox servers in cluster using ceph. Intrl NUC 3rd Gen. Less than 80w combined with all vms. Also 8 years old no failures but tolerant for it.

My home lab is small so I just run BIND ony server

I'm using leng in an dedicated LXC container in Proxmox

https://github.com/cottand/leng

I'm using defaults + some local dns lookups. Works fine for my use, and lighter than pihole. No web ui

The default Unbound server on Opnsense.

I use AdGuard in my OpnSense firewall.

Why do you want a server on proxmox and NAS? or have I read this wrong?

I use Blocky as my DNS server.

Just run it as systemd service on my server.

CoreDNS in Docker to mix things up here a little.

I use PiHole+Unbound in a podman quadlet, and give it its own macvlan. Works great for me.