I wish nano wouldn’t destroy line endings.

Try Emacs.

With the one requirement that you need to pick an DNS server which doesn’t mess with the results. But that’s not a huge issue, there are quite some uncensored DNS servers out there. Like the OpenNIC ones for example.

I know, and some of them have quite some latency, while others may or may not start censoring and/or logging my requests in the future. The downside is that having my own DNS server outside my LAN doesn’t make much sense, because (you’re right!) my home internet connection is struggling to keep up with the major providers, as is my hardware. However, at, I’ve just checked, an average of just under 2,000 requests per hour, it’s more than feasible.

There’s a good chance that the operators won’t even notice my requests, especially because my cache is filling up fast.

And I think it’s really a shame that lots of ISPs mess with the DNS results and introduce third-party blocklists. Mine does that, too.

This. Very much this.

Its robust and fairly straight forward to setup IMO.

I never got it working reliably on OpenBSD, something always resets its root directory’s permissions to root:root which makes the service break. It’s probably unfair of me to blame Unbound for this, but it always sticks in my mind. In addition, Unbound wants a text file as configuration and the solution I have now found does not. It’s also a question of convenience, at least a little. :-)

I’m not ruling out the possibility that I could recreate my local setup with Unbound (there should be a way to automatically download and integrate an AdBlock filter list somehow), but I admit that I’m just not familiar enough with it. It’s a bit of a shame, I know, but unlike a mail or web server, I have really big problems when my DNS server goes down with a cryptic error message. I would like to minimise this risk.

Ah, sorry. This is a new technology to me. Thank you!

I mean that, if all DNS servers just returned whatever the root servers tell them, nobody would want to run his own one, I think.

For the record, any DNS server you choose to employ should default to only using the root servers.

If that was the case, there would be a market for exactly 0 DNS servers.

You should also be aware that even if you use root servers, a DNS server which is authoritative for the domain you are querying may well return different results depending on where in the world you are.

Thank you, this is valuable information to me. :-)

Blocky is another nice AdBlocker and DNS proxy.

Blocky does look nice, but there is no way to use it without any upstream DNS server, which limits its usefulness. Technitium works without having to rely on third-party DNS services, which is its main selling point, I guess.

Yes, it’s running on a Raspberry Pi. Only internal SD, no other services. RPi 3B, I think. It’s been mine for quite a few years now.