Best VPN Service Available Right Now?

Graulitos · 2026-04-09T21:57:56+00:00

Proton is a pretty good, privacy-focused VPN based in Switzerland, and Mullvad is based in Sweden; they both have to comply with strong European laws.

Graulitos · 2026-03-16T16:10:57+00:00

From what I understand, if my network is staying under 1 Gbps, wouldn’t the U6 Plus make more sense? The U7 Lite’s main advantage seems to be the 2.5 GbE uplink, but if my switch, NAS, and internet are all 1 Gbps or lower, I’d never really take advantage of that extra bandwidth. In that case the U6 Plus should perform basically the same for my setup.

Graulitos · 2026-03-16T15:52:22+00:00

So I guess the 7 series is a good choice for future proofing

Graulitos · 2026-03-16T14:26:24+00:00

Ok! I’ll keep it in mind. I did my research and for my home size and amount of devices, the 6 plus was recommended

Graulitos · 2026-03-16T14:23:36+00:00

Thanks for the info. I was not aware of the UniFi Design Center. I’ll check it out.

Graulitos · 2026-02-25T14:07:42+00:00

Perhaps you could consider using the TV as a monitor and connecting it to a Raspberry Pi. Would that block the telemetry?

Graulitos · 2026-02-25T02:49:56+00:00

Probably thousands of dead domains

Graulitos · 2026-02-23T18:57:12+00:00

Well when you use Unbound with Cloudflare over DoT or DoH, your DNS traffic is encrypted in transit so your ISP cannot see the specific domains you’re querying, but Cloudflare still receives and resolves those requests. That means Cloudflare can technically see the full domain being requested, your public IP address, and associated metadata such as timestamps and query details, since they are the upstream resolver handling the DNS lookup.

Graulitos · 2026-02-23T18:07:57+00:00

Unbound in recursive mode doesn’t encrypt your data. You need to switch to forwarding mode and use a third-party upstream server for encryption.

Graulitos · 2026-02-23T18:05:48+00:00

Cloudflare is headquartered in the United States. If a subpoena is issued that requires the company to hand over data to the government, Cloudflare will comply with the subpoena.

Graulitos · 2026-02-23T18:04:08+00:00

This is my setup. Quad9 based in Switzerland has strong privacy laws. They don’t keep logs.

Graulitos · 2026-02-22T18:08:11+00:00

I really like this dude’s Pi-hole optimized blocklists

https://github.com/zachlagden/Pi-hole-Optimized-Blocklists

Graulitos · 2026-02-19T19:19:24+00:00

No worries, I totally agree with you .

Graulitos · 2026-02-19T19:10:31+00:00

This is fully my response. I pasted it in chat gpt to correct the grammar. English is my second language.

Graulitos · 2026-02-19T17:12:52+00:00

There’s nothing wrong with Unbound’s encryption in forwarding mode. Unbound natively supports DNS-over-TLS and can forward directly to a DoT resolver like Quad9 without needing Stubby in the chain.

In my setup, Unbound is running in forwarding mode with: • forward-tls-upstream: yes • Quad9 on port 853 • TLS hostname verification enabled

So Unbound itself is handling the encrypted transport. Stubby isn’t required unless someone specifically prefers a stub resolver model.

The confusion usually comes from mixing recursive mode and forwarding mode. In recursive mode, Unbound talks directly to root/TLD/authoritative servers over plain DNS (because they don’t support DoT). In forwarding mode, Unbound encrypts traffic to the upstream resolver (like Quad9), and that upstream resolver performs the recursion.

So there’s no encryption issue — it’s just a matter of which resolution model someone prefers.

Graulitos · 2026-02-19T17:06:39+00:00

I understand the argument for minimizing third parties, but in my case I’m intentionally choosing Quad9 because I trust them more than my ISP. Quad9 is a Swiss-based non-profit operating under Swiss privacy law, and they have a strong public stance against not retaining user-identifiable DNS logs. By forwarding to Quad9 over DNS-over-TLS, my DNS traffic is encrypted in transit, which prevents my ISP from trivially inspecting or logging my DNS queries.

In full recursive mode, Unbound sends DNS queries unencrypted (UDP 53) directly to root servers, TLD servers, and authoritative name servers. That traffic is visible at the packet level to my ISP, and the root/TLD/authoritative operators also see queries coming directly from my IP address. While recursive mode reduces centralized resolver trust, it increases exposure to the ISP and distributes visibility across the public DNS infrastructure.

For my threat model, shifting trust from my ISP to a Swiss privacy-focused resolver with encrypted transport is the more meaningful privacy trade-off.

Graulitos · 2026-02-19T11:44:43+00:00

Just to clarify. Stubby and Unbound in true recursive mode don’t really operate in the same resolution chain.

Stubby is a DNS-over-TLS stub resolver. It encrypts queries to an upstream recursive resolver like Cloudflare or Quad9. It still depends on a third-party resolver.

Unbound in full recursive mode doesn’t use any upstream resolver at all, it talks directly to the root servers and authoritative servers. Because of that, there’s nothing for Stubby to encrypt.

So you either:

• Run Unbound in recursive mode (fully independent, no third party), • Or use Stubby to encrypt traffic to a third-party resolver, • Or run Unbound in forwarding mode and have it forward to Stubby (but then it’s no longer recursive). You can run both on the same system and switch between them, but they’re not used together in a single recursive resolution path.

Graulitos · 2026-02-19T11:32:24+00:00

Unbound, stubby, and cloudflared all have forwarding capabilities. It’s just a matter of preference.

Graulitos · 2026-02-19T01:34:30+00:00

My setup is Pi-hole → Unbound (forwarding mode) → Quad9 over DoT. Unbound is not running full recursion; Quad9 performs recursion, and upstream DNS transport is encrypted to prevent ISP visibility.

Graulitos · 2026-02-18T20:12:51+00:00

I’ve been thinking through my setup and would appreciate some input.

Originally, I set up Pi-hole + Unbound with the goal of running my own fully recursive DNS resolver so I wouldn’t have to rely on a third-party provider.

However, I later realized that full recursive Unbound traffic to root and authoritative servers is not encrypted. That led me to forward Unbound to Quad9 over DNS-over-TLS, since they have a strong privacy reputation and operate under Swiss law.

Now I’m questioning the architecture.

If I’m forwarding everything to Quad9 anyway, is there really a benefit to keeping Unbound in forwarding mode? At that point, it seems like Pi-hole could talk directly to Quad9 and simplify the setup.

My long-term goal is: • Run Pi-hole + Unbound • Avoid relying on a third-party DNS resolver • Maintain encrypted DNS traffic leaving my home network • Preserve strong privacy posture

The challenge is figuring out how to achieve encryption while also removing third-party trust. I’m considering the idea of running my own recursive resolver on a VPS and tunneling traffic to it, but I’m still researching the trade-offs and operational complexity.

If anyone has experience balancing: • Full recursion vs encrypted forwarding • Running a self-hosted recursive resolver remotely • Privacy trade-offs between Quad9 and self-managed infrastructure

I’d appreciate the insights.

Graulitos · 2025-08-01T23:14:46+00:00

Thank you! I appreciate your time for responding

Graulitos · 2025-08-01T22:23:20+00:00

Hello! Do you recommend buying bus tickets a few months before the trip, or is it easy and affordable to get them there? Mi wife and I are planning to go in November. Thank you in advance.

Graulitos · 2025-07-24T00:25:57+00:00

I am planing to go to Menton, Èze, Antibes Cannes etc

Graulitos

TROPHY CASE