For your single host, emerge unbound, start the service, add 127.0.0.1 to the first nameserver in /etc/resolv.conf. Unbound is setup (by default) to accept connections from localhost and refuse anything else. If you are using dhcp at home (likely) then also emerge openresolv and uncomment name_servers=127.0.0.1 in /etc/resolvconf.conf, openresolv then “intercepts” dhcpcd when it tries to write to /etc/resolv.conf and adds 127.0.0.1 as your first nameserver For your LAN, just configure your router to look to the host that you setup unbound on, with additional configuration.

Finally, you can also have unbound run on your co-located host. Just edit /etc/unbound/unbound.conf to a) listen on an outside interface and b) allow your other host to query it. This will be left as an exercise for the reader, it is easy to figure out.

Lastly, a shout-out to Linux Gazette for an excellent write-up on GoogleDNS (and why you should use something like unbound) and DNS/LAN metaphors. Suggested reading if you feel out of your league with DNS internals, like me.

A quote from the above linked article: “Why outsource to anyone, when you can do a better job locally, at basically no cost in effort?“ and really, that is the truth. Have fun.