While I was installing the unbound to work with Pi-hole, I found that the value of the parameter use-caps-for-id in the config file (/etc/unbound/unbound.conf.d/dietpi.conf) disagrees with the sample one in the Pi-hole documentation (unbound - Pi-hole documentation). Moreover, I also found that the default value set in Unbound documentation is also no (Ref: unbound.conf(5) — Unbound 1.17.1 documentation).
The reason why the value is set to no is due to its sometimes causing DNSSEC issues.
I’m just a newbie and I’m just putting up my findings here. Welcome to discuss. I really love to learn more. Thanks.
maybe @MichaIng could have a look.
Does it cause DNSSEC issues in your case? At least I’m not aware of a case it did. Such info/defaults are sometimes based on very outdated information. It is a little security hardening and hence should be enabled as long as it does not cause issues.
@MichaIng maybe we should read through Unbound, stubby or dnscrypt-proxy - General - Pi-hole Userspace Quite an old issue. Not sure if still applicable.
1 Like
To to have that thread for additional background. However, I skip it as long as not someone actually faces issues with Unbound with indeed are resolved by inverting that setting. And even then, we should try to find out how to replicate it, since it seems to be very rare, and probably better document it as a possible solution IF someone faces issues with Unbound.
maybe this one could be an example? Curl: (28) Resolving timed out after 3000 milliseconds - #23 by holocron
At least changing away from Unbound seems to fix it.
Nope, I didn’t know yet. I was setting up this Unbound service and compared the 2 conf files and spotted this parameter disagrees in the 2 files.