No Internet connection after installing Adguard and Unbound

I have a problem :slightly_smiling_face:… I tried to install Adguard and Unbound via Dietpi-Software. But something seems to have failed to work because since that time, the Pi no longer has a connection to the Internet. I uninstalled Adguard and Unbound but the problem remains. I am a beginner and have no idea what to do now :see_no_evil: .

The device is a Raspberry Pi 4 which is directly connected to the router via eth0 and DietPi v8.4.2 is installed.

Welcome to our community.

Does your system has a STATIC IP address or was it assigned via DHCP? Can you share following as well

cat /etc/resolv.conf

I had assigned a static IP to the Pi in both the router and the Pi when the installation prompted me to do so. In the meantime, I set it back to DHCP in the Pi, but didn’t need anything either. In resolv.conf there are three lines domain, serach, nameserver, all pointing to my router.

Are you able to ping your router on its IP address? Or can you ping anything on the web like or

So I have solved the problem. I don’t really understand it but OK. I rebooted the router and it was up and running again. It seems that I have to restart the router every time after I have changed the DNS… :sweat_smile:

I have now started a new try to install Aduard and Unbound. But I have the same problem again. As soon as I enter the address of the Pi in the router under DNS at IPV4, the Pi no longer has an Internet connection. I have the impression that unbound is not running properly.

First of all, use a STATIC IP address on your DietPi device and set the DNS server on the DietPi device to a global upstream DNS. Don’t use DHCP on the system that is running AGH. This way you ensure the DietPi device is still being able to resolve DNS queries, even if AGH or unbound are failing. Once done check on your DietPi device if you are able to resolve some domains like

This should be working, independent on the status of AGH and unbound. Once this is working, you could have a look the AGH and unbound logs if both are working. As well you could try to remove Unbound to check if AGH is functioning alone.

As soon as I switch to a static IP the Pi has no internet connection even if I choose cloudflare or Google as DNS.

are you still able to ping your router from DietPi device? Are you sure DNS request are not blocked somewhere on your network? Some people have some firewall or other network security tools who could block DNS request.

No, I cant ping the router now. At least I don’t know that DNS requests are blocked anywhere. But I am unfortunately also rather beginner in the subject. I have at least not set up anything like that anywhere.

If you are going to ping the IP address of your router, this has nothing to do with DNS as it is not involved. Pinging the router IP is something that need to work otherwise your network is not correctly setup. Do you use the correct IP address/range/gateway? I guess you would need to double check the network configuration.

I am slowly making progress :sweat_smile:. The problem is with the router. After massive Google research I have found a workeround. Now everything is up and running. But now I found a tutorial on the internet to run unbound in hyperlocal mode. I would like to make this. In the tutorial the /etc/unbound/unbound.conf.d/server.conf is edited, but if I see that correctly I have to edit the /etc/unbound/unbound.conf.d/dietpi.conf under dietpi, right?

Yes correct.

Btw can you share this guide pls? Would like to have a look.

Of course, but the instructions are in German and actually in conjunction with Pihole. I’m just trying to figure out if this is implementable with Adguard. At least I do not know as a beginner if the last step of DNSSEC validation with Adguard is necessary and if so how to implement it. unfortunately I have not received any feedback on the question so far.

That’s not an issue (das ist kein Problem) :stuck_out_tongue_winking_eye:

Well you did not ask for that DNSSEC validation question. Did you?

I don*t think it is needed to activate DNSSEC within AGH as it is already done by unbound.

I registered there to ask the question about the DNSSEC validationm, but it seems that all posts from new members must first be released. I am waiting for this for a few days now. XD

Jep, while DNSSEC on AGH doesn’t hurt, it could be disabled since Unbound is doing it OOTB.

Okay have now looked at lines from the .conf in the tutorial and added them to the dietpi.conf if not already present. The DNS resolving is now slow as hell when you visit pages for the first time :sweat_smile:. Will test it for a while but I don’t think I can stand it. I’ll probably switch back again to the original dietpi.conf.

usually there is no need to adjust our configuration file. We try to use settings based on best practices.

Some additional settings actually look good, like the preferching. I wonder what the entries below auth-zone are used for, respectively whether they double with the Unbound defaults or those in /etc/unbound/unbound.conf. Those are at least what I’d try to comment/remove to restore performance.

As I understand it, the entries under auth-zone should ensure that the first DNS query to the DNS root server can be avoided by Unbound. Thus, Unbound should no longer ask which servers are responsible for .de or .org, for example, instead it has stored the data and keeps it up to date by comparing it with the root servers.