pihole and unbound problem

hi at all,

pihole only works when I enable custom DNS like here:

but it should work like this:

at least that is shown in pihole’s official documentation.

Why is that?

you would need to use custom entry

You are using incorrect port 5353 but it should be 5335

At least this was the change done on 7.0 release. Maybe you installed unbound before and that’s why the other port is used? You can check it by running ss -tulpn | grep unbound. This should give the port unbound is running on

root@DietPiProd:~# ss -tulpn | grep unbound
udp     UNCONN   0        0     *      users:(("unbound",pid=520,fd=3))
tcp     LISTEN   0        256   *      users:(("unbound",pid=520,fd=4))


you are absolutely right, the port is now different than prior to 7.x.
I was able to remove the google upstream DNS servers. where does unbound get its data from?

what data you mean? The port configuration?

no, I mean the DNS data.

by default, unbound will use global rootDNS server as upstream and not one of the public dns provider

good to know, thanks. strange thing is that I started completely from scratch and the unbound entry (in pihole) was not created automatically. was that changed?

this is current behaviour but it will change on next release 7.1. I just checked it on development system

[ INFO ] DietPi-Software | Configuring Pi-hole to use Unbound
[  OK  ] DietPi-Software | sed -i /^[[:blank:]]*server=/d /etc/dnsmasq.d/01-pihole.conf
[  OK  ] DietPi-Software | Added setting server= to end of file /etc/dnsmasq.d/01-pihole.conf
[  OK  ] DietPi-Software | systemctl restart pihole-FTL
[  OK  ] DietPi-Software | Setting in /etc/pihole/setupVars.conf adjusted: PIHOLE_DNS_1=
[  OK  ] DietPi-Software | sed -i /^[[:blank:]]*PIHOLE_DNS_2=/d /etc/pihole/setupVars.conf

There you see configuration was adjusted

thanks joulinar for letting me know so exactly. when unbound cannot resolve a domain name, the query then falls back to the router’s/provider’s default DNS server, right?

I don’t think so. Because Unbound did not know anything on your router. Usually Unbound should be able because it’s asking rootDNS server on the DNS request. And there is no higher level on the DNS server world :slight_smile: . As well Unbound will ask multiple root server. If you are interested, you could watch DNS traffic using tcpdump

so with unbound my router’s/ISP’s DNS server would be completely irrelevant because the query is answered within my own network (unbound handles this)?

Correct, as long as you ensure every device is connected to Unbound (via Pihole).