pihole and unbound problem

naddel81 · 28 April 2021 09:13

hi at all,

pihole only works when I enable custom DNS like here:

but it should work like this:

at least that is shown in pihole’s official documentation.

Why is that?

Joulinar · 28 April 2021 09:31

you would need to use custom entry 127.0.0.1#5335

You are using incorrect port 5353 but it should be 5335

At least this was the change done on 7.0 release. Maybe you installed unbound before and that’s why the other port is used? You can check it by running ss -tulpn | grep unbound. This should give the port unbound is running on

root@DietPiProd:~# ss -tulpn | grep unbound
udp     UNCONN   0        0              127.0.0.1:5335           0.0.0.0:*      users:(("unbound",pid=520,fd=3))
tcp     LISTEN   0        256            127.0.0.1:5335           0.0.0.0:*      users:(("unbound",pid=520,fd=4))
root@DietPiProd:~#

https://dietpi.com/docs/software/dns_servers/#unbound

naddel81 · 28 April 2021 09:35

you are absolutely right, the port is now different than prior to 7.x.
I was able to remove the google upstream DNS servers. where does unbound get its data from?

Joulinar · 28 April 2021 09:36

what data you mean? The port configuration?

naddel81 · 28 April 2021 09:41

no, I mean the DNS data.

Joulinar · 28 April 2021 10:15

by default, unbound will use global rootDNS server as upstream and not one of the public dns provider

naddel81 · 28 April 2021 10:22

good to know, thanks. strange thing is that I started completely from scratch and the unbound entry (in pihole) was not created automatically. was that changed?

Joulinar · 28 April 2021 11:05

this is current behaviour but it will change on next release 7.1. I just checked it on development system

[ INFO ] DietPi-Software | Configuring Pi-hole to use Unbound
[  OK  ] DietPi-Software | sed -i /^[[:blank:]]*server=/d /etc/dnsmasq.d/01-pihole.conf
[  OK  ] DietPi-Software | Added setting server=127.0.0.1#5335 to end of file /etc/dnsmasq.d/01-pihole.conf
[  OK  ] DietPi-Software | systemctl restart pihole-FTL
[  OK  ] DietPi-Software | Setting in /etc/pihole/setupVars.conf adjusted: PIHOLE_DNS_1=127.0.0.1#5335
[  OK  ] DietPi-Software | sed -i /^[[:blank:]]*PIHOLE_DNS_2=/d /etc/pihole/setupVars.conf

There you see configuration was adjusted

naddel81 · 28 April 2021 15:10

thanks joulinar for letting me know so exactly. when unbound cannot resolve a domain name, the query then falls back to the router’s/provider’s default DNS server, right?

Joulinar · 28 April 2021 15:14

I don’t think so. Because Unbound did not know anything on your router. Usually Unbound should be able because it’s asking rootDNS server on the DNS request. And there is no higher level on the DNS server world . As well Unbound will ask multiple root server. If you are interested, you could watch DNS traffic using tcpdump

naddel81 · 28 April 2021 15:24

so with unbound my router’s/ISP’s DNS server would be completely irrelevant because the query is answered within my own network (unbound handles this)?

Joulinar · 28 April 2021 15:26

Correct, as long as you ensure every device is connected to Unbound (via Pihole).