[SOLVED] AdGuard Home - Unbound web interfaces not loading after install

DietPi version | dietpi@DietPi:~$ cat /boot/dietpi/.version
G_DIETPI_VERSION_CORE=8
G_DIETPI_VERSION_SUB=17
G_DIETPI_VERSION_RC=2
G_GITBRANCH='master'
G_GITOWNER='MichaIng'
G_LIVE_PATCH_STATUS[0]='not applied'
G_LIVE_PATCH_STATUS[1]='not applied'

Distro version | dietpi@DietPi:~$ echo $G_DISTRO_NAME $G_RASPBIAN
bullseye 0

Kernel version | uname -a
Linux DietPi 6.1.21-v8+ #1642 SMP PREEMPT Mon Apr  3 17:24:16 BST 2023 aarch64 GNU/Linux

SBC model | echo $G_HW_MODEL_NAME
RPi 3 Model B+ (aarch64)

Power supply used | (EG: 5V 1A RAVpower)
5V 3A
SD card used | (EG: SanDisk ultra)
SanDisk 32GB
DietPi v8.17.2 : 07:29 - Tue 05/23/23
Device model : RPi 3 Model B+ (aarch64)

AdGuard Home interface or Unbound interface are not loading after installing AdGuard Home via sudo dietpi-software, not even after rebooting the system

No Unbound or AdGuard Home file edited - just as per install

dietpie_userdata is moved to an external USB drive under /mnt/USBdrive/dietpi_userdata

dietpi@DietPi:~$ ls -alh /mnt/USBdrive/dietpi_userdata/adguardhome/
total 27M
drwxrwxrwx  3 adguardhome adguardhome 4.0K May 23 04:44 .
drwxrwxr-x 13 dietpi      dietpi      4.0K May 21 22:39 ..
-rwxr-xr-x  1 adguardhome adguardhome  27M Apr 18 15:15 AdGuardHome
-rw-rw-rw-  1 adguardhome adguardhome  587 Apr 18 15:15 AdGuardHome.sig
-rw-r--r--  1 adguardhome adguardhome 3.3K May 23 04:44 AdGuardHome.yaml
-rw-r--r--  1 adguardhome adguardhome  77K Apr 18 15:15 CHANGELOG.md
-rw-r--r--  1 adguardhome adguardhome  35K Apr 18 15:15 LICENSE.txt
-rw-r--r--  1 adguardhome adguardhome  22K Apr 18 15:15 README.md
drwxr-xr-x  3 adguardhome adguardhome 4.0K May 23 04:44 data
-rw-r--r--  1 adguardhome adguardhome   15 May 21 22:39 dietpi-unbound.conf

DietPi is installed in 192.168.1.10 via eth. WiFi is also enabled (192.168.1.60). Router is is 192.168.1.1
Both 192.168.1.10 and 192.168.1.60 are assigned permanently via the router (address reservation)
dietpi network is set to STATIC IP


Ethernet available
Change Mode    : [STATIC]
Copy           : Copy current address to "Static"
Static IP      : [192.168.1.10]
Static Mask    : [255.255.255.0]
Static Gateway : [192.168.1.1]
Static DNS     : [1.1.1.1 1.0.0.1]

WiFi available
Change Mode    : [STATIC]
Copy           : Copy current address to "Static"
Static IP      : [192.168.1.60]
Static Mask    : [255.255.255.0]
Static Gateway : [192.168.1.1]
Static DNS     : [1.1.1.1 1.0.0.1]
dietpi@DietPi:~$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether
    inet 192.168.1.10/24 brd 192.168.1.255 scope global eth0
       valid_lft forever preferred_lft forever
3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether
    inet 192.168.1.60/24 brd 192.168.1.255 scope global wlan0
       valid_lft forever preferred_lft forever

eth0 set as Static IP 192.168.1.10 via dietpi-config even though it was already set as reserved address in the router
wlan0 set as Static IP 192.168.1.60 via dietpi-config even though it was already set as reserved address in the router

When trying to access the web interface for any of the two:

192.168.1.10:8083
192.168.1.60:8083
192.168.1.10:5335
192.168.1.60:5335

the error message in the web browser is either unable to connect or connection has timed out

dietpi@DietPi:~$ sudo dietpi-services status

 DietPi-Services
─────────────────────────────────────────────────────
 Mode: status

[  OK  ] DietPi-Services | nmbd                 active (running) since Mon 2023-05-22 22:00:31 CEST; 31min ago
[  OK  ] DietPi-Services | smbd                 active (running) since Mon 2023-05-22 22:00:32 CEST; 31min ago
[  OK  ] DietPi-Services | nginx                active (running) since Mon 2023-05-22 22:00:36 CEST; 31min ago
[  OK  ] DietPi-Services | transmission-daemon  active (running) since Mon 2023-05-22 22:00:41 CEST; 31min ago
[  OK  ] DietPi-Services | jellyfin             active (running) since Mon 2023-05-22 22:00:41 CEST; 31min ago
[  OK  ] DietPi-Services | jackett              active (running) since Mon 2023-05-22 22:00:41 CEST; 31min ago
[  OK  ] DietPi-Services | sonarr               active (running) since Mon 2023-05-22 22:00:41 CEST; 31min ago
[  OK  ] DietPi-Services | radarr               active (running) since Mon 2023-05-22 22:00:41 CEST; 31min ago
[  OK  ] DietPi-Services | mosquitto            active (running) since Mon 2023-05-22 22:00:41 CEST; 31min ago
[  OK  ] DietPi-Services | home-assistant       active (running) since Mon 2023-05-22 22:00:41 CEST; 31min ago
[  OK  ] DietPi-Services | cron                 active (running) since Mon 2023-05-22 22:00:42 CEST; 31min ago
[  OK  ] DietPi-Services | ssh                  active (running) since Mon 2023-05-22 19:51:31 CEST; 2h 40min ago
[ INFO ] DietPi-Services | dietpi-vpn           inactive (dead)
[  OK  ] DietPi-Services | adguardhome          active (running) since Mon 2023-05-22 22:00:42 CEST; 31min ago
[  OK  ] DietPi-Services | unbound              active (running) since Mon 2023-05-22 21:59:57 CEST; 32min ago
[  OK  ] DietPi-Services | fail2ban             active (running) since Mon 2023-05-22 19:51:30 CEST; 2h 40min ago
[ INFO ] DietPi-Services | dietpi-cloudshell    inactive (dead)
[  OK  ] DietPi-Services | dietpi-dashboard     active (running) since Mon 2023-05-22 19:51:30 CEST; 2h 40min ago
[ INFO ] DietPi-Services | dietpi-ramlog        inactive (dead)
[  OK  ] DietPi-Services | dietpi-preboot       active (exited) since Mon 2023-05-22 19:51:08 CEST; 2h 41min ago
[  OK  ] DietPi-Services | dietpi-postboot      active (exited) since Mon 2023-05-22 19:51:30 CEST; 2h 40min ago
[ INFO ] DietPi-Services | dietpi-wifi-monitor  inactive (dead)
dietpi@DietPi:~$

Both adguard home and unbound are running

dietpi@DietPi:~$ ps aux
USER         PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
adguard+     425  9.2 51.7 1785888 488420 ?      Ssl  08:04   2:13 /mnt/dietpi_userdata/adguardhome/AdGuardHome
unbound      554  0.0  0.0  25408     0 ?        Ss   08:04   0:00 /usr/sbin/unbound -d -p

Unbound has open ports

dietpi@DietPi:~$ sudo ss -tulpn | grep unbound
udp   UNCONN 0      0           127.0.0.1:5335       0.0.0.0:*    users:(("unbound",pid=554,fd=3))
tcp   LISTEN 0      256         127.0.0.1:5335       0.0.0.0:*    users:(("unbound",pid=554,fd=4))
tcp   LISTEN 0      256         127.0.0.1:8953       0.0.0.0:*    users:(("unbound",pid=554,fd=5))
dietpi@DietPi:~$ ss -tulpn | grep LISTEN
tcp   LISTEN 0      256         127.0.0.1:5335       0.0.0.0:*
tcp   LISTEN 1      100           0.0.0.0:1883       0.0.0.0:*
tcp   LISTEN 0      256         127.0.0.1:8953       0.0.0.0:*
tcp   LISTEN 0      500           0.0.0.0:8989       0.0.0.0:*
tcp   LISTEN 0      128    192.168.1.10:40000      0.0.0.0:*
tcp   LISTEN 0      50            0.0.0.0:445        0.0.0.0:*
tcp   LISTEN 0      128           0.0.0.0:8123       0.0.0.0:*
tcp   LISTEN 0      511           0.0.0.0:443        0.0.0.0:*
tcp   LISTEN 0      512           0.0.0.0:8097       0.0.0.0:*
tcp   LISTEN 0      128           0.0.0.0:9091       0.0.0.0:*
tcp   LISTEN 0      511           0.0.0.0:80         0.0.0.0:*
tcp   LISTEN 0      128           0.0.0.0:22         0.0.0.0:*
tcp   LISTEN 0      128           0.0.0.0:51413      0.0.0.0:*
tcp   LISTEN 0      50            0.0.0.0:139        0.0.0.0:*
tcp   LISTEN 0      100              [::]:1883          [::]:*
tcp   LISTEN 0      50               [::]:445           [::]:*
tcp   LISTEN 0      128              [::]:8123          [::]:*
tcp   LISTEN 0      511              [::]:443           [::]:*
tcp   LISTEN 0      512                 *:9117             *:*
tcp   LISTEN 0      511              [::]:80            [::]:*
tcp   LISTEN 0      128              [::]:22            [::]:*
tcp   LISTEN 0      128              [::]:51413         [::]:*
tcp   LISTEN 0      512                 *:7878             *:*
tcp   LISTEN 0      1024                *:5252             *:*
tcp   LISTEN 0      50               [::]:139           [::]:*
dietpi@DietPi:~$

Unbound port 5335 is showing but not AdGuard Home port 8083

dietpi@DietPi:~$ cat /etc/resolv.conf
nameserver 1.1.1.1
nameserver 1.0.0.1
dietpi@DietPi:~$ dig 192.168.1.10 -p 53 google.com

; <<>> DiG 9.16.37-Debian <<>> 192.168.1.10 -p 53 google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 17116
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;192.168.1.10.                        IN      A

;; AUTHORITY SECTION:
.                       86400   IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2023052200 1800 900 604800 86400

;; Query time: 20 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Mon May 22 22:41:13 CEST 2023
;; MSG SIZE  rcvd: 118

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17467
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             263     IN      A       142.250.184.14

;; Query time: 16 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Mon May 22 22:41:13 CEST 2023
;; MSG SIZE  rcvd: 55
dietpi@DietPi:~$ dig 127.0.0.1 -p 5335 google.com

; <<>> DiG 9.16.37-Debian <<>> 127.0.0.1 -p 5335 google.com
;; global options: +cmd
;; connection timed out; no servers could be reached

;; connection timed out; no servers could be reached

dietpi@DietPi:~$ dig 127.0.0.1 -p 5335 google.com

; <<>> DiG 9.16.37-Debian <<>> 127.0.0.1 -p 5335 google.com
;; global options: +cmd
;; connection timed out; no servers could be reached

;; connection timed out; no servers could be reached

So
dig 127.0.0.1 -p 5335 google.com
is not succcessful

dietpi@DietPi:~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=119 time=15.1 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=119 time=13.9 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=119 time=14.8 ms

dietpi@DietPi:~$ ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.665 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.726 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.675 ms

But ping 192.168.1.1 takes a few seconds to output whereas ping 8.8.8.8 shows output is less than 1 second

dietpi@DietPi:~$ sudo journalctl -u unbound.service
-- Journal begins at Mon 2023-05-22 19:51:05 CEST, ends at Mon 2023-05-22 22:47:24 CEST. --
May 22 21:59:57 DietPi systemd[1]: Starting Unbound DNS server...
May 22 21:59:57 DietPi package-helper[12103]: /var/lib/unbound/root.key does not exist, copying from /usr/share/dns/root.key
May 22 21:59:57 DietPi unbound[12107]: [12107:0] info: start of service (unbound 1.13.1).
May 22 21:59:57 DietPi systemd[1]: Started Unbound DNS server.
dietpi@DietPi:~$ sudo journalctl -u adguardhome
-- Journal begins at Mon 2023-05-22 19:51:05 CEST, ends at Mon 2023-05-22 22:02:10 CEST. --
May 22 22:00:42 DietPi systemd[1]: Started AdGuard Home (DietPi).
May 22 22:00:43 DietPi AdGuardHome[12535]: 2023/05/22 22:00:43.849961 [info] AdGuard Home, version v0.107.29
May 22 22:00:43 DietPi AdGuardHome[12535]: 2023/05/22 22:00:43.890413 [info] tls: using default ciphers
May 22 22:00:44 DietPi AdGuardHome[12535]: 2023/05/22 22:00:44.026424 [error] hosts container: host "0.0.0.0" is invalid, ignoring
May 22 22:00:44 DietPi AdGuardHome[12535]: 2023/05/22 22:00:44.500114 [error] hosts container: host "1.03rid7_easycoops.filter.clickbank.net" is invalid, ignoring
May 22 22:00:44 DietPi AdGuardHome[12535]: 2023/05/22 22:00:44.500686 [error] hosts container: host "1.18rok_panico.filter.clickbank.net" is invalid, ignoring
May 22 22:00:44 DietPi AdGuardHome[12535]: 2023/05/22 22:00:44.514974 [error] hosts container: host "1.99plus_readinghs.filter.clickbank.net" is invalid, ignoring
May 22 22:00:44 DietPi AdGuardHome[12535]: 2023/05/22 22:00:44.515151 [error] hosts container: host "1._ancientsec.filter.clickbank.net" is invalid, ignoring
May 22 22:00:44 DietPi AdGuardHome[12535]: 2023/05/22 22:00:44.515904 [error] hosts container: host "1.adtrack36_claytonmax.filter.clickbank.net" is invalid, ignoring
May 22 22:00:44 DietPi AdGuardHome[12535]: 2023/05/22 22:00:44.516186 [error] hosts container: host "1.ahcpa_biblicalfx.filter.clickbank.net" is invalid, ignoring
May 22 22:00:44 DietPi AdGuardHome[12535]: 2023/05/22 22:00:44.516328 [error] hosts container: host "1.aim2u_btlife.filter.clickbank.net" is invalid, ignoring
May 22 22:00:44 DietPi AdGuardHome[12535]: 2023/05/22 22:00:44.516428 [error] hosts container: host "1.akademi_ezbattery.filter.clickbank.net" is invalid, ignoring
May 22 22:00:44 DietPi AdGuardHome[12535]: 2023/05/22 22:00:44.517344 [error] hosts container: host "1.alsahr8_quietplus.filter.clickbank.net" is invalid, ignoring

and list of invalid, ignoring goes on and on

The fact is the command line becomes so irresponsive it takes ages for a character I type to show and afer some minutes the system is not responsive anymore via SSH, so I have to directly connect a keyboard and a screen to the Raspberry Pi to log in and restore the system via dietpi-backup (restore option, excellent tool!) Eg. yesterday night it became irresponsive so I left it. Today in the morning I can ssh again, open a session and use DietPi

I’d like to reinstate that my connection to the Raspberry Pi is always via ssh; only to restore a backup I have to physically connect a keyboard and screen to it in order to run the restore.

Should I be able to access the Adguard Home web interface just afer install and before even setting Option 2 - Setup your router to use the AdGuard Home DNS server ? Or maybe the web interface is only accessible after setting Option 2 ? If you need additional feedback please let me know.

Links checked prior to submitting this request:

You shouldn’t use two network interfaces in parallel. Which route is prefered?
You could try and deactive one network interface and see what happens. It is reachable from the machine itself via localhost?

Also your are not able to resolve domains, but this could be because unbound can’t reach the internet (bc of the two network routes)

Thank you for your message. Eth is preferred 192.168.1.10 so ssh into DietPi (from the LAN) and

WiFi disabled via diepi-launcher > dietpi-config > network options adapters

Adapter Options
Ethernet     : Available | [On] | Connected
WiFi         : Not Found | [Off] | Disconnected

However, static eth setting seems to have defaulted to dhcp so I set it static again, reboot and check it again:

Ethernet Details:
Usage   : Sent = 25 MiB | Received = 119 MiB
Address : IP = 192.168.1.10 | Mask = 255.255.255.0 | Gateway = 192.168.1.1 | DNS = 1.1.1.1 1.0.0.1
DHCP/STATIC IP
Change Mode    : [STATIC]
Copy           : Copy current address to "Static"
Static IP      : [192.168.1.10]
Static Mask    : [255.255.255.0]
Static Gateway : [192.168.1.1]
Static DNS     : [1.1.1.1 1.0.0.1]

This time STATIC so ok.

More tests:

dietpi@DietPi:~$ sudo ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether
    inet 192.168.1.10/24 brd 192.168.68.255 scope global dynamic eth0
       valid_lft 4808sec preferred_lft 4808sec
dietpi@DietPi:~$

So only eth0, good

dietpi@DietPi:~$ dig 192.168.1.10 -p 53 google.com

; <<>> DiG 9.16.37-Debian <<>> 192.168.1.10 -p 53 google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 39545
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;192.168.1.10.                        IN      A

;; AUTHORITY SECTION:
.                       86400   IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2023052300 1800 900 604800 86400

;; Query time: 16 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Tue May 23 09:02:30 CEST 2023
;; MSG SIZE  rcvd: 118

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15060
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             210     IN      A       142.250.200.110

;; Query time: 12 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Tue May 23 09:02:30 CEST 2023
;; MSG SIZE  rcvd: 55
dietpi@DietPi:~$ dig 127.0.0.1 -p 5335 google.com

; <<>> DiG 9.16.37-Debian <<>> 127.0.0.1 -p 5335 google.com
;; global options: +cmd
;; connection timed out; no servers could be reached

;; connection timed out; no servers could be reached

So this dig fails as in my first post.

dietpi@DietPi:~$ cat /etc/resolv.conf
nameserver 1.1.1.1
nameserver 1.0.0.1

No changes here.

Even though port forwarding is enabled in the router external 22 to internal 22 in machine 192.168.1.10 connecting via ssh from the internet is not successful (error: connection timed out). Connecting via ssh within the LAN is successful, though.

Could you please clarify how to achieve this? I have some understanding of Linux but not a pro…

Also, if unbound can’t reach internet “but this could be because unbound can’t reach the internet (bc of the two network routes)”. I don’t know how to achieve this, but a bit of feedback and I can test extensively.

Thank you for your support indeed.

I noticed the following as well:

dietpi@DietPi:~$ sudo journalctl -u unbound
-- Journal begins at Tue 2023-05-23 09:11:43 CEST, ends at Tue 2023-05-23 15:24:22 CEST. --
May 23 15:22:25 DietPi systemd[1]: Starting Unbound DNS server...
May 23 15:22:26 DietPi package-helper[21770]: /var/lib/unbound/root.key does not exist, copying from /usr/share/dns/root.key
May 23 15:22:26 DietPi unbound[21774]: [21774:0] info: start of service (unbound 1.13.1).
May 23 15:22:26 DietPi systemd[1]: Started Unbound DNS server.

but…

dietpi@DietPi:~$ sudo systemctl status unbound-resolvconf.service
â—Ź unbound-resolvconf.service - Unbound DNS server via resolvconf
     Loaded: loaded (/lib/systemd/system/unbound-resolvconf.service; disabled; vendor preset: enabled)
     Active: inactive (dead)

May 23 15:22:26 DietPi systemd[1]: Condition check resulted in Unbound DNS server via resolvconf being skipped.
May 23 15:22:27 DietPi systemd[1]: Condition check resulted in Unbound DNS server via resolvconf being skipped.
dietpi@DietPi:~$ sudo systemctl status unbound.service
â—Ź unbound.service - Unbound DNS server
     Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor preset: enabled)
    Drop-In: /etc/systemd/system/unbound.service.d
             └─dietpi.conf
     Active: active (running) since Tue 2023-05-23 15:22:26 CEST; 2min 36s ago
       Docs: man:unbound(8)
   Main PID: 21774 (unbound)
      Tasks: 1 (limit: 1024)
        CPU: 344ms
     CGroup: /system.slice/unbound.service
             └─21774 /usr/sbin/unbound -d -p

May 23 15:22:25 DietPi systemd[1]: Starting Unbound DNS server...
May 23 15:22:26 DietPi package-helper[21770]: /var/lib/unbound/root.key does not exist, copying from /usr/share/dns/root.key
May 23 15:22:26 DietPi unbound[21774]: [21774:0] info: start of service (unbound 1.13.1).
May 23 15:22:26 DietPi systemd[1]: Started Unbound DNS server.
dietpi@DietPi:~$ sudo systemctl status adguardhome.service
â—Ź adguardhome.service - AdGuard Home (DietPi)
     Loaded: loaded (/etc/systemd/system/adguardhome.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2023-05-23 15:23:05 CEST; 4min 24s ago
   Main PID: 22201 (AdGuardHome)
      Tasks: 10 (limit: 1024)
        CPU: 53.733s
     CGroup: /system.slice/adguardhome.service
             └─22201 /mnt/dietpi_userdata/adguardhome/AdGuardHome

May 23 15:25:43 DietPi AdGuardHome[22201]: 2023/05/23 15:25:43.234622 [error] hosts container: host "zn_cutbb1dknby3njp-tuigroup.siteintercept.qualtrics.com" is invalid, ignoring
May 23 15:25:43 DietPi AdGuardHome[22201]: 2023/05/23 15:25:43.234656 [error] hosts container: host "zn_cydxfem8jrupnsj-qwebsite.siteintercept.qualtrics.com" is invalid, ignoring
May 23 15:25:43 DietPi AdGuardHome[22201]: 2023/05/23 15:25:43.234789 [error] hosts container: host "zn_d0bfdqlqg9ciloh-uber.siteintercept.qualtrics.com" is invalid, ignoring
May 23 15:25:43 DietPi AdGuardHome[22201]: 2023/05/23 15:25:43.234834 [error] hosts container: host "zn_dd4yceaftzmcwcz-tiaa2.siteintercept.qualtrics.com" is invalid, ignoring
May 23 15:25:43 DietPi AdGuardHome[22201]: 2023/05/23 15:25:43.234876 [error] hosts container: host "zn_eb5fvg8zad5ghtt-crain.siteintercept.qualtrics.com" is invalid, ignoring
May 23 15:25:43 DietPi AdGuardHome[22201]: 2023/05/23 15:25:43.234910 [error] hosts container: host "zn_ed65ynwxvsuk9lf-cbs.siteintercept.qualtrics.com" is invalid, ignoring
May 23 15:25:43 DietPi AdGuardHome[22201]: 2023/05/23 15:25:43.234947 [error] hosts container: host "zn_ejsytbr8b8t6jel-sonycorporation.siteintercept.qualtrics.com" is invalid, ignoring
May 23 15:25:43 DietPi AdGuardHome[22201]: 2023/05/23 15:25:43.234982 [error] hosts container: host "zn_elgllynyxrpbdgz-sygenta.siteintercept.qualtrics.com" is invalid, ignoring
May 23 15:25:43 DietPi AdGuardHome[22201]: 2023/05/23 15:25:43.235017 [error] hosts container: host "zn_exutbix8lsj3arv-mayoclinicsurveys.siteintercept.qualtrics.com" is invalid, ignoring
May 23 15:25:43 DietPi AdGuardHome[22201]: 2023/05/23 15:25:43.235051 [error] hosts container: host "zn_ezyilxhyzpbamlp-telus.siteintercept.qualtrics.com" is invalid, ignoring
dietpi@DietPi:~$

I don’t know up to what point unbound-resolvconf.service should show as Active, that might be the reason? opening e.g. Sonarr web interface should take a few seconds and now it takes like 1-2 minutes

Ok, just to try, I restored my backup again (followed by reboot) just to try dig and notice after restore
dietpi@DietPi:~$ dig 192.168.1.10 -p 53 google.com
runs perfect

but…

dietpi@DietPi:~$ dig 127.0.0.1 -p 5335 google.com

; <<>> DiG 9.16.37-Debian <<>> 127.0.0.1 -p 5335 google.com
;; global options: +cmd
;; connection timed out; no servers could be reached

;; connection timed out; no servers could be reached

Also, I have an extra Raspberry hostname DietPiDev Pi 192.168.1.30 eth0 STATIC (no WiFi) so I have tested the same commands

dietpi@DietPiDev:~$ cat /etc/resolv.conf
nameserver 1.1.1.1
nameserver 1.0.0.1

dietpi@DietPiDev:~$ dig 192.168.1.30 -p 53 google.com

runs perfect

dietpi@DietPiDev:~$ dig 127.0.0.1 -p 53 google.com

; <<>> DiG 9.16.37-Debian <<>> 127.0.0.1 -p 53 google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1240
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;127.0.0.1.                     IN      A

;; AUTHORITY SECTION:
.                       86400   IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2023052300 1800 900 604800 86400

;; Query time: 28 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Tue May 23 15:57:52 CEST 2023
;; MSG SIZE  rcvd: 113

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29390
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             277     IN      A       142.250.200.142

;; Query time: 24 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Tue May 23 15:57:52 CEST 2023
;; MSG SIZE  rcvd: 55

Dig on port 53 obviously (not 5335) runs perfect.

Just to test I run dig on 127.0.0.1 port 53 (after restore so no unbound nor adguard home):

dietpi@DietPi:~$ dig 127.0.0.1 -p 53 google.com

; <<>> DiG 9.16.37-Debian <<>> 127.0.0.1 -p 53 google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 173
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;127.0.0.1.                     IN      A

;; AUTHORITY SECTION:
.                       86400   IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2023052300 1800 900 604800 86400

;; Query time: 16 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Tue May 23 15:59:22 CEST 2023
;; MSG SIZE  rcvd: 113

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20179
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             178     IN      A       142.250.184.174

;; Query time: 16 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Tue May 23 15:59:22 CEST 2023
;; MSG SIZE  rcvd: 55

So it seems the issue is with dig dig 127.0.0.1 -p 5335 google.com after installing adguard home (and unbound automatically)

Your issue seems to be with Unbound and not with AGH because dig 127.0.0.1 -p 5335 google.com will ask Unbound directly. Therefore AGH is not involved at all. Can you check if Unbound is running and listen to port 5335

ss -tulpn | grep LISTEN 

AHHH now I see, you are using dig command incorrectly. Ist should be dig @127.0.0.1. You need to use an @ to specify a DNS server. Otherwise the local DNS configuration is used. As you can see on your dig output, it is using ;; SERVER: 1.1.1.1#53(1.1.1.1) . Actually using your incorrect command dig 127.0.0.1 -p 5335 will try to connect to Cloudflare 1.1.1.1 at port 5335. And this of cause is not working.

1 Like

Thank you, @Joulinar

Restored backup, installed AdGuard Home + Unbound

Tests:

dietpi@DietPi:~$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether
    inet 192.168.1.10/24 brd 192.168.68.255 scope global eth0
       valid_lft forever preferred_lft forever
dietpi@DietPi:~$ dig @192.168.1.10 -p 5335 google.com

; <<>> DiG 9.16.37-Debian <<>> @192.168.1.10 -p 5335 google.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

So just as expected

dietpi@DietPi:~$ dig @127.0.0.1 -p 5335 google.com

; <<>> DiG 9.16.37-Debian <<>> @127.0.0.1 -p 5335 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52924
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             30      IN      A       142.250.185.14

;; Query time: 4 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1)
;; WHEN: Wed May 24 08:51:17 CEST 2023
;; MSG SIZE  rcvd: 55

dietpi@DietPi:~$

Excellent! :smile: Just changed DNS setting in the router and done!

@Jappe thank you to as well of course! Because I think my issue was both about the two network interfaces being enabled and the dig command. Thank you to you two.