pihole shows “127.0.0.1#5353” under DNS. is there a way to really test if unbound is working?
best wishes.
journalctl -u unbound outputs
Jan 11 23:32:38 DietPi systemd[1]: Starting Unbound DNS server...
Jan 11 23:32:38 DietPi package-helper[1458]: /var/lib/unbound/root.key does not exist, copying from /usr/share/dns/root.key
Jan 11 23:32:38 DietPi package-helper[1458]: /var/lib/unbound/root.key has content
Jan 11 23:32:38 DietPi package-helper[1458]: success: the anchor is ok
Jan 11 23:32:38 DietPi unbound[1463]: [1610407958] unbound[1463:0] error: can't bind socket: Address already in use for ::1 port 53
Jan 11 23:32:38 DietPi unbound[1463]: [1610407958] unbound[1463:0] fatal error: could not open ports
Jan 11 23:32:38 DietPi systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE
Jan 11 23:32:38 DietPi systemd[1]: unbound.service: Failed with result 'exit-code'.
Jan 11 23:32:38 DietPi systemd[1]: Failed to start Unbound DNS server.
Jan 11 23:32:38 DietPi systemd[1]: unbound.service: Service RestartSec=100ms expired, scheduling restart.
Jan 11 23:32:38 DietPi systemd[1]: unbound.service: Scheduled restart job, restart counter is at 1.
Jan 11 23:32:38 DietPi systemd[1]: Stopped Unbound DNS server.
Jan 11 23:32:38 DietPi systemd[1]: Starting Unbound DNS server...
Jan 11 23:32:39 DietPi package-helper[1489]: /var/lib/unbound/root.key has content
Jan 11 23:32:39 DietPi package-helper[1489]: success: the anchor is ok
Jan 11 23:32:40 DietPi unbound[1511]: [1610407960] unbound[1511:0] error: can't bind socket: Address already in use for ::1 port 53
Jan 11 23:32:40 DietPi unbound[1511]: [1610407960] unbound[1511:0] fatal error: could not open ports
Jan 11 23:32:40 DietPi systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE
Jan 11 23:32:40 DietPi systemd[1]: unbound.service: Failed with result 'exit-code'.
Jan 11 23:32:40 DietPi systemd[1]: Failed to start Unbound DNS server.
Jan 11 23:32:40 DietPi systemd[1]: unbound.service: Service RestartSec=100ms expired, scheduling restart.
Jan 11 23:32:40 DietPi systemd[1]: unbound.service: Scheduled restart job, restart counter is at 2.
Jan 11 23:32:40 DietPi systemd[1]: Stopped Unbound DNS server.
Jan 11 23:32:40 DietPi systemd[1]: Starting Unbound DNS server...
Jan 11 23:32:41 DietPi package-helper[1519]: /var/lib/unbound/root.key has content
Jan 11 23:32:41 DietPi package-helper[1519]: success: the anchor is ok
Jan 11 23:32:41 DietPi unbound[1523]: [1610407961] unbound[1523:0] error: can't bind socket: Address already in use for ::1 port 53
Jan 11 23:32:41 DietPi unbound[1523]: [1610407961] unbound[1523:0] fatal error: could not open ports
Jan 11 23:32:41 DietPi systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE
Jan 11 23:32:41 DietPi systemd[1]: unbound.service: Failed with result 'exit-code'.
Jan 11 23:32:41 DietPi systemd[1]: Failed to start Unbound DNS server.
Jan 11 23:32:41 DietPi systemd[1]: unbound.service: Service RestartSec=100ms expired, scheduling restart.
Jan 11 23:32:41 DietPi systemd[1]: unbound.service: Scheduled restart job, restart counter is at 3.
Jan 11 23:32:41 DietPi systemd[1]: Stopped Unbound DNS server.
Jan 11 23:32:41 DietPi systemd[1]: Starting Unbound DNS server...
Jan 11 23:32:43 DietPi package-helper[1544]: /var/lib/unbound/root.key has content
Jan 11 23:32:43 DietPi package-helper[1544]: success: the anchor is ok
Jan 11 23:32:43 DietPi unbound[1548]: [1610407963] unbound[1548:0] error: can't bind socket: Address already in use for ::1 port 53
Jan 11 23:32:43 DietPi unbound[1548]: [1610407963] unbound[1548:0] fatal error: could not open ports
Jan 11 23:32:43 DietPi systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE
Jan 11 23:32:43 DietPi systemd[1]: unbound.service: Failed with result 'exit-code'.
Jan 11 23:32:43 DietPi systemd[1]: Failed to start Unbound DNS server.
Jan 11 23:32:43 DietPi systemd[1]: unbound.service: Service RestartSec=100ms expired, scheduling restart.
Jan 11 23:32:43 DietPi systemd[1]: unbound.service: Scheduled restart job, restart counter is at 4.
Jan 11 23:32:43 DietPi systemd[1]: Stopped Unbound DNS server.
Jan 11 23:32:43 DietPi systemd[1]: Starting Unbound DNS server...
Jan 11 23:32:43 DietPi package-helper[1558]: /var/lib/unbound/root.key has content
Jan 11 23:32:43 DietPi package-helper[1558]: success: the anchor is ok
Jan 11 23:32:44 DietPi unbound[1575]: [1610407964] unbound[1575:0] error: can't bind socket: Address already in use for ::1 port 53
Jan 11 23:32:44 DietPi unbound[1575]: [1610407964] unbound[1575:0] fatal error: could not open ports
Jan 11 23:32:44 DietPi systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE
Jan 11 23:32:44 DietPi systemd[1]: unbound.service: Failed with result 'exit-code'.
Jan 11 23:32:44 DietPi systemd[1]: Failed to start Unbound DNS server.
Jan 11 23:32:44 DietPi systemd[1]: unbound.service: Service RestartSec=100ms expired, scheduling restart.
Jan 11 23:32:44 DietPi systemd[1]: unbound.service: Scheduled restart job, restart counter is at 5.
Jan 11 23:32:44 DietPi systemd[1]: Stopped Unbound DNS server.
Jan 11 23:32:44 DietPi systemd[1]: Starting Unbound DNS server...
Jan 11 23:32:44 DietPi package-helper[1594]: /var/lib/unbound/root.key has content
As already stated twice, do following and restart unbound afterwards
rm -vf /etc/unbound/unbound.conf.d/{dietpi-pihole,pi-hole}.conf
G_CONFIG_INJECT 'port:[[:blank:]]' ' port: 5353' /etc/unbound/unbound.conf.d/dietpi.conf
G_CONFIG_INJECT 'interface:[[:blank:]]' ' interface: 127.0.0.1' /etc/unbound/unbound.conf.d/dietpi.conf
G_CONFIG_INJECT 'verbosity:[[:blank:]]' ' verbosity: 3' /etc/unbound/unbound.conf.d/dietpi.conf
G_CONFIG_INJECT 'log-queries:[[:blank:]]' ' log-queries: yes' /etc/unbound/unbound.conf.d/dietpi.conf
already done:
whatsmydnsserver tells me:
Your DNS Server 172.253.1.197
Owner of this server Google LLC
Status of this server Everything is fine
Your DNS Server 172.217.33.193
Owner of this server Google
Status of this server Everything is fine
Click here for more information about your results
That’s the DNS server of your DietPi device and that’s correct. Important is that your network devices at home using pihole
all network devices use pihole since it is the DNS of my router.
Unselect Google as upstream DNS server
done. now my DNS is my own IP:
Your DNS Server 93.214.118.18
Owner of this server Deutsche Telekom AG
Status of this server Everything is fine
you can check inside PiHole > QueryLog what is done. On the status you should see which upstream DNS is used
cannot see a DNS at all here:
your network devices are not using PiHole if there are no other clients, except the Test-PC, showing up
only test-pc is active at the moment. but there is no DNS shown in queries.
there is no other DNS in my router than pihole:
so devices only have that option.
in this case you fritz.box should be showing up inside PiHole. But this dosn’t seems to be se case. At least you would need to check in PiHole if your fritz.box is logged as a client.
Another option is to distribute PiHole DNS server together with DHCP server settings. This can be done network settings inside your fritz.box
for IPv4
for IPv6
This way, all clients should show up individually on PiHole and not combined as fritz.box. It will allow more detailed settings per client if needed.
did you checked on your clients what DNS settings are?
Hello members.
I also had very big problems installing Unbound.
Error 1: When installing Unbound, the same error as naddel81
There was an error in /etc/unbound/unbound.conf.d/dietpi.conf
access-control: 0.0.0.0/0 refuse
access-control: 127.0.0.1 allow
access-control: 192.168.1
192.168.4.0/24 allow
private-address: 192.168.0.0/16
“192.168.4.0/24 allow” wrongly set
Solution: deleted or set # and the install was successful.
The same as from Joulinar
Error 2: I couldn’t resolve dig pi-hole.net @ 127.0.0.1 -p 5335
; << >> DiG 9.11.5-P4-5.1 + deb10u1-Raspbian << >> pi-hole.net @ 127.0.0.1 -p 5335
;; global options: + cmd
;; connection timed out; no servers could be reached
Solution:
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A OUTPUT -o lo -j ACCEPT
reboot
My question:
1: must comment out in /etc/systemd/resolved.conf # DNSSEC = allow-downgrade and replace allow-downgrade with off?
2: does /etc/resolv.conf nameserver have to be changed to 127.0.0.1?
3: systemctl status dhcpcd.service is inactive (dead), is that correct?
4: systemctl status unbound-resolvconf.service is inactive (dead), is that correct?
5: how to update from /var/lib/unbound/root.hints. Once in six months? about cromjob? or is that already automated by dietpi?
6: Which other settings have to be set in order to use Unbound correctly?
I am still skeptical, will watch the function for the next few days, but it seems to work.
Many Thanks!
thanks for your help.
one more thing: which upstream DNS does unbound relate to? where does it get its DNS data from? and is an adblocker pre-configured in dietpi’s config for unbound?
Hi,
Unbound is using global root DNS server. Adblocking is done by PiHole. Basically it’s as follow
Client > PiHole > Unbound > global root DNS