Unbound not working with pi-hole

xMike · 25 September 2022 23:28

Creating a bug report/issue

Required Information

DietPi version
G_DIETPI_VERSION_CORE=8
G_DIETPI_VERSION_SUB=9
G_DIETPI_VERSION_RC=2
Distro version | bullseye 0
Kernel version | Linux Pi-hole 5.15.61-v8+ #1579 SMP PREEMPT Fri Aug 26 11:16:44 BST 2022 aarch64 GNU/Linux
SBC model | RPi 4 Model B (aarch64)
SD card used | SAMSUNG EVO+

Additional Information (if applicable)

Software title | unbound
Was the software title installed freshly or updated/migrated? installed freshly from dietpi-software
Can this issue be replicated on a fresh installation of DietPi? yes

Steps to reproduce

installed unbound from dietpi-software
confirmed 127.0.0.1#5335 set for upstream dns server

Expected behaviour

unbound should be working together with pi-hole

Actual behaviour

dns requests failing, unable to surf the internet

Extra details

unbound installation successful, but can’t get working with pi-hole
pi-hole works fine on its own or with cloudflared (doh)

Joulinar · 26 September 2022 07:40

can you reboot your system and check service, logs and LISTEN ports

systemctl status unbound
journalctl -u unbound
ss -tulpn | grep LISTEN

xMike · 26 September 2022 07:55

thank you for responding

xMike · 26 September 2022 07:56

xMike · 26 September 2022 07:56

Joulinar · 26 September 2022 08:18

first of all, no need to do screen prints. They are not needed at all. You could copy everything from SSH terminal.

Ok Unbound is running and LISTEN to correct port. Let’s check why it did not answer DNS request

dig @127.0.0.1 -p 5335 google.com

xMike · 26 September 2022 08:21

sorry

root@Pi-hole:~# dig @127.0.0.1 -p 5335 google.com

; <<>> DiG 9.16.33-Debian <<>> @127.0.0.1 -p 5335 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 41322
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com.                    IN      A

;; Query time: 4 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1)
;; WHEN: Mon Sep 26 01:20:49 PDT 2022
;; MSG SIZE  rcvd: 39

Joulinar · 26 September 2022 08:58

ok Unbound is working but somehow having issues to complete the request. Let’s increase the log level and investigate further. First remove Unbound from PiHole configuration pls, until we found the issues. Once done, reboot the system and do following:

G_CONFIG_INJECT '        verbosity:' '        verbosity:2' /etc/unbound/unbound.conf.d/dietpi.conf
systemctl restart unbound
dig @127.0.0.1 -p 5335 google.com
journalctl -u unbound.service

xMike · 26 September 2022 09:03

thank you. unbound has been removed from pihole configuration and system restarted

root@Pi-hole:~# G_CONFIG_INJECT '        verbosity:' '        verbosity:2' /etc/unbound/unbound.conf.d/dietpi.conf
[  OK  ] G_CONFIG_INJECT | Added setting         verbosity:2 to end of file /etc/unbound/unbound.conf.d/dietpi.conf
root@Pi-hole:~# systemctl restart unbound
root@Pi-hole:~# dig @127.0.0.1 -p 5335 google.com

; <<>> DiG 9.16.33-Debian <<>> @127.0.0.1 -p 5335 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 56833
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com.                    IN      A

;; Query time: 216 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1)
;; WHEN: Mon Sep 26 02:01:27 PDT 2022
;; MSG SIZE  rcvd: 39

root@Pi-hole:~# journalctl -u unbound.service
-- Journal begins at Mon 2022-09-26 01:59:58 PDT, ends at Mon 2022-09-26 02:01:27 PDT. --
Sep 26 02:00:27 Pi-hole systemd[1]: Starting Unbound DNS server...
Sep 26 02:00:28 Pi-hole systemd[1]: Started Unbound DNS server.
Sep 26 02:00:28 Pi-hole unbound[451]: [451:0] info: start of service (unbound 1.13.1).
Sep 26 02:01:21 Pi-hole unbound[451]: [451:0] info: service stopped (unbound 1.13.1).
Sep 26 02:01:21 Pi-hole systemd[1]: Stopping Unbound DNS server...
Sep 26 02:01:21 Pi-hole systemd[1]: unbound.service: Succeeded.
Sep 26 02:01:21 Pi-hole systemd[1]: Stopped Unbound DNS server.
Sep 26 02:01:21 Pi-hole systemd[1]: Starting Unbound DNS server...
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] notice: init module 0: subnet
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] notice: init module 1: validator
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] notice: init module 2: iterator
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: start of service (unbound 1.13.1).
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: resolving . DNSKEY IN
Sep 26 02:01:21 Pi-hole systemd[1]: Started Unbound DNS server.
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: priming . IN NS
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: response for . NS IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 192.33.4.12#53
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: query response REC_LAME: recursive but not authoritative server
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: mark as REC_LAME
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: response for . NS IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 192.203.230.10#53
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: query response REC_LAME: recursive but not authoritative server
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: mark as REC_LAME
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: response for . NS IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 199.7.91.13#53
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: query response REC_LAME: recursive but not authoritative server
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: mark as REC_LAME
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: response for . NS IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 193.0.14.129#53
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: query response REC_LAME: recursive but not authoritative server
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: mark as REC_LAME
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: response for . NS IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 192.112.36.4#53
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: query response REC_LAME: recursive but not authoritative server
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: mark as REC_LAME
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: response for . NS IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 192.5.5.241#53
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: query response REC_LAME: recursive but not authoritative server
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: mark as REC_LAME
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: response for . NS IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 198.41.0.4#53
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: query response REC_LAME: recursive but not authoritative server
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: mark as REC_LAME
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: response for . NS IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 192.36.148.17#53
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: query response REC_LAME: recursive but not authoritative server
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: mark as REC_LAME
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: response for . NS IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 199.7.83.42#53
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: query response REC_LAME: recursive but not authoritative server
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: mark as REC_LAME
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: response for . NS IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 198.97.190.53#53
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: query response REC_LAME: recursive but not authoritative server
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: mark as REC_LAME
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: response for . NS IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 192.58.128.30#53
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: query response REC_LAME: recursive but not authoritative server
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: mark as REC_LAME
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: response for . NS IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 202.12.27.33#53
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: query response REC_LAME: recursive but not authoritative server
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: mark as REC_LAME
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: response for . NS IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 199.9.14.201#53
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: query response REC_LAME: recursive but not authoritative server
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: mark as REC_LAME
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: response for . NS IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 199.7.91.13#53
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: query response was ANSWER
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: priming successful for . NS IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: resolving f.root-servers.net. A IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: resolving k.root-servers.net. A IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: resolving a.root-servers.net. A IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: response for f.root-servers.net. A IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 202.12.27.33#53
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: query response was nodata ANSWER
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: response for k.root-servers.net. A IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 198.97.190.53#53
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: query response was nodata ANSWER
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: response for a.root-servers.net. A IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 193.0.14.129#53
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: query response was nodata ANSWER
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: response for f.root-servers.net. A IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 199.7.83.42#53
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: query response was nodata ANSWER
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: response for k.root-servers.net. A IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 198.97.190.53#53
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: query response was nodata ANSWER
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: response for a.root-servers.net. A IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 192.203.230.10#53
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: query response was nodata ANSWER
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: response for f.root-servers.net. A IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 193.0.14.129#53
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: query response was ANSWER
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: response for k.root-servers.net. A IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 192.5.5.241#53
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: query response was ANSWER
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: response for a.root-servers.net. A IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 198.97.190.53#53
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: query response was ANSWER
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: resolving g.root-servers.net. A IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: resolving j.root-servers.net. A IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: resolving h.root-servers.net. A IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: resolving l.root-servers.net. A IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: resolving m.root-servers.net. A IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: resolving c.root-servers.net. A IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: resolving i.root-servers.net. A IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: resolving b.root-servers.net. A IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: resolving e.root-servers.net. A IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: resolving d.root-servers.net. A IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: response for m.root-servers.net. A IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 192.5.5.241#53
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: query response was ANSWER
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: resolving i.root-servers.net. A IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: resolving e.root-servers.net. A IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: resolving d.root-servers.net. A IN
Sep 26 02:01:21 Pi-hole unbound[1074]: [1074:0] info: resolving b.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving google.com. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving h.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving g.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving j.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving c.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving d.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving l.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving i.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving e.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving . DNSKEY IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving b.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving i.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving e.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: response for i.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 192.5.5.241#53
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: query response was nodata ANSWER
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: response for i.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 193.0.14.129#53
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: query response was ANSWER
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving e.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: response for e.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 193.0.14.129#53
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: query response was ANSWER
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: response for b.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 202.12.27.33#53
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: query response was ANSWER
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: response for l.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 202.12.27.33#53
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: query response was ANSWER
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving b.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving i.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving e.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: response for c.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 192.36.148.17#53
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: query response was ANSWER
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving b.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving e.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving i.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: response for d.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 199.9.14.201#53
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: query response was ANSWER
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving i.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving l.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving b.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving e.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: response for g.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 199.9.14.201#53
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: query response was ANSWER
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving i.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving l.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving b.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving d.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving e.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving c.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: response for j.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 192.36.148.17#53
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: query response was ANSWER
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving c.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving e.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving l.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving i.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving g.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving d.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: response for h.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 192.203.230.10#53
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: query response was ANSWER
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving e.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving l.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving j.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving i.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving e.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving c.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving b.root-servers.net. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: response for google.com. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 198.41.0.4#53
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: query response was nodata ANSWER
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: response for . DNSKEY IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 193.0.14.129#53
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: query response was ANSWER
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: response for google.com. A IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 198.41.0.4#53
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: query response was ANSWER
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: prime trust anchor
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: generate keytag query _ta-4f66. NULL IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving . DNSKEY IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: validate keys with anchor(DS): sec_status_bogus
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving _ta-4f66. NULL IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: prime trust anchor
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving . DNSKEY IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: validate keys with anchor(DS): sec_status_bogus
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: prime trust anchor
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: generate keytag query _ta-4f66. NULL IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving . DNSKEY IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: response for _ta-4f66. NULL IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 192.36.148.17#53
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: query response was nodata ANSWER
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: response for . DNSKEY IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 192.36.148.17#53
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: query response was ANSWER
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: validate keys with anchor(DS): sec_status_bogus
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: prime trust anchor
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: generate keytag query _ta-4f66. NULL IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving . DNSKEY IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: response for _ta-4f66. NULL IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 202.12.27.33#53
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: query response was NXDOMAIN ANSWER
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: response for . DNSKEY IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 202.12.27.33#53
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: query response was ANSWER
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: validate keys with anchor(DS): sec_status_bogus
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: prime trust anchor
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: generate keytag query _ta-4f66. NULL IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving . DNSKEY IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving _ta-4f66. NULL IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: response for _ta-4f66. NULL IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 199.7.91.13#53
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: query response was NXDOMAIN ANSWER
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: response for . DNSKEY IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 198.97.190.53#53
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: query response was ANSWER
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: validate keys with anchor(DS): sec_status_bogus
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: prime trust anchor
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: generate keytag query _ta-4f66. NULL IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving . DNSKEY IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: resolving _ta-4f66. NULL IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: response for . DNSKEY IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 199.7.91.13#53
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: query response was ANSWER
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: validate keys with anchor(DS): sec_status_bogus
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: Could not establish a chain of trust to keys for . DNSKEY IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: response for _ta-4f66. NULL IN
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: reply from <.> 192.112.36.4#53
Sep 26 02:01:27 Pi-hole unbound[1074]: [1074:0] info: query response was NXDOMAIN ANSWER

Joulinar · 26 September 2022 09:20

what is the local DNS server you are using on DietPi directly?

cat /etc/resolv.conf

xMike · 26 September 2022 09:21

root@Pi-hole:~# cat /etc/resolv.conf
nameserver 192.168.1.2

Joulinar · 26 September 2022 09:23

who is 192.168.1.2?? Is this the DietPi device or something else?

xMike · 26 September 2022 09:25

it’s the dietpi device itself. i’m guessing it’s set from my router?

Joulinar · 26 September 2022 09:50

ok, do you use DHCP or STATIC IP address on DietPi?

I would recommend using STATIC IP and change local DNS server to a global one like Quad9 or Cloudflare.

xMike · 26 September 2022 10:02

dietpi was originally set for dhcp with the router having it set via static

i’ve gone ahead and made the changes as you suggested so now both dietpi and router have it set to static and dns is now cloudflare

Joulinar · 26 September 2022 10:09

ok let’s check it, reboot the system and have a look to logs again

ip a
cat /etc/resolv.conf
journalctl -u unbound.service

WarHawk · 26 September 2022 10:09

The DNS on the DHCP server needs to be the IP of the Pihole machine so it hands out the DHCP requests to the clients, otherwise they won’t know where to send DNS requests…and bind Pihole to listen to it to eth0 or permit all origins, since it is behind the firewall of your router it should be safe.

You definitely want a static IP on the Pihole, or a static DNS assignment from your router.

You want the upstream DNS to be the 127.0.0.1#5335 to point pihole to send requests to the unbound service.

Joulinar · 26 September 2022 10:11

@WarHawk
pls don’t mix-up thinks. The issue is with unbound direcly not being able to initilize. This has nothing to do with DHCP settings and or PiHole. At least not directly

WarHawk · 26 September 2022 10:14

Ah so his Unbound service isn’t starting…gotcha

xMike · 26 September 2022 10:19

root@Pi-hole:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether dc:a6:32:5c:b4:63 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.2/24 brd 192.168.1.255 scope global eth0
       valid_lft forever preferred_lft forever
root@Pi-hole:~# cat /etc/resolv.conf
nameserver 1.1.1.1
nameserver 1.0.0.1
root@Pi-hole:~# journalctl -u unbound. Service
Failed to add match 'Service': Invalid argument

@WarHawk
thank you for trying to help though. it’s been driving me crazy