
unbound install error? Topic is solved
Re: unbound install error?
ATM there is a big German ISP testing around with DoH (DoT will follow). If they are not trustworthy, who should it be? 

Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Re: unbound install error?
I would like to thank you again for the great amount of help and information!
I will try both and find the best for me.
The setup doesn't look difficult, I hope there won't be any major problems! (in DietPi)
I will try both and find the best for me.
The setup doesn't look difficult, I hope there won't be any major problems! (in DietPi)
Re: unbound install error?
dietpi-pihole.conf was deleted and portMichaIng wrote: ↑Mon Feb 15, 2021 1:55 pm Another hint about Unbound config: Remove/etc/unbound/unbound.conf.d/dietpi-pihole.conf
and apply interface and port directly in/etc/unbound/unbound.conf.d/dietpi.conf
. We did falsely assume that dietpi-pihole.conf would override dietpi.conf, but actually it adds that ip/port binding, so Unbound would then listen on two ports. This is fixed with next release already.
If you want to use DoT, with Unbound the following should work: https://www.dnsknowledge.com/unbound/co ... -on-linux/
5353
and interface 127.0.0.1
added to dietpi.confdietpi-dot.conf was created with the CODE content!
So DoT it seems to be working!
1: How do I check / test this best?
tcpdump -vv -x -X -s 1500 -i eth0 'port 853'
workhost google.com 192.168.178.25
workdig @127.0.0.1 -p 5353 google.com
work
127.0.0.1#5353
or127.0.0.1#853
4: Must be changed to
5053
for DoH in dietpi.conf port?I couldn't test DoH via
tcpdump -vv -x -X -s 1500 -i eth0 'port 5053'
no output probably dietpi-dot.conf has to be removed first, together it doesn't seem to work.DoH
dig @ 127.0.0.1 -p 5053 google.com
is workingdnsleaktest output now:
Code: Select all
You use 3 DNS servers:
74.63.24.239 [United States of America AS42 WOODYNET-1]
74.63.24.242 [United States of America AS42 WOODYNET-1]
162.158.201.26 [AS13335 CLOUDFLARENET]
Re: unbound install error?
Note that Pi-hole does not know anything about how DNS requests are resolved upstream. It forwards requests to Unbound, cloudflared or whichever upstream is configured, gets an answer, and logs both, no matter if the upstream server was a recursive server or forwarded requests via DoT or DoH.
For DoT via Unbound,
For DoH via cloudflared according to Pi-hole docs,
:
For DoT via Unbound,
127.0.0.1#5353
is still correct yes. That port is independent from the method/protocol Unbound uses to resolve incoming requests.For DoH via cloudflared according to Pi-hole docs,
127.0.0.1#5053
is correct in Pi-hole, and Unbound (dietpi.conf) is not involved at all, so you could uninstall or disable/mask it, to not have an unnecessary service running 
systemctl mask unbound
Re: unbound install error?
Perfect, then it seems that I did everything right and it works!
Thank you again!