Hi, I have RPI 4 8GB with RPI OS 64-bit 2023-05-03-raspios-bullseye-arm64.img OS setup with RPI, PI-Hole up and running and configured to block ads, also using PI-Hole for DHCP.
I have unbound installed and configured from crosstalksolutionsDOTcom/the-worlds-greatest-pi-hole-and-unbound-tutorial-2023/
I deselected upstream DNS servers in PI-Hole and enable custom #1 field to 127.0.0.1#5335.
I have no internet access with custom 127.0.0.1#5335 set.
Any suggestions?
What are the outputs of the following commands from the Pi terminal?
sudo grep -v '#\|^$' -R /etc/unbound/unbound.conf*
dig pi-hole.net @127.0.0.1 -p5335
Sorry for a while reply, figuring out how to get the needed copied info to windows, finally got what you're asking for.
@raspberrypi:~ $ sudo grep -v '#\|^$' -R /etc/unbound/unbound.conf*
/etc/unbound/unbound.conf:include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:server:
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf: auto-trust-anchor-file: "/var/lib/unbound/root.key"
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf:forward-zone:
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf: name: "192.168.1.137"
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf: forward-addr: 192.168.1.137
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf:forward-zone:
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf: name: "."
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf: forward-addr: 192.168.1.137
/etc/unbound/unbound.conf.d/pi-hole.conf:server:
/etc/unbound/unbound.conf.d/pi-hole.conf:verbosity: 0
/etc/unbound/unbound.conf.d/pi-hole.conf:interface: 127.0.0.1
/etc/unbound/unbound.conf.d/pi-hole.conf:port: 5335
/etc/unbound/unbound.conf.d/pi-hole.conf:do-ip4: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:do-udp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:do-tcp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:do-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf:prefer-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf:harden-glue: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:harden-dnssec-stripped: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:use-caps-for-id: no
/etc/unbound/unbound.conf.d/pi-hole.conf:edns-buffer-size: 1232
/etc/unbound/unbound.conf.d/pi-hole.conf:prefetch: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:num-threads: 1
/etc/unbound/unbound.conf.d/pi-hole.conf:so-rcvbuf: 1m
/etc/unbound/unbound.conf.d/pi-hole.conf:private-address: 192.168.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf:private-address: 169.254.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf:private-address: 172.16.0.0/12
/etc/unbound/unbound.conf.d/pi-hole.conf:private-address: 10.0.0.0/8
/etc/unbound/unbound.conf.d/pi-hole.conf:private-address: fd00::/8
/etc/unbound/unbound.conf.d/pi-hole.conf:private-address: fe80::/10
@raspberrypi:~ $ dig pi-hole.net @127.0.0.1 -p5335
; <<>> DiG 9.16.42-Debian <<>> pi-hole.net @127.0.0.1 -p5335
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 35191
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;pi-hole.net. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1)
;; WHEN: Fri Jul 14 21:05:04 CDT 2023
;; MSG SIZE rcvd: 40
This is your problem. All your unbound queries are being forwarded to this IP (Pi-hole?), instead of unbound functioning as a recursive DNS server.
/etc/resolvconf.conf and comment out the last line which should then read:#unbound_conf=/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf
sudo rm /etc/unbound/unbound.conf.d/resolvconf_resolvers.conf
sudo service unbound restart
It is now working, thank you.
how do i go on about seeing "dns leak test" that pi hole & unbound is dns server rather my ISP?
thanks a lot 
i used this and shows my isp as my dns server.
edit
this shows my isp as dns server too.
do i have to point my router to 127.0.0.1#5335 rather the pi hole dns ip?
I see that DNS is getting handled by unbound.
OK (answered by localhost#5335)
Since unbound is a recursive resolver running at your home IP, most leak test sites associate the DNS server with your ISP.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.