pihole is not resolving dns anymore
I have two pis that did a great job in the past and now both failed simultaneously.
I am running unbound on both. pi1 is running vaultwarden in a docker container, therefore the webserver's port has been moved to 8000. I can reach the webservers without problems (on both pis)
Now, when I run a dig whatever.tld @pihole1 or @pihole2 I do get a SERVFAIL
Since both piholes were not resolving, I had to switch my network back and make the router distribute the providers DNS. This is just a temp workaround for the time I’m trying to fix local DNS resolver.
Consistent SERVFAILs for arbitrary domains usually hint at an upstream issue.
From your debug log, you are using unbound as upstream.
As that is using DNSSEC, and DNSSEC in turn requires acurate time, you should verify that your Pi-hole host's local time and time zone information is correct.
In addition, if you'd upgraded to an OS of the Debian Bullseye variety recently, you may want to check for potential DNS loops caused by an unlucky combination of unbound's and openresolv's package defaults.
Check your unbound configuration for potentially unwanted references to resolvconf_resolvers.conf
Thanks for your reply. I'll check on unbound and time settings when I get back home.
Yes, I am using unbound as local resolver. This used to work just fine but stopped working all of a sudden (not triggered by package updates or dist-upgrade). The only thing I can image is that a sudden power outage corrupted files on the SD card. On the other hand, it would be quite random that a power cut corrupts unbound on two devices and everything else continues to work. Let me check the items you mentioned and I'll get back.
[1676315233] unbound[368:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
[1676315233] unbound[368:0] info: generate keytag query _ta-4f66. NULL IN
[1676315233] unbound[368:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
[1676315339] unbound[368:0] info: generate keytag query _ta-4f66. NULL IN
[1676315339] unbound[368:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
[1676315339] unbound[368:0] info: generate keytag query _ta-4f66. NULL IN
[1676315339] unbound[368:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
[1676315339] unbound[368:0] info: generate keytag query _ta-4f66. NULL IN
[1676315339] unbound[368:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
[1676315339] unbound[368:0] info: generate keytag query _ta-4f66. NULL IN
[1676315339] unbound[368:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
[1676315339] unbound[368:0] info: generate keytag query _ta-4f66. NULL IN
[1676315339] unbound[368:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
[1676315339] unbound[368:0] info: generate keytag query _ta-4f66. NULL IN
[1676315339] unbound[368:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
[1676323217] unbound[368:0] info: generate keytag query _ta-4f66. NULL IN
[1676328661] unbound[368:0] info: service stopped (unbound 1.13.1).
[1676328662] unbound[368:0] info: server stats for thread 0: 5 queries, 1 answers from cache, 4 recursions, 0 prefetch, 0 rejected by ip ratelimiting
[1676328662] unbound[368:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
[1676328662] unbound[368:0] info: average recursion processing time 0.056727 sec
[1676328662] unbound[368:0] info: histogram of recursion processing times
[1676328662] unbound[368:0] info: [25%]=0.032768 median[50%]=0.065536 [75%]=0.098304
[1676328662] unbound[368:0] info: lower(secs) upper(secs) recursions
[1676328662] unbound[368:0] info: 0.016384 0.032768 1
[1676328662] unbound[368:0] info: 0.032768 0.065536 1
[1676328662] unbound[368:0] info: 0.065536 0.131072 2
[1676328695] unbound[372:0] notice: init module 0: subnet
[1676328695] unbound[372:0] notice: init module 1: validator
[1676328695] unbound[372:0] notice: init module 2: iterator
[1676328696] unbound[372:0] info: start of service (unbound 1.13.1).
[1676405719] unbound[372:0] info: generate keytag query _ta-4f66. NULL IN
[1676405719] unbound[372:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
[1676405719] unbound[372:0] info: generate keytag query _ta-4f66. NULL IN
[1676405719] unbound[372:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
[1676405719] unbound[372:0] info: generate keytag query _ta-4f66. NULL IN
[1676405719] unbound[372:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
[1676405719] unbound[372:0] info: generate keytag query _ta-4f66. NULL IN
[1676405719] unbound[372:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
[1676405719] unbound[372:0] info: generate keytag query _ta-4f66. NULL IN
[1676405719] unbound[372:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
[1676405719] unbound[372:0] info: generate keytag query _ta-4f66. NULL IN
[1676405719] unbound[372:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN