Hi,
I've set up Pi-hole on a Raspberry Pi 4 to block unwanted adds. Works perfectly so far. I'd like to add some more privacy to my system and I've therefor installed unbound using the Pi-hole guide.
When running 'dig DOMAIN -p 5335' on the Raspberry Pi 4, it gets the correct information etc. So far so good. I then added "127.0.0.1#5335" to Custom 1 in the Pi-hole DNS configuration, unticked the boxes for the Quad9 DNS and restartet the DNS server.
If I know run 'dig DOMAIN' it gets the same results as before, but I can see it uses 127.0.0.1#53 as the server of choice (Pi-hole?). Is this the correct behaviour?
Is there some way that I can check Pi-hole does in fact use unbound (127.0.0.1#5335) as its DNS server? I've checked /etc/resolv.conf and /etc/dhcpcp.conf and here I get:
/etc/resolv.conf:
nameserver 127.0.0.1
/etc/dhcpcp.conf (the last line):
static domain_name_servers=9.9.9.11 149.112.112.11
Isn't this Quad9 servers? Am I doing something wrong?
If you see your own IP address as the address of the DNS server you are in good shape.
When you have an IPv6 connection you may see two DNS addressses, one for your IPv4 and one for your IPv6.
If this is running on the Pi, then you are using the loopback address for DNS resolution, which leads to Pi-hole. Pi-hole, in turn, is using your local instance of unbound for DNS resolution as specified in your upstream DNS server settings.
You can verify this several ways:
(1) In the query log you will see the following in the status column for queries not blocked by Pi-hole:
(2) In the dnsmasq log at /var/log/pihole.log, you will see an entry similar to the following for a query that is not blocked:
Feb 1 14:38:31 dnsmasq[13890]: forwarded mesu.apple.com to 127.0.0.1
(3) After 24 hours following this change to upstream DNS resolvers, your dashboard will show the following - only one upstream server and it will be localhost on the port you specified:
