Clarification for Installation Order in the unbound Guide

Hello together

I hope meta is the proper place to post this.

I followed the unbound guide here: https://docs.pi-hole.net/guides/unbound/
I'm running Raspbian buster.

The guide does not specify in which order Pi-hole and unbound should be installed, so I thought it would make sense to first install unbound, so it's already available when installing Pi-hole.

The subsequent problem with this is apparently, that the installation of unbound itself registered localhost as DNS server, i.e. /etc/resolv.conf is changed to 127.0.0.1 and ::1 and unbound is immediately started. (I know, that this file is handled by systemd.)

You can also see it here in the messages provided in this reddit post: https://www.reddit.com/r/pihole/comments/faf0y6/unbound_fails_to_install_with_pihole/
(Note the beginning, were OP calls sudo apt install unbound and the installation process already creates an error message during post-installation).

A simple apt install unbound apparently already starts unbound and points the machine to it.
I checked the .deb-file, and even though I'm no expert on this, the code in postinst looks like it defaults to start unbound as part of package installation.

I'm not sure, whether this might be a buster issue, because I found a lot of posts on the Internet, dating back to 2016 and claiming that unbound immediately starts after installation.

This, however, immediately breaks the device's DNS configuration, when unbound is subsequently configured not to listen to port 53, making it impossible to install Pi-hole.
Changing /etc/resolv.conf by hand works as a temporary solution; after reboot, systemd restores the file according to unbound's wishes.

So: In order to install Pi-hole after installing unbound, the user must first change /etc/resolv.conf back to a working configuration with another DNS server, then change unbound's port and finally restart unbound, so port 53 is free.

So, I'd propose to clarify in the guide mentioned above, that Pi-hole should be installed first.
Then, the unbound configuration file should be created with a different port.
Only then unbound should be installed.
It will immediately start, but then listen on the port given in the config file.
Then, one should reboot the system, so /etc/resolv.conf is properly populated by systemd (unbound tells systemd to use localhost).

I wonder, whether other people who install Pi-hole first and then simply type apt install unbound don't get a final error message such as in the reddit post mentioned above, with unbound complaining about port 53 not being available.
If so, the instruction list given above should prevent any errors.

Best regards

That is the assumption of the guide. You have Pi-hole up and running and now you want to install unbound as the upstream DNS server.

If you don't install unbound, then the directory for the configuration file does not exist. It's simpler to install unbound, then put the configuration file in the newly created directory.

They do, and it's on my to-do list to change this part of the documentation. Basically, ignore the error on unbound start, and it will fix itself once the configuration file is in place in the subsequent steps.

This could be easily worked around by
sudo mkdir -p /etc/unbound/unbound.conf.d/

The use of sudo will ensure proper permissions for the folder.