understood.
so both methods provide some layer of privacy, but when it comes to which one is better, what would be the criteria to judge upon?
For someone new like me, if I need to choose one or the other, it's not easy to follow the pros/cons of each method.
Unbound as a local recursive resolver eliminates a third party upstream DNS service. Cloudlfared does not. In my opinion that makes unbound preferable for privacy. You control your own resolver, no filtering, no third party has your DNS history.
I tried to highlight that in the short paragraphs that triggered this topic.
DoT or DoH would secure your connections to your DNS provider. While preventing your DNS traffic from third-party eaves-dropping, it does little in terms of privacy: Your chosen DNS provider still has your full DNS history.
Because unbound could also be configured to use DoT instead of acting as a recursive resolver, it's clearly the superior solution.
It won't do away with the fact that you have to decide for one way or the other, though. Both approaches - recursive resolver and DoT/DoH - offer some benefits the respective other cannot.
In the end, it comes down to a personal choice; see Best secure and privacy options for DNS for an in depth discussion of the underlying considerations.
1 Like
pi@raspberry:~ $ systemctl status unbound.service
● unbound.service - Unbound DNS server
Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2020-10-19 01:23:08 AEDT; 1min 26s ago
Docs: man:unbound(8)
Process: 4307 ExecStartPre=/usr/lib/unbound/package-helper chroot_setup (code=exited, status=1/FAILURE)
Process: 4310 ExecStartPre=/usr/lib/unbound/package-helper root_trust_anchor_update (code=exited, status=1/FAILURE)
Process: 4314 ExecStart=/usr/sbin/unbound -d $DAEMON_OPTS (code=exited, status=1/FAILURE)
Main PID: 4314 (code=exited, status=1/FAILURE)
Oct 19 01:23:08 raspberry systemd[1]: unbound.service: Service RestartSec=100ms expired, scheduling restart.
Oct 19 01:23:08 raspberry systemd[1]: unbound.service: Scheduled restart job, restart counter is at 5.
Oct 19 01:23:08 raspberry systemd[1]: Stopped Unbound DNS server.
Oct 19 01:23:08 raspberry systemd[1]: unbound.service: Start request repeated too quickly.
Oct 19 01:23:08 raspberry systemd[1]: unbound.service: Failed with result 'exit-code'.
Oct 19 01:23:08 raspberry systemd[1]: Failed to start Unbound DNS server.
debug token: https://tricorder.pi-hole.net/ys5691a9h3
Whats output for below two ?
sudo /usr/sbin/unbound -ddd -vvv -c /etc/unbound/unbound.conf
sudo grep -v '^\s*#\|^\s*$' -R /etc/unbound/unbound.conf*
EDIT: one more:
sudo netstat -nltup
first, I was running journalctl -xe
pi@raspberry:/etc/unbound $ journalctl -xe
Oct 19 01:34:51 raspberry systemd[1]: Started Unbound DNS server via resolvconf.
-- Subject: A start job for unit unbound-resolvconf.service has finished successfully
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A start job for unit unbound-resolvconf.service has finished successfully.
--
-- The job identifier is 4214.
Oct 19 01:34:51 raspberry package-helper[7998]: [1603031691] unbound-checkconf[8000:0] error: Could not open /etc/unbound/unbound.conf: No such file or directory
Oct 19 01:34:51 raspberry systemd[1]: unbound-resolvconf.service: Main process exited, code=exited, status=1/FAILURE
-- Subject: Unit process exited
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- An ExecStart= process belonging to unit unbound-resolvconf.service has exited.
--
-- The process' exit code is 'exited' and its exit status is 1.
Oct 19 01:34:51 raspberry systemd[1]: unbound-resolvconf.service: Failed with result 'exit-code'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- The unit unbound-resolvconf.service has entered the 'failed' state with result 'exit-code'.
Oct 19 01:34:51 raspberry systemd[1]: unbound.service: Service RestartSec=100ms expired, scheduling restart.
Oct 19 01:34:51 raspberry systemd[1]: unbound.service: Scheduled restart job, restart counter is at 5.
-- Subject: Automatic restarting of a unit has been scheduled
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Automatic restarting of the unit unbound.service has been scheduled, as the result for
-- the configured Restart= setting for the unit.
Oct 19 01:34:51 raspberry systemd[1]: Stopped Unbound DNS server.
-- Subject: A stop job for unit unbound.service has finished
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A stop job for unit unbound.service has finished.
--
-- The job identifier is 4274 and the job result is done.
Oct 19 01:34:51 raspberry systemd[1]: unbound.service: Start request repeated too quickly.
Oct 19 01:34:51 raspberry systemd[1]: unbound.service: Failed with result 'exit-code'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- The unit unbound.service has entered the 'failed' state with result 'exit-code'.
Oct 19 01:34:51 raspberry systemd[1]: Failed to start Unbound DNS server.
-- Subject: A start job for unit unbound.service has failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A start job for unit unbound.service has finished with a failure.
--
-- The job identifier is 4274 and the job result is failed.
Oct 19 01:34:51 raspberry systemd[1]: unbound-resolvconf.service: Start request repeated too quickly.
Oct 19 01:34:51 raspberry systemd[1]: unbound-resolvconf.service: Failed with result 'exit-code'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- The unit unbound-resolvconf.service has entered the 'failed' state with result 'exit-code'.
Oct 19 01:34:51 raspberry systemd[1]: Failed to start Unbound DNS server via resolvconf.
-- Subject: A start job for unit unbound-resolvconf.service has failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A start job for unit unbound-resolvconf.service has finished with a failure.
--
-- The job identifier is 4334 and the job result is failed.
for sudo /usr/sbin/unbound -ddd -vvv -c /etc/unbound/unbound.conf
output:
[1603031834] unbound[8117:0] error: Could not open /etc/unbound/unbound.conf: No such file or directory
[1603031834] unbound[8117:0] warning: Continuing with default config settings
[1603031834] unbound[8117:0] debug: increased limit(open files) from 1024 to 4152
[1603031834] unbound[8117:0] debug: creating udp6 socket ::1 53
[1603031834] unbound[8117:0] debug: creating tcp6 socket ::1 53
[1603031834] unbound[8117:0] error: can't bind socket: Address already in use for ::1 port 53 (len 28)
[1603031834] unbound[8117:0] fatal error: could not open ports
For sudo grep -v '^\s*#\|^\s*$' -R /etc/unbound/unbound.conf*
Output:
/etc/unbound/unbound.conf.d/pi-hole.conf:server:
/etc/unbound/unbound.conf.d/pi-hole.conf: verbosity: 0
/etc/unbound/unbound.conf.d/pi-hole.conf: interface: 127.0.0.1
/etc/unbound/unbound.conf.d/pi-hole.conf: port: 5335
/etc/unbound/unbound.conf.d/pi-hole.conf: do-ip4: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-udp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-tcp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf: prefer-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf: root-hints: "/var/lib/unbound/root.hints"
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-glue: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-dnssec-stripped: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: use-caps-for-id: no
/etc/unbound/unbound.conf.d/pi-hole.conf: edns-buffer-size: 1472
/etc/unbound/unbound.conf.d/pi-hole.conf: prefetch: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: num-threads: 1
/etc/unbound/unbound.conf.d/pi-hole.conf: so-rcvbuf: 1m
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 192.168.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 169.254.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 172.16.0.0/12
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 10.0.0.0/8
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: fd00::/8
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: fe80::/10
And for sudo netstat -nltup
output:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:5053 0.0.0.0:* LISTEN 465/cloudflared
tcp 0 0 192.168.1.2:60709 0.0.0.0:* LISTEN 461/zerotier-one
tcp 0 0 10.6.0.1:60709 0.0.0.0:* LISTEN 461/zerotier-one
tcp 0 0 192.168.1.2:60710 0.0.0.0:* LISTEN 461/zerotier-one
tcp 0 0 10.6.0.1:60710 0.0.0.0:* LISTEN 461/zerotier-one
tcp 0 0 127.0.0.1:4711 0.0.0.0:* LISTEN 629/pihole-FTL
tcp 0 0 192.168.1.2:9993 0.0.0.0:* LISTEN 461/zerotier-one
tcp 0 0 10.6.0.1:9993 0.0.0.0:* LISTEN 461/zerotier-one
tcp 0 0 127.0.0.1:9993 0.0.0.0:* LISTEN 461/zerotier-one
tcp 0 0 127.0.0.1:36139 0.0.0.0:* LISTEN 465/cloudflared
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 614/lighttpd
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 629/pihole-FTL
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 556/sshd
tcp6 0 0 :::3389 :::* LISTEN 594/xrdp
tcp6 0 0 ::1:4711 :::* LISTEN 629/pihole-FTL
tcp6 0 0 ::1:9993 :::* LISTEN 461/zerotier-one
tcp6 0 0 :::80 :::* LISTEN 614/lighttpd
tcp6 0 0 :::53 :::* LISTEN 629/pihole-FTL
tcp6 0 0 ::1:3350 :::* LISTEN 577/xrdp-sesman
tcp6 0 0 :::22 :::* LISTEN 556/sshd
udp 0 0 0.0.0.0:68 0.0.0.0:* 382/dhcpcd
udp 0 0 0.0.0.0:51820 0.0.0.0:* -
udp 0 0 0.0.0.0:5353 0.0.0.0:* 317/avahi-daemon: r
udp 0 0 192.168.1.2:9993 0.0.0.0:* 461/zerotier-one
udp 0 0 10.6.0.1:9993 0.0.0.0:* 461/zerotier-one
udp 0 0 192.168.1.2:60709 0.0.0.0:* 461/zerotier-one
udp 0 0 10.6.0.1:60709 0.0.0.0:* 461/zerotier-one
udp 0 0 192.168.1.2:60710 0.0.0.0:* 461/zerotier-one
udp 0 0 10.6.0.1:60710 0.0.0.0:* 461/zerotier-one
udp 0 0 0.0.0.0:33066 0.0.0.0:* 317/avahi-daemon: r
udp 0 0 127.0.0.1:5053 0.0.0.0:* 465/cloudflared
udp 0 0 0.0.0.0:53 0.0.0.0:* 629/pihole-FTL
udp6 0 0 :::51820 :::* -
udp6 0 0 :::5353 :::* 317/avahi-daemon: r
udp6 0 0 :::36886 :::* 317/avahi-daemon: r
udp6 0 0 :::53 :::* 629/pihole-FTL```Pretty obvious whats wrong 
You've misplaced the file /etc/unbound/unbound.conf somehow:
pi@ph5:~ $ dpkg -S /etc/unbound/unbound.conf
unbound: /etc/unbound/unbound.conf
You can restore by reinstalling unbound:
sudo apt install --reinstall unbound
Restart to be sure:
sudo service unbound restart
And check status and journals again:
systemctl --no-pager --full status unbound
journalctl --no-pager --full -u unbound
I ran sudo apt install unbound
and just followed the guide here: Redirecting...
so I didn't do any manual adjustments.
Thanks for the help 
If your absolutely sure, than you have another very serious issue if a file is disappearing.
/etc/unbound/unbound.conf comes with that unbound package that you installed per instructions:
same issue:
pi@raspberry:/etc/unbound $ sudo apt install --reinstall unbound
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 1 not upgraded.
Need to get 671 kB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://mirror.internode.on.net/pub/raspbian/raspbian buster/main armhf unbound armhf 1.9.0-2+deb10u2 [671 kB]
Fetched 671 kB in 2s (336 kB/s)
(Reading database ... 148716 files and directories currently installed.)
Preparing to unpack .../unbound_1.9.0-2+deb10u2_armhf.deb ...
Unpacking unbound (1.9.0-2+deb10u2) over (1.9.0-2+deb10u2) ...
Setting up unbound (1.9.0-2+deb10u2) ...
Job for unbound.service failed because the control process exited with error code.
See "systemctl status unbound.service" and "journalctl -xe" for details.
Job for unbound.service failed because the control process exited with error code.
See "systemctl status unbound.service" and "journalctl -xe" for details.
invoke-rc.d: initscript unbound, action "restart" failed.
● unbound.service - Unbound DNS server
Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Mon 2020-10-19 01:54:06 AEDT; 40ms ago
Docs: man:unbound(8)
Process: 9166 ExecStartPre=/usr/lib/unbound/package-helper chroot_setup (code=exited, status=1/FAILURE)
Process: 9169 ExecStartPre=/usr/lib/unbound/package-helper root_trust_anchor_update (code=exited, status=1/FAILURE)
Process: 9172 ExecStart=/usr/sbin/unbound -d $DAEMON_OPTS (code=exited, status=1/FAILURE)
Main PID: 9172 (code=exited, status=1/FAILURE)
Processing triggers for man-db (2.8.5-2) ...
Processing triggers for systemd (241-7~deb10u4+rpi1) ...
stat /etc/unbound/unbound.conf
journalctl -u unbound | tail -30
?
EDIT: changed journal command
pi@raspberry:/etc/unbound $ stat /etc/unbound/unbound.conf
stat: cannot stat '/etc/unbound/unbound.conf': No such file or directory
ls -la
pi@raspberry:/etc/unbound $ ls -la
total 28
drwxr-xr-x 3 root root 4096 Oct 19 01:57 .
drwxr-xr-x 122 root root 4096 Oct 19 01:17 ..
drwxr-xr-x 2 root root 4096 Oct 19 01:54 unbound.conf.d
-rw-r----- 1 root root 2455 Oct 19 01:16 unbound_control.key
-rw-r----- 1 root root 1342 Oct 19 01:16 unbound_control.pem
-rw-r----- 1 root root 2455 Oct 19 01:16 unbound_server.key
-rw-r----- 1 root root 1334 Oct 19 01:16 unbound_server.pem
pi@raspberry:/etc/unbound $
journalctl -u unbound | tail -30
pi@raspberry:/etc/unbound $ journalctl -u unbound | tail -30
Oct 19 01:54:08 raspberry systemd[1]: Stopped Unbound DNS server.
Oct 19 01:54:08 raspberry systemd[1]: Starting Unbound DNS server...
Oct 19 01:54:08 raspberry package-helper[9261]: [1603032848] unbound-checkconf[9263:0] error: Could not open /etc/unbound/unbound.conf: No such file or directory
Oct 19 01:54:08 raspberry package-helper[9264]: [1603032848] unbound-checkconf[9266:0] error: Could not open /etc/unbound/unbound.conf: No such file or directory
Oct 19 01:54:08 raspberry unbound[9267]: [1603032848] unbound[9267:0] error: Could not open /etc/unbound/unbound.conf: No such file or directory
Oct 19 01:54:08 raspberry unbound[9267]: [1603032848] unbound[9267:0] warning: Continuing with default config settings
Oct 19 01:54:08 raspberry unbound[9267]: [1603032848] unbound[9267:0] error: can't bind socket: Address already in use for ::1 port 53
Oct 19 01:54:08 raspberry unbound[9267]: [1603032848] unbound[9267:0] fatal error: could not open ports
Oct 19 01:54:08 raspberry systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE
Oct 19 01:54:08 raspberry systemd[1]: unbound.service: Failed with result 'exit-code'.
Oct 19 01:54:09 raspberry systemd[1]: Failed to start Unbound DNS server.
Oct 19 01:54:09 raspberry systemd[1]: unbound.service: Service RestartSec=100ms expired, scheduling restart.
Oct 19 01:54:09 raspberry systemd[1]: unbound.service: Scheduled restart job, restart counter is at 9.
Oct 19 01:54:09 raspberry systemd[1]: Stopped Unbound DNS server.
Oct 19 01:54:09 raspberry systemd[1]: Starting Unbound DNS server...
Oct 19 01:54:09 raspberry package-helper[9271]: [1603032849] unbound-checkconf[9273:0] error: Could not open /etc/unbound/unbound.conf: No such file or directory
Oct 19 01:54:09 raspberry package-helper[9274]: [1603032849] unbound-checkconf[9276:0] error: Could not open /etc/unbound/unbound.conf: No such file or directory
Oct 19 01:54:09 raspberry unbound[9277]: [1603032849] unbound[9277:0] error: Could not open /etc/unbound/unbound.conf: No such file or directory
Oct 19 01:54:09 raspberry unbound[9277]: [1603032849] unbound[9277:0] warning: Continuing with default config settings
Oct 19 01:54:09 raspberry unbound[9277]: [1603032849] unbound[9277:0] error: can't bind socket: Address already in use for ::1 port 53
Oct 19 01:54:09 raspberry unbound[9277]: [1603032849] unbound[9277:0] fatal error: could not open ports
Oct 19 01:54:09 raspberry systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE
Oct 19 01:54:09 raspberry systemd[1]: unbound.service: Failed with result 'exit-code'.
Oct 19 01:54:09 raspberry systemd[1]: Failed to start Unbound DNS server.
Oct 19 01:54:09 raspberry systemd[1]: unbound.service: Service RestartSec=100ms expired, scheduling restart.
Oct 19 01:54:09 raspberry systemd[1]: unbound.service: Scheduled restart job, restart counter is at 10.
Oct 19 01:54:09 raspberry systemd[1]: Stopped Unbound DNS server.
Oct 19 01:54:09 raspberry systemd[1]: unbound.service: Start request repeated too quickly.
Oct 19 01:54:09 raspberry systemd[1]: unbound.service: Failed with result 'exit-code'.
Oct 19 01:54:09 raspberry systemd[1]: Failed to start Unbound DNS server.
File still missing.
Could purge/uninstall unbound but then have to run the whole guide again.
Try create that file:
sudo nano /etc/unbound/unbound.conf
Paste below into that file, save/exit:
# Unbound configuration file for Debian.
#
# See the unbound.conf(5) man page.
#
# See /usr/share/doc/unbound/examples/unbound.conf for a commented
# reference config file.
#
# The following line includes additional configuration files from the
# /etc/unbound/unbound.conf.d directory.
include: "/etc/unbound/unbound.conf.d/*.conf"
Restart:
sudo service unbound restart
And status journals drill again:
systemctl --no-pager --full status unbound
journalctl --no-pager --full -u unbound
● unbound.service - Unbound DNS server
Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor preset:
enabled)
Active: active (running) since Mon 2020-10-19 02:12:27 AEDT; 13s ago
Docs: man:unbound(8)
Process: 10813 ExecStartPre=/usr/lib/unbound/package-helper chroot_setup (code
=exited, status=0/SUCCESS)
Process: 10816 ExecStartPre=/usr/lib/unbound/package-helper root_trust_anchor_
update (code=exited, status=0/SUCCESS)
Main PID: 10821 (unbound)
Tasks: 1 (limit: 2065)
CGroup: /system.slice/unbound.service
└─10821 /usr/sbin/unbound -d
Oct 19 02:12:26 raspberry systemd[1]: Starting Unbound DNS server...
Oct 19 02:12:27 raspberry package-helper[10816]: /var/lib/unbound/root.key has c
ontent
Oct 19 02:12:27 raspberry package-helper[10816]: success: the anchor is ok
Oct 19 02:12:27 raspberry unbound[10821]: [10821:0] info: start of service (unbo
und 1.9.0).
Oct 19 02:12:27 raspberry systemd[1]: Started Unbound DNS server.
pi@raspberry:/etc/unbound $
Oct 19 02:11:07 raspberry unbound[10611]: read /etc/unbound/unbound.conf failed:
3 errors in configuration file
Oct 19 02:11:07 raspberry unbound[10611]: [1603033867] unbound[10611:0] fatal er
ror: Could not read config file: /etc/unbound/unbound.conf. Maybe try unbound -d
d, it stays on the commandline to see more errors, or unbound-checkconf
Oct 19 02:11:07 raspberry systemd[1]: unbound.service: Main process exited, code
=exited, status=1/FAILURE
Oct 19 02:11:07 raspberry systemd[1]: unbound.service: Failed with result 'exit-
code'.
Oct 19 02:11:07 raspberry systemd[1]: Failed to start Unbound DNS server.
Oct 19 02:11:07 raspberry systemd[1]: unbound.service: Service RestartSec=100ms
expired, scheduling restart.
Oct 19 02:11:07 raspberry systemd[1]: unbound.service: Scheduled restart job, re
start counter is at 5.
Oct 19 02:11:07 raspberry systemd[1]: Stopped Unbound DNS server.
Oct 19 02:11:07 raspberry systemd[1]: unbound.service: Start request repeated to
o quickly.
Oct 19 02:11:07 raspberry systemd[1]: unbound.service: Failed with result 'exit-
code'.
Oct 19 02:11:07 raspberry systemd[1]: Failed to start Unbound DNS server.
Oct 19 02:12:21 raspberry systemd[1]: Starting Unbound DNS server...
Oct 19 02:12:21 raspberry package-helper[10701]: /var/lib/unbound/root.key does
not exist, copying from /usr/share/dns/root.key
Oct 19 02:12:22 raspberry package-helper[10701]: /var/lib/unbound/root.key has c
ontent
Oct 19 02:12:22 raspberry package-helper[10701]: success: the anchor is ok
Oct 19 02:12:22 raspberry unbound[10706]: [10706:0] info: start of service (unbo
und 1.9.0).
Oct 19 02:12:22 raspberry systemd[1]: Started Unbound DNS server.
Oct 19 02:12:26 raspberry unbound[10706]: [10706:0] info: service stopped (unbou
nd 1.9.0).
Oct 19 02:12:26 raspberry systemd[1]: Stopping Unbound DNS server...
Oct 19 02:12:26 raspberry systemd[1]: unbound.service: Succeeded.
Oct 19 02:12:26 raspberry systemd[1]: Stopped Unbound DNS server.
Oct 19 02:12:26 raspberry systemd[1]: Starting Unbound DNS server...
Oct 19 02:12:27 raspberry package-helper[10816]: /var/lib/unbound/root.key has c
ontent
Oct 19 02:12:27 raspberry package-helper[10816]: success: the anchor is ok
Oct 19 02:12:27 raspberry unbound[10821]: [10821:0] info: start of service (unbo
und 1.9.0).
Oct 19 02:12:27 raspberry systemd[1]: Started Unbound DNS server.
pi@raspberry:/etc/unbound $
seems to be working now.
Thanks for the help!!
I now need to continue with Pihole configuration.
Can you please refer me to a guide on how to use Unbound with DoT or DoH?
1 Like
No sorry I cant.
I have no use for DoT or DoH.
Refer to Unbound using TLS - not working as recursive DNS server anymore? for a link to a 3rd party guide as well as related discussion.
Consider opening a new topic if you encounter errors when trying to make DoT and unbound work, or reach out to the guide's author.
1 Like
by the way, running these commands:
dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5335
dig sigok.verteiltesysteme.net @127.0.0.1 -p 5335
returned:
pi@raspberry:/etc/unbound $ dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5335
; <<>> DiG 9.11.5-P4-5.1+deb10u2-Raspbian <<>> sigfail.verteiltesysteme.net @127
.0.0.1 -p 5335
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47534
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;sigfail.verteiltesysteme.net. IN A
;; ANSWER SECTION:
sigfail.verteiltesysteme.net. 17 IN A 134.91.78.139
;; Query time: 0 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1)
;; WHEN: Mon Oct 19 02:18:54 AEDT 2020
;; MSG SIZE rcvd: 73
pi@raspberry:/etc/unbound $ dig sigok.verteiltesysteme.net @127.0.0.1 -p 5335
; <<>> DiG 9.11.5-P4-5.1+deb10u2-Raspbian <<>> sigok.verteiltesysteme.net @127.0
.0.1 -p 5335
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40678
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;sigok.verteiltesysteme.net. IN A
;; ANSWER SECTION:
sigok.verteiltesysteme.net. 60 IN A 134.91.78.139
;; Query time: 255 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1)
;; WHEN: Mon Oct 19 02:19:06 AEDT 2020
;; MSG SIZE rcvd: 71
no difference.
DNS settings are:
No check on Use DNSSEC
and using Cloudflare DNS
No custom DNS
Ok seems more things are messed up somehow.
Try purge/uninstall unbound including config files:
sudo service unbound stop
sudo apt purge unbound
And run the guide again:
Seems that a lot of the issues I was experiencing were due to a faulty microSD card.
I replaced the microSD card and installed RPiOS, Pihole and Unbound and it seems to work without an issue now.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.