DNS stop working without

Expected Behaviour:

Raspberry pi
Debian bulleyes

Actual Behaviour:

I didn't touch my raspberry for a while and yesterday the DNS stop working correctly.
I can't ping anything from the raspberry.
I have a lot ntp so i tried to put the time manually but nothing.

Debug Token:

Moderator edit: Explicit debug log removed.

(Just post the token, please. For your own privacy and security, do not post the full, unsanitised debug log output here. Also, your debug log seems to be shortened - it is missing parts of its usual contents, e.g. some gravity tables.)

Since you are using unbound as Pi-hole's upstream, DNS lookups may fail due to DNSSEC validation with an incorrect time, which may well explain your observation.

Please reverify your local time on your Pi-hole machine.

Run from your Pi-hole host machine, what's the result of the following command:

dig 2.debian.pool.ntp.org @

This will temporarily reset the nameserver on the Pi to bypass Pi-Hole DNS.

sudo nano /etc/resolv.conf

Edit the nameserver line to nameserver or your preferred third party DNS service, save and exit


pihole -d

and upload the debug log.

I had to cut the adlist because number of character restriction.
For the token, the curl instruction didn't work.
Bucking_Horn :

pi@raspberrypi:~ $ dig 2.debian.pool.ntp.org @

; <<>> DiG 9.16.27-Debian <<>> 2.debian.pool.ntp.org @
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 2907
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 1232
;2.debian.pool.ntp.org.         IN      A

;; Query time: 4 msec
;; WHEN: Sat Jun 18 14:38:04 CEST 2022
;; MSG SIZE  rcvd: 50

jfb :
The token works this time and i can ping from my raspberry but when i manually use my raspberry as DNS on my PC, it can't solve request.

Your debug log shows that your DHCP server is passing its own IP for DNS rather than the IP of Pi-hole. Other than that, your debug log is normal.

*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
   Scanning all your interfaces for DHCP servers
   Timeout: 10 seconds
   * Received 548 bytes from wlan0:
     Offered IP address:
     Server IP address: N/A
     Relay-agent IP address: N/A
     BOOTP server: (empty)
     BOOTP file: (empty)
     DHCP options:
      Message type: DHCPOFFER (2)
      lease-time: 43200 ( 12h )
      --- end of options ---
   DHCP packets received on interface wlan0: 1
   DHCP packets received on interface lo: 0
   DHCP packets received on interface eth0: 0

The problem appears to lie in your upstream DNS resolver (Unbound) which is replying with SERVFAIL for every request shown in your debug log.

Edit - as a first troubleshooting step, change your upstream DNS server to something other than unbound. That should restore your Pi-hole to operation and you can troubleshoot the unbound problem.

Thanks, I have change Unbound for Quad9 and it works.
Should I try to remake the Unbound configuration to repair Unbound ?

No, for Pi-OS Bullseye and maybe even Debian, check if below file exists first:

cat /etc/unbound/unbound.conf.d/resolvconf_resolvers.conf

If exists, delete it with below so unbound becomes a true recursive resolver again:

sudo rm /etc/unbound/unbound.conf.d/resolvconf_resolvers.conf

Make sure it doesnt get recreated at boot or network state change by hashing out # the unbound_conf= line in below file:

sudo sed -i 's/^unbound_conf=/#unbound_conf=/' /etc/resolvconf.conf

Restart unbound to apply:

sudo service unbound restart

Also check if the unbound-resolvconf.service unit is active with below:

service unbound-resolvconf status

It populates /etc/resolv.conf with the (unwanted) loopback IP nameserver instead of the one thats configured in /etc/dhcpcd.conf.
Can disable and stop that one with below:

sudo systemctl disable --now unbound-resolvconf.service

Restart the dhcpcd network manager to apply:

sudo service dhcpcd restart

And check if resolv.conf now contains the domain_name_servers= IP's from /etc/dhcpcd.conf:

pi@ph5b:~ $ tail /etc/dhcpcd.conf
interface eth0
  static ip_address=
  static routers=
  static domain_name=home.dehakkelaar.nl
  static domain_name_servers=
pi@ph5b:~ $ cat /etc/resolv.conf
# Generated by resolvconf
domain home.dehakkelaar.nl