My pi-hole.conf:
# pi-hole.conf
server:
# Basic log settings
logfile: "/var/log/unbound/unbound.log"
log-time-ascii: yes
verbosity: 1
interface: 127.0.0.1
port: 5335
# DNS settings
do-ip4: yes
do-udp: yes
do-tcp: yes
do-ip6: yes
prefer-ip6: no
# Performance
edns-buffer-size: 1232
prefetch: yes
prefetch-key: yes
num-threads: 4
so-rcvbuf: 4m
so-sndbuf: 4m
msg-cache-size: 100m
rrset-cache-size: 200m
aggressive-nsec: yes
minimal-responses: yes
# Security
harden-glue: yes
harden-dnssec-stripped: yes
harden-referral-path: yes
use-caps-for-id: no
auto-trust-anchor-file: "/usr/share/dns/root.key"
qname-minimisation: yes
hide-identity: yes
hide-version: yes
ratelimit: 1000
# Root hints
root-hints: "/usr/share/dns/root.hints"
# Prevent DNS leaks for private ranges
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
private-address: 172.16.0.0/12
private-address: 10.0.0.0/8
private-address: fd00::/8
private-address: fe80::/10
# Auth-Zone for root hints fallback
auth-zone:
name: "."
fallback-enabled: yes
for-downstream: no
for-upstream: yes
zonefile: "/usr/share/dns/root.zone"
# Forward-Zone w/ DNS-over-TLS
# forward-zone:
# name: "."
# forward-tls-upstream: yes
# forward-first: yes
# forward-addr: 1.1.1.1@853#cloudflare-dns.com
# forward-addr: 9.9.9.9@853#dns.quad9.net
And using following docker command for downloading those files:
RUN mkdir -p /usr/share/dns \
&& wget -q -O /usr/share/dns/root.hints https://www.internic.net/domain/named.root \
&& wget -q -O /usr/share/dns/root.zone https://www.internic.net/domain/root.zone \
&& unbound-anchor -a /usr/share/dns/root.key
Are my configurations ok?
Getting issues:
Feb 15 13:07:21 unbound[1327:0] error: parse error /usr/share/dns/root.zone 18:54: Syntax error, could not parse the RR's type
Feb 15 13:07:21 unbound[1327:0] error: error parsing zonefile /usr/share/dns/root.zone for .
Feb 15 13:07:21 unbound[1327:0] fatal error: auth_zones could not be setup