I'm getting a bunch of servfails in pihole and unbound

Jason39 · March 12, 2024, 9:13pm

The issue I am facing:
I am getting a bunch of servfails.
Details about my system:
Windows 11 Pro, Custom built, 13900k, 4090, 128 GB RAM
What I have changed since installing Pi-hole:
I installed unbound and had problems with my DNS. I came here and got some direction to answers about my DNS so I turned on DHCP on pihole and turned it off on my router. I started getting more queries after fixing the DNS pointing problem but now I'm getting problems with servfails. Here's my debug log.

jfb · March 12, 2024, 10:18pm

You have the following upstream servers set in your Pi-hole configuration. What is the second one?

    PIHOLE_DNS_1=127.0.0.1#5335
    PIHOLE_DNS_2=192.168.50.239

It appears you have made recent changes to your list of upstream DNS servers, from the bit of pihole.log contained in your debug output:

   Mar 12 05:53:28 dnsmasq[11972]: query[A] api.github.com from 192.168.50.236
   Mar 12 05:53:28 dnsmasq[11972]: forwarded api.github.com to 8.8.8.8
   Mar 12 05:53:28 dnsmasq[11972]: forwarded api.github.com to 8.8.4.4
   Mar 12 05:53:28 dnsmasq[11972]: query[AAAA] api.github.com from 192.168.50.236

   -----tail of pihole.log------
   Mar 12 17:08:23 dnsmasq[15476]: reply a1851.dscg2.akamai.net is 23.223.157.147
   Mar 12 17:08:23 dnsmasq[15478]: forwarded aefd.nelreports.net to 192.168.50.239
   Mar 12 17:08:23 dnsmasq[15477]: forwarded aefd.nelreports.net to 192.168.50.239

At one time, you had Google as upstream DNS, and in the current log your queries are not going to unbound.

Also, please post the complete output of the following command run from the Pi terminal:

dig pi-hole.net @127.0.0.1 -p5335

sudo grep -v '#\|^$' -R /etc/unbound/unbound.conf*

Jason39 · March 12, 2024, 11:32pm

I'm also using a surfshark VPN with a static IP at New York.

You have the following upstream servers set in your Pi-hole configuration. What is the second one?

Edit: The second DNS is to a second raspberry pi with pihole installed. I did it for redundancy.

The second pihole has it's DNS set to 127.0.0.1#5335.

; <<>> DiG 9.18.24-1-Debian <<>> pi-hole.net @127.0.0.1 -p5335
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28881
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;pi-hole.net.			IN	A

;; ANSWER SECTION:
pi-hole.net.		53	IN	A	3.18.136.52

;; Query time: 71 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1) (UDP)
;; WHEN: Tue Mar 12 19:28:36 EDT 2024
;; MSG SIZE  rcvd: 56

/etc/unbound/unbound.conf:include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"
/etc/unbound/unbound.conf.d/pi-hole.conf:server:
/etc/unbound/unbound.conf.d/pi-hole.conf:    verbosity: 1
/etc/unbound/unbound.conf.d/pi-hole.conf:    interface: 127.0.0.1
/etc/unbound/unbound.conf.d/pi-hole.conf:    port: 5335
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-ip4: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-udp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-tcp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf:    prefer-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf:    harden-glue: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    harden-dnssec-stripped: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    use-caps-for-id: no
/etc/unbound/unbound.conf.d/pi-hole.conf:    edns-buffer-size: 1232
/etc/unbound/unbound.conf.d/pi-hole.conf:    prefetch: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    num-threads: 1
/etc/unbound/unbound.conf.d/pi-hole.conf:    so-rcvbuf: 1m
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 192.168.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 169.254.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 172.16.0.0/12
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 10.0.0.0/8
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: fd00::/8
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: fe80::/10
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:server:
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:    auto-trust-anchor-file: "/var/lib/unbound/root.key"
/etc/unbound/unbound.conf.d/remote-control.conf:remote-control:
/etc/unbound/unbound.conf.d/remote-control.conf:  control-enable: yes
/etc/unbound/unbound.conf.d/remote-control.conf:  control-interface: /run/unbound.ctl

Edit: I had to edit some settings in my router but I removed my router as one of my DNS options.

system · April 2, 2024, 11:33pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.