Thanks, but thats just the Git page for reporting issues.
Im not yet sure if this qualifies as an 'issue'
Yeah I get that. That might be the closet thing you are going to find
Sorry to drag this up again....
Looking at dnssec only now, if I use cloudflare as upstream and tick 'Use DNSSEC' in pihole settings I still get the fail result at https://dnssec.vs.uni-due.de/
I've also opened an issue at the unbound git page
Edit: I'm also now unable to access my dashboard at pi.hole/admin.
I can access at ip_address/admin
Sorry. Don't follow you. So to utilise dnssec I do not tick this setting in pihole?
Previously, using either method (unbound or dnssec ticked in pihole settings) the dnssec test are passed and reports me as being 'protected'.
Currently, I cannot achieve this in any way
Edit: rebooting the Pi didn't solve the issue
For some reason the first thing that comes to my mind is port 53 hijacking.
How would I determine this?
pi@pi-hole:~ $ sudo netstat -tulpn | grep :53
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 8740/pihole-FTL
tcp6 0 0 :::53 :::* LISTEN 8740/pihole-FTL
udp 0 0 0.0.0.0:53 0.0.0.0:* 8740/pihole-FTL
udp 0 0 0.0.0.0:5353 0.0.0.0:* 240/avahi-daemon: r
udp6 0 0 :::53 :::* 8740/pihole-FTL
udp6 0 0 :::5353
I was thinking more along the lines of port hijacking on the wan not lan. Have you checked for dns leaks?
How would I do this?
You aren't checking for a DNS leak here (that's a concept associated with a VPN service), but the output will show the IP of the DNS server that is answering your requests.
Well you are actually checking for it leaking from other than the selected provider
Leak test looks ok.
Shows 1 server found and names the correct ISP
pi@pi-hole:~ $ sudo unbound -vvvvv
[1572033564] unbound[18401:0] notice: Start of unbound 1.6.0.
[1572033564] unbound[18401:0] debug: increased limit(open files) from 1024 to 4140
[1572033564] unbound[18401:0] debug: creating udp4 socket 127.0.0.1 5353
[1572033564] unbound[18401:0] debug: creating tcp4 socket 127.0.0.1 5353
[1572033564] unbound[18401:0] debug: creating tcp4 socket 127.0.0.1 8953
[1572033564] unbound[18401:0] debug: setup SSL certificates
You can rule out dns hijacking
Wait if it shows your isp DNS you have a problem
I get the same result when using unbound and when using standard upstream providers
Yes. Using date
It's correct
I've set unbound to run on port 5354
Still seeing the occasional SERVFAIL
and dnssec test are failing still