Issues with PiHole and Unbound. (Unbound connection timed out)

typesk · July 28, 2019, 5:23am

Not sure if it's ok to ask this here. If not, I apologize.

Expected Behaviour:

DNS Lookups should complete for DNS sites already visited in a reasonable time.

Actual Behaviour:

DNS lookups will often fail for random times for 15-30 seconds at a time, even for websites I normally visit on a daily basis. Doing the dig command returns a connection timed out message.

A couple days ago, I decided to check out DNS encrypting. Initially looked up DNS Crypt with Cloudfare, but then found unbound and decided to go with that. Used the guide here:

Installation went fine. And for the most part, seemed to work. At first, DNS lookups were slow (sometimes took around 10-20 seconds for it to complete at first). But I expected browsing to be somewhat slow at first. And after, seemed to be normal.

But I've noticed, that sometimes, at random times, DNS just doesn't work, for sites I have visited (or normally visit on a daily basis). Seemed odd, as those DNS lookups should be cached (at least that what I understood it would do). Sites would be down for 15-30 seconds at a time.

It doesn't take down the whole internet. During that time where I try and visit a site and DNS doesn't work, I can visit other websites just fine. When I run the command: dig somedomain.com @127.0.0.1 -p 5353

I'll get:

; <<>> DiG 9.9.5-9+deb8u6-Raspbian <<>> somedomain.com @127.0.0.1 -p 5353
;; global options: +cmd
;; connection timed out; no servers could be reached

I have the most update to date roots file (updated yesterday, July 26). The config file is the default from the guide above.

I checked dns lookup via 8.8.8.8, and it worked fine.

It doesn't last long, maybe 30 seconds at latest. But can be slightly annoying to deal with.

Debug Token:

https://tricorder.pi-hole.net/1ykia8kmw9

jfb · July 28, 2019, 6:38pm

You are running an older Raspbian version (Jessie) and that has an older version of unbound, I believe. Please confirm your unbound version with this command: unbound -h and post the result.

typesk · July 28, 2019, 6:55pm

pi@raspberrypi:~ $ unbound -h
usage:  unbound [options]
        start unbound daemon DNS resolver.
-h      this help
-c file config file to read instead of /etc/unbound/unbound.conf
        file format is described in unbound.conf(5).
-d      do not fork into the background.
-v      verbose (more times to increase verbosity)
Version 1.4.22
linked libs: libevent 2.0.21-stable (it uses epoll), OpenSSL 1.0.1t  3 May 2016
linked modules: python validator iterator
configured for armv8l-unknown-linux-gnueabihf on Thu Feb 14 22:15:32 UTC 2019 with options: '--prefix=/usr' '--sysconfdir=/etc' '--disable-rpath' '--with-pidfile=/var/run/unbound.pid' '--with-libevent' '--with-pythonmodule' '--with-pyunbound' '--disable-flto'
BSD licensed, see LICENSE in source package for details.
Report bugs to unbound-bugs@nlnetlabs.nl

edit: I am on the RPi 3 Model B, looks like I can update Jesse to Buster (well, Jesse > Stretch, then Stretch > Jesse). Though maybe I should just go to Stretch since it is kinda new?

jfb · July 28, 2019, 9:34pm

If it were me I would go to Buster. I have it running with Pi-Hole and unbound on a Zero W; no problems.

typesk · August 4, 2019, 5:35am

was finally able to upgrade my pi to buster, and was able to install unbound (1.9.0) and noticed a considerable performance increase in general. Also, so far, have not seen any issues from the prior installation. Thanks

system · August 25, 2019, 5:35am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.