Need Help. Unbound breaking pi-hole

I am been having an issue for a long time with not being able to run Unbound breaking my pi-hole when installed, I have followed a bunch of different guides and tried a hundred different fixes. I am posting this here, hoping that someone can help me out.

I will do my best to try and explain my issues here.

I have Pi-Hole installed on a Raspberry Pi Zero W. It is also configured as my DHCP server. in this configuration, everything works flawlessly. However, when I install unbound according to the guide from the Pi-Hole website posted [here](unbound - Pi-hole documentation, everything goes to crap. Unbound doesn't work properly and to make things worse, it makes it so that any device connected via wireless can not see the outside internet. Only the local network.

If there are any logs or settings anyone wants me to post, let me know.

Thanks for your help in advance.

Voodoo

Run below to see the systemd journals for unbound:

journalctl --full --no-pager -u unbound

Run below to see if any mistakes in the config files:

unbound-checkconf

Run below ones to checkout extended debug logs:

sudo service unbound stop

sudo /usr/sbin/unbound -ddd -vvv -c /etc/unbound/unbound.conf

To stop debugging press CTRLc and run below to try start here up normal again:

sudo service unbound restart

Post relevant bits here for us to inspect?

unbound-checkconf returns no errors

sudo /usr/sbin/unbound -ddd -vvv -c /etc/unbound/unbound.conf

1659406008] unbound[943:0] debug: sending to target: <.> 10.8.16.10#53
[1659406008] unbound[943:0] debug: cache memory msg=33475 rrset=33040 infra=4149 val=33196 subnet=41372
[1659406008] unbound[943:0] debug: subnet[module 0] operate: extstate:module_state_initial event:module_event_new
[1659406008] unbound[943:0] info: subnet operate: query connectivity-check.ubuntu.com. AAAA IN
[1659406008] unbound[943:0] debug: validator[module 1] operate: extstate:module_state_initial event:module_event_pass
[1659406008] unbound[943:0] info: validator operate: query connectivity-check.ubuntu.com. AAAA IN
[1659406008] unbound[943:0] debug: iterator[module 2] operate: extstate:module_state_initial event:module_event_pass
[1659406008] unbound[943:0] info: resolving connectivity-check.ubuntu.com. AAAA IN
[1659406008] unbound[943:0] info: processQueryTargets: connectivity-check.ubuntu.com. AAAA IN
[1659406008] unbound[943:0] info: sending query: connectivity-check.ubuntu.com. AAAA IN

I am also getting this error message in pi-hole

DNSMASQ_WARN Warning in dnsmasq core:
Maximum number of concurrent DNS queries reached (max: 150)

pool.ntp.org is pinging out of control.

And mobile devices are still unable to see the WAN.

What is the output of the following from the Pi terminal:

sudo grep -v '#\|^$' -R /etc/unbound/unbound.conf*

This is a warning, not an error, and is described in the documentation linked below the warning in your diagnosis log.

Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:

pihole -d

or do it through the Web interface:

Tools > Generate Debug Log

Here are my results

> /etc/unbound/unbound.conf:include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"
> /etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:server:
> /etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:    auto-trust-anchor-file: "/var/lib/unbound/root.key"
> /etc/unbound/unbound.conf.d/resolvconf_resolvers.conf:forward-zone:
> /etc/unbound/unbound.conf.d/resolvconf_resolvers.conf:	name: "."
> /etc/unbound/unbound.conf.d/resolvconf_resolvers.conf:	forward-addr: 10.8.16.10
> /etc/unbound/unbound.conf.d/resolvconf_resolvers.conf:	forward-addr: 2001:558:feed::1
> /etc/unbound/unbound.conf.d/resolvconf_resolvers.conf:	forward-addr: 2001:558:feed::2
> /etc/unbound/unbound.conf.d/pi-hole.conf:server:
> /etc/unbound/unbound.conf.d/pi-hole.conf:    verbosity: 0
> /etc/unbound/unbound.conf.d/pi-hole.conf:    interface: 127.0.0.1
> /etc/unbound/unbound.conf.d/pi-hole.conf:    port: 5335
> /etc/unbound/unbound.conf.d/pi-hole.conf:    do-ip4: yes
> /etc/unbound/unbound.conf.d/pi-hole.conf:    do-udp: yes
> /etc/unbound/unbound.conf.d/pi-hole.conf:    do-tcp: yes
> /etc/unbound/unbound.conf.d/pi-hole.conf:    do-ip6: no
> /etc/unbound/unbound.conf.d/pi-hole.conf:    prefer-ip6: no
> /etc/unbound/unbound.conf.d/pi-hole.conf:    harden-glue: yes
> /etc/unbound/unbound.conf.d/pi-hole.conf:    harden-dnssec-stripped: yes
> /etc/unbound/unbound.conf.d/pi-hole.conf:    use-caps-for-id: no
> /etc/unbound/unbound.conf.d/pi-hole.conf:    edns-buffer-size: 1232
> /etc/unbound/unbound.conf.d/pi-hole.conf:    prefetch: yes
> /etc/unbound/unbound.conf.d/pi-hole.conf:    num-threads: 1
> /etc/unbound/unbound.conf.d/pi-hole.conf:    so-rcvbuf: 1m
> /etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 192.168.0.0/16
> /etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 169.254.0.0/16
> /etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 172.16.0.0/12
> /etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 10.0.0.0/8
> /etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: fd00::/8
> /etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: fe80::/10
  1. Edit file /etc/resolvconf.conf and comment out the last line which should then read:

#unbound_conf=/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf

  1. Delete the unwanted unbound configuration file:

sudo rm /etc/unbound/unbound.conf.d/resolvconf_resolvers.conf

  1. Restart unbound:

sudo service unbound restart

1 Like

Hazaa! that seems to have worked. I freaking love you man. Truly very much appreciates. this issue was driving me nuts.