Hello, I installed Unbound using this guide: https://docs.pi-hole.net/guides/dns/unbound/
I attached a picture of my DNS settings in the Pi-hole web interface:
When I run service --status-all
, it shows that the Unbound service is running.
Running commands like dig pi-hole.net @127.0.0.1 -p 5335
also return positive results (it shows the pi-hole.net IP address).
Expected Behaviour:
I would expect DNS checkers like https://whoismydns.com/ to return my personal, external IP address as the DNS resolver, not Cloudflare or Google.
Actual Behaviour:
DNS checkers like https://whoismydns.com/ show that my DNS server is owned by either Cloudflare or Google (it looks like it changes every few times I check).
Debug Token:
https://tricorder.pi-hole.net/2CWiguFz/
jfb
December 4, 2021, 7:05pm
2
It looks like you are running Raspbian Bullseye, which puts an unwanted configuration file in the unbound folder. What is the output of the following from the Pi terminal?
sudo grep -v '#\|^$' -R /etc/unbound/unbound.conf*
/etc/unbound/unbound.conf:include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:server:
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf: auto-trust-anchor-file: "/var/lib/unbound/root.key"
/etc/unbound/unbound.conf.d/pi-hole.conf:server:
/etc/unbound/unbound.conf.d/pi-hole.conf: verbosity: 0
/etc/unbound/unbound.conf.d/pi-hole.conf: interface: 127.0.0.1
/etc/unbound/unbound.conf.d/pi-hole.conf: port: 5335
/etc/unbound/unbound.conf.d/pi-hole.conf: do-ip4: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-udp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-tcp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf: prefer-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-glue: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-dnssec-stripped: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: use-caps-for-id: no
/etc/unbound/unbound.conf.d/pi-hole.conf: prefetch: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: num-threads: 1
/etc/unbound/unbound.conf.d/pi-hole.conf: so-rcvbuf: 1m
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: fe80::/10
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf:forward-zone:
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf: name: "."
jfb
December 4, 2021, 7:09pm
4
This is the unwanted file, which has turned unbound into a forwarding (not recursive) resolver, using Cloudflare DNS.
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf:forward-zone:
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf: name: "."
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf: forward-addr: 1.1.1.1
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf: forward-addr: 1.0.0.1
Here's the fix.
Edit file /etc/resolvconf.conf
and comment out the last line which should read:
unbound_conf=/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf
Delete the unwanted unbound configuration file:
sudo rm /etc/unbound/unbound.conf.d/resolvconf_resolvers.conf
Restart unbound:
sudo service unbound restart
1 Like
Amazing, thank you very much. It's working now.
wd9895
December 5, 2021, 1:29pm
8
As explained in Pihole's Unbound documentation:
https://docs.pi-hole.net/guides/dns/unbound/
Where is this specific issue explained on that page?
JackeL
December 5, 2021, 10:54pm
10
It isn't there, hasn't been updated yet.
system
Closed
December 26, 2021, 10:55pm
11
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.