Pi-hole Userspace

Pi hole Unbound DNS not working after latest update

Pete1612 December 28, 2021, 4:40pm 1

Hey guys,

I'm sadly having issues with running Unbound since I updated to the latest Pi Hole Version 2 days ago.

Expected Behaviour:

Pi Hole Unbound DNS resolving DNS entries

Actual Behaviour:

dig google.com @127.0.0.1 -p 5335 gives me the following output:

<<>> DiG 9.16.22-Raspbian <<>> google.com @127.0.0.1 -p 5335

global options: +cmd

Got answer:

">>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 49125"

flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

OPT PSEUDOSECTION:

EDNS: version: 0, flags:; udp: 1232

QUESTION SECTION:

google.com. IN A

Query time: 3829 msec

SERVER: 127.0.0.1#5335(127.0.0.1)

WHEN: Tue Dec 28 17:15:43 CET 2021

MSG SIZE rcvd: 39

The pi hole log shows the following output for every website I'm trying to access:

Dec 28 17:16:27 dnsmasq[6330]: query[HTTPS] e6987.a.akamaiedge.net from 192.168.50.5

Dec 28 17:16:27 dnsmasq[6330]: forwarded e6987.a.akamaiedge.net to 127.0.0.1

Dec 28 17:16:27 dnsmasq[6330]: query[HTTPS] e6987.a.akamaiedge.net from 192.168.50.5

Dec 28 17:16:27 dnsmasq[6330]: forwarded e6987.a.akamaiedge.net to 127.0.0.1

Dec 28 17:16:27 dnsmasq[6330]: query[HTTPS] e6987.a.akamaiedge.net from 192.168.50.5

Dec 28 17:16:27 dnsmasq[6330]: forwarded e6987.a.akamaiedge.net to 127.0.0.1

Dec 28 17:16:27 dnsmasq[6330]: query[HTTPS] e6987.a.akamaiedge.net from 192.168.50.5

Dec 28 17:16:27 dnsmasq[6330]: forwarded e6987.a.akamaiedge.net to 127.0.0.1

Dec 28 17:16:27 dnsmasq[6330]: query[HTTPS] e6987.a.akamaiedge.net from 192.168.50.5

Dec 28 17:16:27 dnsmasq[6330]: forwarded e6987.a.akamaiedge.net to 127.0.0.1

Dec 28 17:16:27 dnsmasq[6330]: query[HTTPS] e6987.a.akamaiedge.net from 192.168.50.5

Dec 28 17:16:27 dnsmasq[6330]: forwarded e6987.a.akamaiedge.net to 127.0.0.1

Dec 28 17:16:27 dnsmasq[6330]: query[HTTPS] e6987.a.akamaiedge.net from 192.168.50.5

Dec 28 17:16:27 dnsmasq[6330]: forwarded e6987.a.akamaiedge.net to 127.0.0.1

Dec 28 17:16:27 dnsmasq[6330]: forwarded e6987.a.akamaiedge.net to 127.0.0.1

Dec 28 17:16:27 dnsmasq[6330]: query[HTTPS] e6987.a.akamaiedge.net from 192.168.50.5

Dec 28 17:16:27 dnsmasq[6330]: forwarded e6987.a.akamaiedge.net to 127.0.0.1

Dec 28 17:16:27 dnsmasq[6330]: query[HTTPS] e6987.a.akamaiedge.net from 192.168.50.5

Dec 28 17:16:27 dnsmasq[6330]: forwarded e6987.a.akamaiedge.net to 127.0.0.1

Dec 28 17:16:28 dnsmasq[6330]: query[HTTPS] e6987.a.akamaiedge.net from 192.168.50.5

Dec 28 17:16:28 dnsmasq[6330]: forwarded e6987.a.akamaiedge.net to 127.0.0.1

Dec 28 17:16:28 dnsmasq[6330]: reply error is SERVFAIL

running dig google.com @8.8.8.8

<<>> DiG 9.16.22-Raspbian <<>> google.com @8.8.8.8

global options: +cmd

Got answer:

->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21687

flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

OPT PSEUDOSECTION:

EDNS: version: 0, flags:; udp: 512

QUESTION SECTION:

google.com. IN A

ANSWER SECTION:

google.com. 300 IN A 142.251.36.206

Query time: 29 msec

SERVER: 8.8.8.8#53(8.8.8.8)

WHEN: Tue Dec 28 17:17:43 CET 2021

MSG SIZE rcvd: 55

works without any problems.

Also changing the Upstream DNS Servers to e.g. Cloudflare works without any issues.

When changing it to 127.0.0.1#5335 I also receive the following issue every 5 minutes on the pi hole web interface:

|2021-12-28 17:09:31|DNSMASQ_WARN|Warning in dnsmasq core:

Maximum number of concurrent DNS queries reached (max: 150)|

I already reinstalled unbound and reconfigured it without any success.

Hope anyone can help!

Debug Token: https://tricorder.pi-hole.net/zO8NCyXc/

Pete1612 December 29, 2021, 6:22pm 2

Has anybody heard of this issue?
Does it maybe have something to do with the DHCP service of the Raspi?

jfb December 29, 2021, 6:28pm 3

A few things to check. Run this command from the Pi terminal and ensure the returned date/time is correct for your location:

date

Then, please run this command from the Pi terminal and post the complete output:

sudo grep -v '#\|^$' -R /etc/unbound/unbound.conf*

Pete1612 December 29, 2021, 7:20pm 4

Hello jfb,

Thanks for your reply

Sorry I forgot to mention that I already checked the date:

pi@homebridge:~ $ date
Wed 29 Dec 20:16:57 CET 2021

The output of the other command is the following:


pi@homebridge:~ $ sudo grep -v '#\|^$' -R /etc/unbound/unbound.conf*
/etc/unbound/unbound.conf:include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf:forward-zone:
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf:  name: "fritz.box"
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf:  forward-addr: 192.168.50.5
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf:  forward-addr: fd00::1eed:6fff:fe84:469f
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf:forward-zone:
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf:  name: "."
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf:  forward-addr: 192.168.50.5
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf:  forward-addr: fd00::1eed:6fff:fe84:469f
/etc/unbound/unbound.conf.d/pi-hole.conf:server:
/etc/unbound/unbound.conf.d/pi-hole.conf:    verbosity: 0
/etc/unbound/unbound.conf.d/pi-hole.conf:    interface: 127.0.0.1
/etc/unbound/unbound.conf.d/pi-hole.conf:    port: 5335
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-ip4: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-udp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-tcp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf:    prefer-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf:    root-hints: "/var/lib/unbound/root.hints"
/etc/unbound/unbound.conf.d/pi-hole.conf:    harden-glue: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    harden-dnssec-stripped: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    use-caps-for-id: no
/etc/unbound/unbound.conf.d/pi-hole.conf:    edns-buffer-size: 1232
/etc/unbound/unbound.conf.d/pi-hole.conf:    prefetch: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    num-threads: 1
/etc/unbound/unbound.conf.d/pi-hole.conf:    so-rcvbuf: 1m
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 192.168.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 169.254.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 172.16.0.0/12
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 10.0.0.0/8
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: fd00::/8
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: fe80::/10
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:server:
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:    auto-trust-anchor-file: "/var/lib/unbound/root.key"

Thanks for your help!

jfb December 29, 2021, 8:26pm 5

Edit file /etc/resolvconf.conf and comment out the last line which should read:

unbound_conf=/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf

Delete the unwanted unbound configuration file:

sudo rm /etc/unbound/unbound.conf.d/resolvconf_resolvers.conf

Restart unbound:

sudo service unbound restart

Pete1612 December 30, 2021, 1:08pm 6

Hello jfb,

It seams like that solved the issue.
Unbound now works as expected

Thank you so much!

Could you kindly please specify what the resolvconf_resolvers.conf does, how and when it is created
I‘d like to know what the issue was and why.

yubiuser December 31, 2021, 10:00am 7

A bit lengthy but should be helpful

1 Like

system Closed January 21, 2022, 10:01am 8

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.