The last thing I'm struggling with was getting logging set up when following the official guide.
Part of the guide here:
"On modern Debian/Ubuntu-based Linux systems, you'll also have to add an AppArmor exception for this new file so unbound can write into it.
Create (or edit if existing) the file /etc/apparmor.d/local/usr.sbin.unbound and append
/var/log/unbound/unbound.log rw,
to the end (make sure this value is the same as above). Then reload AppArmor using
sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.unbound sudo service unbound restart"
The issue here is AppArmor. I keep getting:
Warning: unable to find a suitable fs in /proc/mounts, is it mounted? Use --subdomainfs to override.
When I run sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.unbound
I've created the directories, the files, got the permissions set, I've installed apparmor and apparmor-utils. I tried googling this issue but keep getting 'compile a new kernel" results and that doesn't seem right when the official guide says this should just work out of the box with a default install of Unbound.
Any thoughts on this one? After this, I'll leave you alone Thank you very much for all of your help so far.
Client query logging can be looked up in the Pi-hole logs and long term database.
If its for diagnosing, you only have to up verbosity to the level that you desire and loopup the logs with journalctl:
Yes 53 UDP & TCP only for DNS.
Dont need a rule for 5335 bc this traffic is all happening on the isolated loopback interface named lo that cant be accessed from your LAN:
pi@ph5b:~ $ ip -br link show lo
lo UNKNOWN 00:00:00:00:00:00 <LOOPBACK,UP,LOWER_UP>
pi@ph5b:~ $ ip -br address show lo
lo UNKNOWN 127.0.0.1/8 ::1/128
Thank you very much for all of your help so far.