Thanks, will try this later.
But, doesn't using upstream servers with Unbound kind of defeat the point of unbound, or do I misunderstand the usage of unbound?
hmmm ok,
I think im part way to understanding 
I use pi-hole as DHCP, as I am unable to manually set DNS resolvers on my ISP provided router.
I can have DNSSEC working, without unbound.
If I choose, for example, Cloudflare as my upstream in Pi-hole settings, and select DNSSEC it works as expected....so effectively I don't need Unbound, as it isn't 'working' as a recursive server?
Yeah I'm certain. Which is also part of my confusion on this problem.
I'll be sure to double check it later when I'm back home.
I can confirm that if I select upstream in the DNS settings (Cloudflare) and tick the enable dnssec, everything works ok, and dnssec tests are passed.
So this would be the same as the above 'solution', i.e. using unbound with forward-control enabled?
pi@pi-hole:~ $ dnsmasq -v
Dnsmasq version 2.76 Copyright (c) 2000-2016 Simon Kelley
Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify
Any more thoughts on this?
I cant help but think that using Unbound + Cloudflare is kind of redundant?
Short update, installed the latest pihole version today and still see the SERVFAIL error when using unbound.
Yea, I tried adding forward-zone to the unbound config, with Cloudflare as the upstream and it works....but it's kind of redundant isn't it?
No advantage to that method over the 'normal' way?
Sorry but I don't understand what you mean?
Does anyone know of any other resources / forums for unbound?
Either they don't exist or my Google Fu is weak 
sorry to drag this one up again, really hoping for a solution to the unbound problem
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.