i just checked sudo vi /etc/unbound/unbound.conf.d has nothing in it.
i have put my config in the following sudo vi /etc/unbound/unbound.conf.d/pi-hole.conf
does that help with your question? about whats in config of unbound? i can put that information up if that will help?
sudo grep -v '#\|^$' -R /etc/unbound/unbound.conf.d
pi@raspberrypi:~ $ sudo grep -v '#|^$' -R /etc/unbound/unbound.conf.d
/etc/unbound/unbound.conf.d/pi-hole.conf:server:
/etc/unbound/unbound.conf.d/pi-hole.conf: logfile: "/var/log/unbound/unbound.log"
/etc/unbound/unbound.conf.d/pi-hole.conf: verbosity: 0
/etc/unbound/unbound.conf.d/pi-hole.conf: port: 5353
/etc/unbound/unbound.conf.d/pi-hole.conf: do-ip4: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-udp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-tcp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf: root-hints: "/var/lib/unbound/root.hints"
/etc/unbound/unbound.conf.d/pi-hole.conf: cache-min-ttl: 3600
/etc/unbound/unbound.conf.d/pi-hole.conf: cache-max-ttl: 86400
/etc/unbound/unbound.conf.d/pi-hole.conf: cache-max-negative-ttl: 3600
/etc/unbound/unbound.conf.d/pi-hole.conf: edns-buffer-size: 4096
/etc/unbound/unbound.conf.d/pi-hole.conf: interface: 127.0.0.1
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 192.168.0.1/24
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 192.168.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 192.168.20.1/24
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 192.168.20.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 172.16.0.0/12
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 10.0.0.0/8
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: fd00::/8
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: fe80::/10
/etc/unbound/unbound.conf.d/pi-hole.conf: access-control: 0.0.0.0/0 refuse
/etc/unbound/unbound.conf.d/pi-hole.conf: access-control: 127.0.0.0/8 allow
/etc/unbound/unbound.conf.d/pi-hole.conf: access-control: 192.168.0.0/24 allow
/etc/unbound/unbound.conf.d/pi-hole.conf: access-control: 192.168.20.0/24 allow
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-glue: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-dnssec-stripped: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-short-bufsize: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-large-queries: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: hide-identity: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: hide-version: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: ratelimit: 1000
/etc/unbound/unbound.conf.d/pi-hole.conf: unwanted-reply-threshold: 10000
/etc/unbound/unbound.conf.d/pi-hole.conf: use-caps-for-id: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: ssl-upstream: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: val-clean-additional: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-below-nxdomain: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: delay-close: 10000
/etc/unbound/unbound.conf.d/pi-hole.conf: neg-cache-size: 4M
/etc/unbound/unbound.conf.d/pi-hole.conf: do-daemonize: no
/etc/unbound/unbound.conf.d/pi-hole.conf: qname-minimisation: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: qname-minimisation-strict: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: rrset-roundrobin: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: num-threads: 4
/etc/unbound/unbound.conf.d/pi-hole.conf: msg-cache-slabs: 4
/etc/unbound/unbound.conf.d/pi-hole.conf: rrset-cache-slabs: 4
/etc/unbound/unbound.conf.d/pi-hole.conf: infra-cache-slabs: 4
/etc/unbound/unbound.conf.d/pi-hole.conf: key-cache-slabs: 4
/etc/unbound/unbound.conf.d/pi-hole.conf: ratelimit-slabs: 4
/etc/unbound/unbound.conf.d/pi-hole.conf: ratelimit-size: 4m
/etc/unbound/unbound.conf.d/pi-hole.conf: rrset-cache-size: 128m
/etc/unbound/unbound.conf.d/pi-hole.conf: msg-cache-size: 64m
/etc/unbound/unbound.conf.d/pi-hole.conf: outgoing-range: 256
/etc/unbound/unbound.conf.d/pi-hole.conf: num-queries-per-thread: 1024
/etc/unbound/unbound.conf.d/pi-hole.conf: so-rcvbuf: 1m
/etc/unbound/unbound.conf.d/pi-hole.conf: so-sndbuf: 1m
/etc/unbound/unbound.conf.d/pi-hole.conf: prefetch: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: prefetch-key: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: minimal-responses: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: serve-expired: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: so-reuseport: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:forward-zone:
/etc/unbound/unbound.conf.d/pi-hole.conf: name: "."
/etc/unbound/unbound.conf.d/pi-hole.conf: forward-ssl-upstream: yes
Binary file /etc/unbound/unbound.conf.d/.pi-hole.conf.swp matches
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:server:
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf: auto-trust-anchor-file: "/var/lib/unbound/root.key"
Binary file /etc/unbound/unbound.conf.d/.pi-hole.conf.swo matches
Has this installation of unbound ever worked?
What guide did you use to setup this installation of unbound? There are a number of configuration options not used in the Pi-Hole setup guide for unbound, which is known to result in a working install of unbound.
This is a fresh install on a new pi4. The unbound has never worked. My friend is running same config as me on his pi3. That is why there are some variation to work on his and my network. I believe his is working fine with these Configs on pi3. I am am upgrading to pi 4 and trying to run fresh install but not successful. I will have a read over the link provided also. Thanks
My advice - remove all traces of your existing unbound installation, then start from scratch following the Pi-Hole guide. These commands should do it - not tested since I want to keep my unbound install
sudo service unbound stop
sudo apt remove unbound
sudo apt purge unbound
sudo rm /etc/unbound
sudo rm /var/lib/unbound
sudo rm /var/lib/root.hints
Haha yer fair call! Can do. I will start fresh and see how it goes. Then I could add in additional settings and test to find if some are causing problems.
Be very careful here. Unbound works fine without any tinkering. You will see a number of posts where users are trying to squeeze tiny amounts of performance gains out of their unbound install. For everyday home use, the microsecond you may save here and there are not going to produce any noticable difference. If you look at the optimization page for unbound, this is the first sentence:
This how to contains a guide for optimising unbound. Most users do not have to do this, but it could be useful for large resolver installations.
My best advice on the topic (I have four unbound installs running, and I have tried various tweaks) - install unbound and leave it alone. It just works.
Thanks for the information. Would you have an idea why it is working on a pi3 but not in a pi4. Or do you think something in mine has gone wrong in comparison to friends Pi 3.
Appreciate the help
The platform should make no difference, since these devices are similar in architecture. A clean install with known good parameters is the best start.
Your friend appears to have thrown the kitchen sink of options at their unbound install. Many of them are an attempt to harden their installation against attacks - this is not necessary when the only client using unbound is Pi-Hole on the same device.
Your debug log has expired, so I can't see which OS you are running. If Stretch, you will get unbound V 1.6. If Buster, you will get unbound V 1.9 with the apt install.
That reset the anchor to what it should be. Try restarting the Pi-hole device and then run:
sudo systemctl --full --no-pager status unbound and see if it's all working.
I ran sudo systemctl --full --no-pager status unbound and it came back saying successful. I then did restart and re ran and came back saying anchor could not be fix.
What are the permissions on that file?
sudo ls -la /var/lib/unbound/root.key
Sorry what should the anchor be reset to? I missed that partt
If the permissions are correct then it should be set already.
dschaper@nanopihole:~$ sudo ls -la /var/lib/unbound/root.key
-rw-r--r-- 1 unbound unbound 758 Nov 19 21:57 /var/lib/unbound/root.key
pi@raspberrypi:~ $ sudo ls -la /var/lib/unbound/root.key
-rw-r--r-- 1 unbound unbound 758 Nov 19 19:11 /var/lib/unbound/root.key
I think I will try remove unbound and try again using documentation supplied. I will advise outcome hopefully later tonight when home from work. 
i have started the new Unbound install. i have noticed an error on install may this be causing some problems seen earlier?
pi@raspberrypi:~ $ sudo apt install unbound
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
unbound
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 669 kB of archives.
After this operation, 3,633 kB of additional disk space will be used.
Get:1 http://raspbian.melbourneitmirror.net/raspbian buster/main armhf unbound armhf 1.9.0-2+deb10u1 [669 kB]
Fetched 669 kB in 3s (208 kB/s)
Selecting previously unselected package unbound.
(Reading database ... 158841 files and directories currently installed.)
Preparing to unpack .../unbound_1.9.0-2+deb10u1_armhf.deb ...
Unpacking unbound (1.9.0-2+deb10u1) ...
Setting up unbound (1.9.0-2+deb10u1) ...
Created symlink /etc/systemd/system/multi-user.target.wants/unbound.service → /lib/systemd/system/unbound.service.
Created symlink /etc/systemd/system/unbound.service.wants/unbound-resolvconf.service → /lib/systemd/system/unbound-resolvconf.service.
Job for unbound.service failed because the control process exited with error code.
See "systemctl status unbound.service" and "journalctl -xe" for details.
Job for unbound.service failed because the control process exited with error code.
See "systemctl status unbound.service" and "journalctl -xe" for details.
invoke-rc.d: initscript unbound, action "start" failed.
● unbound.service - Unbound DNS server
Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Wed 2019-11-20 19:55:27 AWST; 52ms ago
Docs: man:unbound(8)
Process: 5848 ExecStartPre=/usr/lib/unbound/package-helper chroot_setup (code=exited, status=0/SUCCESS)
Process: 5851 ExecStartPre=/usr/lib/unbound/package-helper root_trust_anchor_update (code=exited, status=0/SUCCESS)
Process: 5858 ExecStart=/usr/sbin/unbound -d $DAEMON_OPTS (code=exited, status=1/FAILURE)
Main PID: 5858 (code=exited, status=1/FAILURE)
Processing triggers for man-db (2.8.5-2) ...
Processing triggers for systemd (241-7~deb10u1+rpi1) ...
pi@raspberrypi:~ $
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.