Please follow the below template, it will help us to help you!
If you are Experiencing issues with a Pi-hole install that has non-standard elements (e.g you are using nginx instead of lighttpd, or there is some other aspect of your install that is customised) - please use the Community Help category.
pi@raspberrypi:~ $ timedatectl status
Local time: Thu 2023-05-11 08:23:43 CEST
Universal time: Thu 2023-05-11 06:23:43 UTC
RTC time: n/a
Time zone: Europe/Stockholm (CEST, +0200)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
Btw, is it quotes you are using to get the text formated in the way in your and my edited post?
I have made a new install and saved all the commands. So everything can be looked at step by step, if you want to see it.
But im thinking, I am using Asus-Merlin firmware on my RT-AX86U router. Where i am running AdGuard Home, no unbound though, but the router is intercepting all DNS querys. Does this affect my lab raspberry pi too when it runs unbound locally?
I am simply applying 'Preformatted text' to a highlighted selection in the editor, which would add the necessary characters mentioned by rdwebdesign:
A synchronised time is essential for DNSSEC validation.
In absence of a correct timeframe, all DNSSEC validation is bound to fail, and you lose DNS resolution capabilities completely.
If your time is correct now, and your dig still fails, then your issue is not related to wrong timings.
Possibly.
Since you followed our guide, unbound would be configured as a recursive resolver, i.e. it would walk the chain of authoritative DNS resolvers until it gets to the one that is serving the requested DNS record.
If you'd block, restrict, redirect or otherwise manipulate DNS for the machine hosting unbound, then its DNS requests will likely fail, either because they would never reach the respective authoritative DNS servers, or because DNSSEC validation would fail, resulting in unbound dsicarding DNS replies as BOGUS.