Raspberry Pi 2 Model B Pi-Hole unbound, standard install

Please follow the below template, it will help us to help you!

If you are Experiencing issues with a Pi-hole install that has non-standard elements (e.g you are using nginx instead of lighttpd, or there is some other aspect of your install that is customised) - please use the Community Help category.

Expected Behaviour:

I have followed this guide Pi Hole install
and this guide Pi Hole Unbound

cat /etc/resolv.conf
# Generated by resolvconf
domain lan

So resolv.conf does not get updated and unbound does not seem to be working.

dig pi-hole.net @ -p 5335
; <<>> DiG 9.16.37-Raspbian <<>> pi-hole.net @ -p 5335
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 63935
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 1232
;pi-hole.net.                   IN      A

;; Query time: 2189 msec
;; WHEN: Wed May 10 16:20:18 CEST 2023
;; MSG SIZE  rcvd: 40

Note that i had to make a space between @ and because new users cant mention other users.

Distributor ID: Raspbian
Description:    Raspbian GNU/Linux 11 (bullseye)
Release:        11
Codename:       bullseye

raspberry pi 2 model b

Actual Behaviour:

Debug Token:


You seem to run your Pi-hole on an RPi, and there is a notable time jump in your logs:

*** [ DIAGNOSING ]: Pi-hole log
-rw-r----- 1 pihole pihole 651K May 10 16:14 /var/log/pihole/pihole.log

   -----tail of pihole.log------
   May 10 15:49:00 dnsmasq[1736]: read /etc/pihole/local.list - 0 names
   May 10 16:14:37 dnsmasq[1736]: query[A] xn--myetherwllet-9bb.com from

At the time you ran that dig, was your RPi's time and time zone information accurate?
Is it now?

Well, i guess?

pi@raspberrypi:~ $ date
Thu 11 May 08:21:51 CEST 2023

pi@raspberrypi:~ $ ll /etc/localtime
lrwxrwxrwx 1 root root 36 May 3 02:26 /etc/localtime -> /usr/share/zoneinfo/Europe/Stockholm

pi@raspberrypi:~ $ timedatectl status
Local time: Thu 2023-05-11 08:23:43 CEST
Universal time: Thu 2023-05-11 06:23:43 UTC
RTC time: n/a
Time zone: Europe/Stockholm (CEST, +0200)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no

Btw, is it quotes you are using to get the text formated in the way in your and my edited post?

I have made a new install and saved all the commands. So everything can be looked at step by step, if you want to see it.

But im thinking, I am using Asus-Merlin firmware on my RT-AX86U router. Where i am running AdGuard Home, no unbound though, but the router is intercepting all DNS querys. Does this affect my lab raspberry pi too when it runs unbound locally?


You can format an inline code surrounding the command with backticks:

# This will show the command without trigger a mention:
`dig pi-hole.net @ -p 5335`

The result will be like this: dig pi-hole.net @ -p 5335

Also, you can create code blocks (like file contents) putting the code inside fences (```), like this:

multiline code
another line
and another one 

The result will look like this:

multiline code
another line
and another one 

you can add code format (inline or multi-line) simply selecting the text and pressing CTRL+E.

I am simply applying 'Preformatted text' to a highlighted selection in the editor, which would add the necessary characters mentioned by rdwebdesign: :wink:

A synchronised time is essential for DNSSEC validation.
In absence of a correct timeframe, all DNSSEC validation is bound to fail, and you lose DNS resolution capabilities completely.

If your time is correct now, and your dig still fails, then your issue is not related to wrong timings.


Since you followed our guide, unbound would be configured as a recursive resolver, i.e. it would walk the chain of authoritative DNS resolvers until it gets to the one that is serving the requested DNS record.

If you'd block, restrict, redirect or otherwise manipulate DNS for the machine hosting unbound, then its DNS requests will likely fail, either because they would never reach the respective authoritative DNS servers, or because DNSSEC validation would fail, resulting in unbound dsicarding DNS replies as BOGUS.

Yeah i see. Maybe i can find another router somewhere where i can test this.
I'll be back!

A new router wouldn't be required:
Just allow your Pi-hole/unbound host to access any public DNS server in your Merlin firmware's firewall.

Hmm how do i do that? I'm running Skynet

How does that relate to:

Specifically, how would using Skynet as an ISP affect your Asus-Merlin firmware's configuration?

Skynet is a firewall for Asus merlin routers.


This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.