Raspberry Pi - name servers

aarbron · July 2, 2025, 1:48pm

Hi all,

I've got two Pi's running - both on Bookworm with Pihole (V6), Unbound and Gravsync.

I was having a look through the resolv.conf file (/etc/resolv.conf)

GNU nano 5.4  /etc/resolv.conf
# Generated by resolvconf
nameserver 127.0.0.1

My Pi's are set to 127.0.0.1 at the moment. My question is should they be set to the local loopback for name resolution or is it better to have them pointing to an upstream server like Cloudflare? I'm not sure since I'm running Unbound in recursive mode.

Pihole itself seems to be working fine.

Thanks all

DanSchaper · July 2, 2025, 4:42pm

Depends on how you want the DNS queries for the hosts to be resolved. If you want them to be filtered or to appear on the Pi-hole metrics.

Using Pi-hole as the DNS server for the host that Pi-hole is running on runs the risk of complicating things if Pi-hole goes down. You'd have to edit /etc/resolv.conf to point to a running DNS server in order to do any repairs or maintenance that requires DNS (things like apt or pihole -r).

aarbron · July 2, 2025, 5:07pm

Thanks @DanSchaper. I have two piholes running in tandem on the network, so hopefully they’ll never completely go down. Since that is the case, would you leave the DNS pointing to Pihole on each device? I’m not too bothered about queries being logged in the pihole metrics.

DanSchaper · July 2, 2025, 5:40pm

If you don't have an explicit reason to send the host traffic through Pi-hole then the best practice would be to use an external DNS as the host DNS in /etc/resolv.conf. I guess you could use the Unbound instance, I am assuming that you have Unbound as the upstream for Pi-hole so if Unbound is down then Pi-hole itself wouldn't work.

Using recursive Unbound as the DNS can cause issues with geolocation and CDNs. You'd run the chance of being routed to a server a lot farther away than an available local server but that would affect streaming video or gaming. Worse case for the server would be a slower than needed download from a remote apt package mirror.

aarbron · July 2, 2025, 6:06pm

Tbh I’m looking at removing Unbound. I signed up to NordVPN recently and I set my Draytek router up to use a dial out VPN via Nord as a ‘default route’ and it’s not resolving. When I temporarily disabled unbound and set my pihole to just use Cloudflare as a DNS upstream forwarder, the VPN default route worked and websites etc started to resolve. I guess it’s due to the recursive nature of unbound?

Anyway, that said I’ll take your advise and set the Pi’s OS DNS to Cloudflare