The issue I am facing:
Unable to get a backup working w/Unbound
Details about my system:
I’m running latest PiHole, although restores failed on older version of PiHole as well. Installation is on latest Buster w/Unbound and PiVPN.
Specific Issue
I have used PiBaker to backup 2 raspberry pi with Buster installations. On several occasions I’ve tried restoring these backups and was unable to get any DNS resolution. Other backups on Raspberry Pi 3B+ without Unbound have been restored successfully with no issues which leads me to believe that Unbound is causing the issue. Has anyone in the community been able to successfully restore a backup that has a Unbound installation? I’m thinking that maybe it’s a system time issue. I’ve tried rebooting the Pi several times after restore and have also tried to stop/start unbound but never get any DNS resolution. Would love to hear from anyone that has experienced this because as it currently stands having a backup of my raspberry Pi 4 with this installation is useless. Thanks for this “Community Help” category guys as it helps us newbies with installations out of the scope of ordinary support! Great idea!
If you've enabled DNSSEC, an incorrect system time may indeed compromise DNS resolution, as cryptography used for digitally signing DNS records relies on DNS servers and your RPi using the same time frame.
So this could very well interfere when restoring from a backup.
On a default Raspbian Stretch and above, you should make sure NTP sync is turned on:
sudo timedatectl set-ntp true
If time is diverging or unsynced, restarting the service should enforce a sync:
sudo systemctl restart systemd-timesyncd.service
Syncing may not work if time is off by too much.
In that case, you can still set the time manually:
timedatectl set-time '2020-05-19 15:00:00
You may have to stop NTP syncing temporarily for this to work by sudo timedatectl set-ntp false. Don't forget to reenable it once set.
You may also want to check time zone settings, in case you did move places in between storing and retreiving your backup.
As a side note:
RPis do lack a dedicated hardware RTC, so they are particularly susceptible to losing accurate time settings. If you are using DNSSEC, consider to invest in a proper RTC hat for your RPi.
1 Like
Hello. Thanks for the tips! I was forced to do a completely new install after my restore didn’t work, but I still have that old backup. I’ll try restoring that backup to another SD Card and try out your suggestions once I’m home from work. I do indeed have DNSSEC enabled vía Unbound.