SERVFAIL with unbound

#47

root@rockpi:~# uname -sm
Linux aarch64
How to update the version of this system

#48

I am testing if I have dnscryptproxy installed.

#49

I am testing if I have dnscryptproxy installed.

#50

I used this tutorial to install and configure unbound

https://docs.pi-hole.net/guides/unbound/

#52

That is good. Did you stop unbound and then start it with unbound -d -vvvv ???

Upgrading is for a later time.

#53

yes Yes, the unbound is already running normally, and arm64 is only 1.6.7.

#54

#55

root@rockpi:~# sudo service unbound stop
root@rockpi:~# unbound -d -vvvv
[1552495417] unbound[341:0] notice: Start of unbound 1.6.7.
[1552495417] unbound[341:0] debug: increased limit(open files) from 1024 to 21558
[1552495417] unbound[341:0] debug: creating udp4 socket 127.0.0.1 5353
[1552495417] unbound[341:0] debug: creating tcp4 socket 127.0.0.1 5353
[1552495417] unbound[341:0] debug: creating udp4 socket 127.0.0.1 5353
[1552495417] unbound[341:0] debug: creating tcp4 socket 127.0.0.1 5353
[1552495417] unbound[341:0] debug: creating udp4 socket 127.0.0.1 5353
[1552495417] unbound[341:0] debug: creating tcp4 socket 127.0.0.1 5353
[1552495417] unbound[341:0] debug: creating udp4 socket 127.0.0.1 5353
[1552495417] unbound[341:0] debug: creating tcp4 socket 127.0.0.1 5353
[1552495417] unbound[341:0] debug: creating tcp4 socket 127.0.0.1 8953
[1552495417] unbound[341:0] debug: switching log to syslog

#56

That is good and you can stop it again and start the unbound service:

sudo service unbound start

You don’t have RaspberryPI but an other device Rockchip64 so a different library.

I don’t know if you can install a newer version of unbound due to that there is no disco verison for armbian.

#57

There is no latest ubound for armbian which is currently 1.6.7

root@rockpi:~# sudo service unbound stop
root@rockpi:~# unbound -d -vvvv
[1552496472] unbound[2880:0] notice: Start of unbound 1.6.7.
[1552496472] unbound[2880:0] debug: increased limit(open files) from 1024 to 21558
[1552496472] unbound[2880:0] debug: creating udp4 socket 127.0.0.1 5353
[1552496472] unbound[2880:0] debug: creating tcp4 socket 127.0.0.1 5353
[1552496472] unbound[2880:0] debug: creating udp4 socket 127.0.0.1 5353
[1552496472] unbound[2880:0] debug: creating tcp4 socket 127.0.0.1 5353
[1552496472] unbound[2880:0] debug: creating udp4 socket 127.0.0.1 5353
[1552496472] unbound[2880:0] debug: creating tcp4 socket 127.0.0.1 5353
[1552496472] unbound[2880:0] debug: creating udp4 socket 127.0.0.1 5353
[1552496472] unbound[2880:0] debug: creating tcp4 socket 127.0.0.1 5353
[1552496472] unbound[2880:0] debug: creating tcp4 socket 127.0.0.1 8953
[1552496472] unbound[2880:0] debug: switching log to syslog
root@rockpi:~# sudo service unbound start
root@rockpi:~#

#58

Mar 14 01:08:29 dnsmasq[1182]: forwarded www.google.com.hk to 127.0.0.1
Mar 14 01:08:29 dnsmasq[1182]: query[A] www.google.com.hk.lan from 192.168.1.149
Mar 14 01:08:29 dnsmasq[1182]: forwarded www.google.com.hk.lan to 192.168.1.1
Mar 14 01:08:30 dnsmasq[1182]: query[A] woodpecker.uc.cn from 192.168.1.149
Mar 14 01:08:30 dnsmasq[1182]: /etc/pihole/gravity.list woodpecker.uc.cn is NXDOMAIN
Mar 14 01:08:30 dnsmasq[1182]: query[A] woodpecker.uc.cn.lan from 192.168.1.149
Mar 14 01:08:30 dnsmasq[1182]: forwarded woodpecker.uc.cn.lan to 192.168.1.1
Mar 14 01:08:31 dnsmasq[1182]: query[A] www.google.com.hk.lan from 192.168.1.149
Mar 14 01:08:31 dnsmasq[1182]: forwarded www.google.com.hk.lan to 192.168.1.1
Mar 14 01:08:34 dnsmasq[1182]: query[A] www.google.com.hk from 192.168.1.149
Mar 14 01:08:34 dnsmasq[1182]: forwarded www.google.com.hk to 127.0.0.1
Mar 14 01:08:34 dnsmasq[1182]: forwarded www.google.com.hk to 127.0.0.1
Mar 14 01:08:34 dnsmasq[1182]: query[A] www.google.com.hk.lan from 192.168.1.149
Mar 14 01:08:34 dnsmasq[1182]: forwarded www.google.com.hk.lan to 192.168.1.1
Mar 14 01:08:35 dnsmasq[1182]: query[A] woodpecker.uc.cn.lan from 192.168.1.149
Mar 14 01:08:35 dnsmasq[1182]: forwarded woodpecker.uc.cn.lan to 192.168.1.1
Mar 14 01:08:36 dnsmasq[1182]: query[PTR] 0.1.168.192.in-addr.arpa from 192.168.1.1
Mar 14 01:08:37 dnsmasq[1182]: forwarded 0.1.168.192.in-addr.arpa to 192.168.1.1
Mar 14 01:08:39 dnsmasq[1182]: query[A] www.google.com.hk from 192.168.1.149
Mar 14 01:08:39 dnsmasq[1182]: forwarded www.google.com.hk to 127.0.0.1
Mar 14 01:08:39 dnsmasq[1182]: forwarded www.google.com.hk to 127.0.0.1
Mar 14 01:08:39 dnsmasq[1182]: query[A] www.google.com.hk.lan from 192.168.1.149
Mar 14 01:08:39 dnsmasq[1182]: forwarded www.google.com.hk.lan to 192.168.1.1
Mar 14 01:08:44 dnsmasq[1182]: query[A] www.google.com.hk from 192.168.1.149
Mar 14 01:08:44 dnsmasq[1182]: forwarded www.google.com.hk to 127.0.0.1
Mar 14 01:08:44 dnsmasq[1182]: forwarded www.google.com.hk to 127.0.0.1
Mar 14 01:08:44 dnsmasq[1182]: query[A] www.google.com.hk.lan from 192.168.1.149
Mar 14 01:08:44 dnsmasq[1182]: forwarded www.google.com.hk.lan to 192.168.1.1
Mar 14 01:08:44 dnsmasq[1182]: query[A] www.google.com.hk from 192.168.1.149
Mar 14 01:08:44 dnsmasq[1182]: forwarded www.google.com.hk to 127.0.0.1
Mar 14 01:08:44 dnsmasq[1182]: forwarded www.google.com.hk to 127.0.0.1
Mar 14 01:08:44 dnsmasq[1182]: forwarded www.google.com.hk to 127.0.0.1
Mar 14 01:08:47 dnsmasq[1182]: query[PTR] 0.1.168.192.in-addr.arpa from 192.168.1.1
Mar 14 01:08:47 dnsmasq[1182]: forwarded 0.1.168.192.in-addr.arpa to 192.168.1.1
Mar 14 01:08:49 dnsmasq[1182]: query[A] www.google.com.hk from 192.168.1.149
Mar 14 01:08:49 dnsmasq[1182]: forwarded www.google.com.hk to 127.0.0.1
Mar 14 01:08:49 dnsmasq[1182]: forwarded www.google.com.hk to 127.0.0.1
Mar 14 01:08:49 dnsmasq[1182]: query[A] www.google.com.hk.lan from 192.168.1.149
Mar 14 01:08:49 dnsmasq[1182]: forwarded www.google.com.hk.lan to 192.168.1.1
Mar 14 01:08:49 dnsmasq[1182]: query[A] www.google.com.hk from 192.168.1.149
Mar 14 01:08:49 dnsmasq[1182]: forwarded www.google.com.hk to 127.0.0.1
Mar 14 01:08:49 dnsmasq[1182]: forwarded www.google.com.hk to 127.0.0.1

Always querying ip

#59

Dnscryptproxy2.0 can parse www.googke.com.hk normally, but unbound can’t! I plan to use dnscryptproxy

#60

Unbound can’t parse www.google.com.hk normally and Dnscryptproxy2.0 can be normal

#62

Mar 14 01:15:50 dnsmasq[1313]: query[A] www.google.com.hk from 192.168.1.1
Mar 14 01:15:50 dnsmasq[1313]: cached www.google.com.hk is 172.217.11.163
Mar 14 01:15:50 dnsmasq[1313]: query[AAAA] www.google.com.hk from 192.168.1.1
Mar 14 01:15:50 dnsmasq[1313]: cached www.google.com.hk is 2404:6800:4004:80a::2003
Mar 14 01:16:14 dnsmasq[1313]: query[A] www.google.com.hk from 192.168.1.1
Mar 14 01:16:14 dnsmasq[1313]: cached www.google.com.hk is 172.217.11.163
Mar 14 01:16:14 dnsmasq[1313]: query[AAAA] www.google.com.hk from 192.168.1.1
Mar 14 01:16:14 dnsmasq[1313]: cached www.google.com.hk is 2404:6800:4004:80a::2003
Mar 14 01:16:44 dnsmasq[1313]: query[PTR] 0.1.168.192.in-addr.arpa from 192.168.1.1
Mar 14 01:16:44 dnsmasq[1313]: forwarded 0.1.168.192.in-addr.arpa to 192.168.1.1
Mar 14 01:16:47 dnsmasq[1313]: query[A] www.google.com.hk from 192.168.1.1

#63

I see a lot of text which only make unclearer.

The best is use dig as in this post https://discourse.pi-hole.net/t/servfail-with-unbound/18291/3

You write DNScryptproxy is resolving while your version of Unbound can’t.
Other users of Unbound are able to resolve so it is most likely that this problem resolved after 1.6.7 and before Unbound 1.9.0 .

#65

Dig can be parsed normally, but it is not possible to use unbound for recursion in pi hole, which is very strange.

#66

Pi-hole is not the recursive server, that is Unbound for Pi-hole.

Client <–> Pi-hole <–> Unbound <–> External DNS server

Hmmm when Pi-hole (dnsmasq part) is acting strange then if you have DNSSEC enabled in Pi-hole, then try it with DNSSEC disabled.

#67

i do not have DNSSEC enabled in Pi-hole

closed #68

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.