Setup Pi-Hole, followed the docs, network isn't working

ranjaro · June 16, 2025, 6:56am

Expected Behaviour:

I was attempting to run pi-hole and use unbound as a dns upstream. I followed the documentation and some guides for my specific hardware. My specs are as follows:
CPU: Intel(R) Core(TM) i7-6700T CPU @ 2.80GHz | RAM: 15Gb
I'm running this all in fedora 42 server edition, all bare metal. My router is a gl.inet flint 3.

Actual Behaviour:

Pi-hole and Unbound seemed to be working and configured correctly (I could ping to the server from my desktop and access the admin console on my browser) but when I set my browser to use the static ip of the server, my devices all dropped connection. I ran the 'pihole -d' command and everything seemed fine, but it looked like maybe my router and the server were in a dns loop? I tried setting one of the pre-selected DNS upstream providers and nothing. I'll include some output from commands from the guide and some parts for the log files I think are relevant. This is my first time setting up a server (Not my first time with Linux) and any help would be appreciated. (Note: I'll be replacing any instance where my ip/sensitive info is exposed with 'redacted')

Unbound tests (From official guide)

$ dig pi-hole.net @127.0.0.1 -p 5335

; <<>> DiG 9.18.36 <<>> pi-hole.net @127.0.0.1 -p 5335
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 19672
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;pi-hole.net.                   IN      A

;; Query time: 327 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1) (UDP)
;; WHEN: Sun Jun 15 23:09:48 EDT 2025
;; MSG SIZE  rcvd: 40

$ dig fail01.dnssec.works @127.0.0.1 -p 5335

; <<>> DiG 9.18.36 <<>> fail01.dnssec.works @127.0.0.1 -p 5335
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 63836
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;fail01.dnssec.works.           IN      A

;; Query time: 61 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1) (UDP)
;; WHEN: Sun Jun 15 23:10:48 EDT 2025
;; MSG SIZE  rcvd: 48

$ dig dnssec.works @127.0.0.1 -p 5335

; <<>> DiG 9.18.36 <<>> dnssec.works @127.0.0.1 -p 5335
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 51744
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;dnssec.works.                  IN      A

;; Query time: 45 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1) (UDP)
;; WHEN: Sun Jun 15 23:11:33 EDT 2025
;; MSG SIZE  rcvd: 41

Parts from pihole -d

*** [ DIAGNOSING ]: FirewallD
[i] Firewalld service active
[✓]   Allow Service: http
[✓]   Allow Service: dns
[✓]   Allow Service: dhcp
[✓]   Allow Service: dhcpv6
[✓] FTL Custom Zone Detected
[✓]   Local Interface Detected
[✗]   FTL Port 4711/tcp Not Detected (https://docs.pi-hole.net/main/prerequisites/#firewalld)

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] www.ahealingmind.com is NOERROR on lo (127.0.0.1)
[✓] www.ahealingmind.com is NOERROR on enp0s31f6 (redacted)
[✓] No IPv4 address available on wlp2s0
[✓] doubleclick.com is  via a remote, public DNS server (8.8.8.8)

*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 6 seconds)
   Scanning all your interfaces for DHCP servers and IPv6 routers
   Timeout: 6 seconds

   No answer on enp0s31f6

*** [ DIAGNOSING ]: Pi-hole processes
[✓] pihole-FTL daemon is active

  -----head of FTL.log------
   2025-06-15 20:34:08.336 EDT [2460M] INFO: Config file /etc/pihole/pihole.toml not available (r): No such file or directory
   2025-06-15 20:34:08.353 EDT [2458M] INFO: ########## FTL started on localhost.localdomain! ##########
   2025-06-15 20:34:08.353 EDT [2458M] INFO: FTL branch: master
   2025-06-15 20:34:08.353 EDT [2458M] INFO: FTL version: v6.2.3
   2025-06-15 20:34:08.353 EDT [2458M] INFO: FTL commit: 88737f62
   2025-06-15 20:34:08.353 EDT [2458M] INFO: FTL date: 2025-06-10 20:44:58 +0200
   2025-06-15 20:34:08.353 EDT [2458M] INFO: FTL user: pihole
   2025-06-15 20:34:08.353 EDT [2458M] INFO: Compiled for linux/amd64 (compiled on CI) using cc (Alpine 14.2.0) 14.2.0
   2025-06-15 20:34:08.358 EDT [2458M] INFO: Wrote config file:
   2025-06-15 20:34:08.358 EDT [2458M] INFO:  - 155 total entries
   2025-06-15 20:34:08.358 EDT [2458M] INFO:  - 154 entries are default
   2025-06-15 20:34:08.358 EDT [2458M] INFO:  - 1 entry is modified
   2025-06-15 20:34:08.358 EDT [2458M] INFO:  - 0 entries are forced through environment
   2025-06-15 20:34:08.359 EDT [2458M] INFO: Parsed config file /etc/pihole/pihole.toml successfully
   2025-06-15 20:34:08.359 EDT [2458M] INFO: PID file does not exist or not readable
   2025-06-15 20:34:08.359 EDT [2458M] INFO: No other running FTL process found.
   2025-06-15 20:34:08.361 EDT [2458M] INFO: PID of FTL process: 2458
   2025-06-15 20:34:08.362 EDT [2458M] CRIT: Error in dnsmasq configuration: failed to create listening socket for port 53: Address in use
   2025-06-15 20:34:08.362 EDT [2458M] ERROR: Error while trying to open database: unable to open database file
   2025-06-15 20:34:08.362 EDT [2458M] INFO: PID of FTL process: 2458
   2025-06-15 20:34:08.362 EDT [2458M] WARNING: No database file found, creating new (empty) database
   2025-06-15 20:34:08.427 EDT [2458M] INFO: Database version is 1
   2025-06-15 20:34:08.427 EDT [2458M] INFO: Updating long-term database to version 2
   2025-06-15 20:34:08.443 EDT [2458M] INFO: Updating long-term database to version 3
   2025-06-15 20:34:08.457 EDT [2458M] INFO: Updating long-term database to version 4
   2025-06-15 20:34:08.473 EDT [2458M] INFO: Updating long-term database to version 5
   2025-06-15 20:34:08.490 EDT [2458M] INFO: Updating long-term database to version 6
   2025-06-15 20:34:08.497 EDT [2458M] INFO: Updating long-term database to version 7
   2025-06-15 20:34:08.504 EDT [2458M] INFO: Updating long-term database to version 8
   2025-06-15 20:34:08.519 EDT [2458M] INFO: Updating long-term database to version 9
   2025-06-15 20:34:08.531 EDT [2458M] INFO: Updating long-term database to version 10
   2025-06-15 20:34:08.547 EDT [2458M] INFO: Updating long-term database to version 11
   2025-06-15 20:34:08.557 EDT [2458M] INFO: Updating long-term database to version 12
   2025-06-15 20:34:08.566 EDT [2458M] INFO: Updating long-term database to version 13
   2025-06-15 20:34:08.585 EDT [2458M] INFO: Updating long-term database to version 14

   -----tail of FTL.log------
   2025-06-15 22:50:43.454 EDT [41373M] INFO:   600000 queries parsed...
   2025-06-15 22:50:43.475 EDT [41373M] INFO:   610000 queries parsed...
   2025-06-15 22:50:43.496 EDT [41373M] INFO:   620000 queries parsed...
   2025-06-15 22:50:43.516 EDT [41373M] INFO:   630000 queries parsed...
   2025-06-15 22:50:43.538 EDT [41373M] INFO:   640000 queries parsed...
   2025-06-15 22:50:43.558 EDT [41373M] INFO:   650000 queries parsed...
   2025-06-15 22:50:43.579 EDT [41373M] INFO:   660000 queries parsed...
   2025-06-15 22:50:43.600 EDT [41373M] INFO:   670000 queries parsed...
   2025-06-15 22:50:43.621 EDT [41373M] INFO:   680000 queries parsed...
   2025-06-15 22:50:43.642 EDT [41373M] INFO:   690000 queries parsed...
   2025-06-15 22:50:43.663 EDT [41373M] INFO:   700000 queries parsed...
   2025-06-15 22:50:43.684 EDT [41373M] INFO:   710000 queries parsed...
   2025-06-15 22:50:43.705 EDT [41373M] INFO:   720000 queries parsed...
   2025-06-15 22:50:43.717 EDT [41373M] INFO: Imported 725664 queries from the long-term database
   2025-06-15 22:50:43.717 EDT [41373M] INFO:  -> Total DNS queries: 725664
   2025-06-15 22:50:43.718 EDT [41373M] INFO:  -> Cached DNS queries: 89
   2025-06-15 22:50:43.718 EDT [41373M] INFO:  -> Forwarded DNS queries: 725554
   2025-06-15 22:50:43.718 EDT [41373M] INFO:  -> Blocked DNS queries: 21
   2025-06-15 22:50:43.718 EDT [41373M] INFO:  -> Unknown DNS queries: 0
   2025-06-15 22:50:43.718 EDT [41373M] INFO:  -> Unique domains: 97
   2025-06-15 22:50:43.718 EDT [41373M] INFO:  -> Unique clients: 5
   2025-06-15 22:50:43.718 EDT [41373M] INFO:  -> DNS cache records: 19
   2025-06-15 22:50:43.718 EDT [41373M] INFO:  -> Known forward destinations: 5
   2025-06-15 22:50:43.831 EDT [41373M] INFO: Clock disciplining NTP client detected, not starting embedded NTP client/server
   2025-06-15 22:50:43.831 EDT [41373M] INFO: FTL is running as user pihole (UID 990)
   2025-06-15 22:50:43.832 EDT [41373M] INFO: Reading certificate from /etc/pihole/tls.pem ...
   2025-06-15 22:50:43.832 EDT [41373M] INFO: Using SSL/TLS certificate file /etc/pihole/tls.pem
   2025-06-15 22:50:43.832 EDT [41373M] INFO: Web server ports:
   2025-06-15 22:50:43.832 EDT [41373M] INFO:   - 0.0.0.0:80 (HTTP, IPv4, optional, OK)
   2025-06-15 22:50:43.832 EDT [41373M] INFO:   - 0.0.0.0:443 (HTTPS, IPv4, optional, OK)
   2025-06-15 22:50:43.832 EDT [41373M] INFO:   - [::]:80 (HTTP, IPv6, optional, OK)
   2025-06-15 22:50:43.832 EDT [41373M] INFO:   - [::]:443 (HTTPS, IPv6, optional, OK)
   2025-06-15 22:50:43.832 EDT [41373M] INFO: Restored 1 API session from the database
   2025-06-15 22:50:43.837 EDT [41373M] INFO: Blocking status is enabled
   2025-06-15 22:50:43.933 EDT [41373/T47526] INFO: Compiled 0 allow and 0 deny regex for 5 clients in 0.1 msec

-rw-r-----. 1 pihole pihole 1.7K Jun 15 22:50 /var/log/pihole/webserver.log
   -----head of webserver.log------
   [2025-06-15 20:34:08.812 EDT 2458] Initializing HTTP server on ports "80o,443os,[::]:80o,[::]:443os"
   [2025-06-15 20:34:11.972 EDT 2458] Initializing HTTP server on ports "80o,443os,[::]:80o,[::]:443os"
   [2025-06-15 20:36:02.402 EDT 2458] Authentication required, redirecting to /admin/login
   [2025-06-15 21:01:08.355 EDT 2458] Authentication required, redirecting to /admin/login
   [2025-06-15 21:36:38.229 EDT 2458] Initializing HTTP server on ports "80o,443os,[::]:80o,[::]:443os"
   [2025-06-15 21:43:58.645 EDT 4522] Initializing HTTP server on ports "80o,443os,[::]:80o,[::]:443os"
   [2025-06-15 21:59:54.212 EDT 22722] Initializing HTTP server on ports "80o,443os,[::]:80o,[::]:443os"
   [2025-06-15 22:09:51.712 EDT 28874] Initializing HTTP server on ports "80o,443os,[::]:80o,[::]:443os"
   [2025-06-15 22:16:55.083 EDT 28874] Initializing HTTP server on ports "80o,443os,[::]:80o,[::]:443os"
   [2025-06-15 22:17:09.320 EDT 28874] Initializing HTTP server on ports "80o,443os,[::]:80o,[::]:443os"
   [2025-06-15 22:17:35.596 EDT 28874] Initializing HTTP server on ports "80o,443os,[::]:80o,[::]:443os"
   [2025-06-15 22:17:51.845 EDT 28874] Initializing HTTP server on ports "80o,443os,[::]:80o,[::]:443os"
   [2025-06-15 22:22:38.376 EDT 35145] Initializing HTTP server on ports "80o,443os,[::]:80o,[::]:443os"
   [2025-06-15 22:41:02.125 EDT 41260] Initializing HTTP server on ports "80o,443os,[::]:80o,[::]:443os"
   [2025-06-15 22:46:30.008 EDT 41373] Initializing HTTP server on ports "80o,443os,[::]:80o,[::]:443os"
   [2025-06-15 22:47:12.741 EDT 41373] Initializing HTTP server on ports "80o,443os,[::]:80o,[::]:443os"
   [2025-06-15 22:50:43.831 EDT 41373] Initializing HTTP server on ports "80o,443os,[::]:80o,[::]:443os"

   -----tail of webserver.log------
   [2025-06-15 20:34:08.812 EDT 2458] Initializing HTTP server on ports "80o,443os,[::]:80o,[::]:443os"
   [2025-06-15 20:34:11.972 EDT 2458] Initializing HTTP server on ports "80o,443os,[::]:80o,[::]:443os"
   [2025-06-15 20:36:02.402 EDT 2458] Authentication required, redirecting to /admin/login
   [2025-06-15 21:01:08.355 EDT 2458] Authentication required, redirecting to /admin/login
   [2025-06-15 21:36:38.229 EDT 2458] Initializing HTTP server on ports "80o,443os,[::]:80o,[::]:443os"
   [2025-06-15 21:43:58.645 EDT 4522] Initializing HTTP server on ports "80o,443os,[::]:80o,[::]:443os"
   [2025-06-15 21:59:54.212 EDT 22722] Initializing HTTP server on ports "80o,443os,[::]:80o,[::]:443os"
   [2025-06-15 22:09:51.712 EDT 28874] Initializing HTTP server on ports "80o,443os,[::]:80o,[::]:443os"
   [2025-06-15 22:16:55.083 EDT 28874] Initializing HTTP server on ports "80o,443os,[::]:80o,[::]:443os"
   [2025-06-15 22:17:09.320 EDT 28874] Initializing HTTP server on ports "80o,443os,[::]:80o,[::]:443os"
   [2025-06-15 22:17:35.596 EDT 28874] Initializing HTTP server on ports "80o,443os,[::]:80o,[::]:443os"
   [2025-06-15 22:17:51.845 EDT 28874] Initializing HTTP server on ports "80o,443os,[::]:80o,[::]:443os"
   [2025-06-15 22:22:38.376 EDT 35145] Initializing HTTP server on ports "80o,443os,[::]:80o,[::]:443os"
   [2025-06-15 22:41:02.125 EDT 41260] Initializing HTTP server on ports "80o,443os,[::]:80o,[::]:443os"
   [2025-06-15 22:46:30.008 EDT 41373] Initializing HTTP server on ports "80o,443os,[::]:80o,[::]:443os"
   [2025-06-15 22:47:12.741 EDT 41373] Initializing HTTP server on ports "80o,443os,[::]:80o,[::]:443os"
   [2025-06-15 22:50:43.831 EDT 41373] Initializing HTTP server on ports "80o,443os,[::]:80o,[::]:443os"

*** [ DIAGNOSING ]: contents of /dev/shm
total 62M
-rw-------. 1 pihole pihole 340K Jun 15 22:50 FTL-41373-clients
-rw-------. 1 pihole pihole 4.0K Jun 15 22:50 FTL-41373-clients-lookup
-rw-------. 1 pihole pihole  328 Jun 15 22:50 FTL-41373-counters
-rw-------. 1 pihole pihole  12K Jun 15 22:50 FTL-41373-dns-cache
-rw-------. 1 pihole pihole 4.0K Jun 15 22:50 FTL-41373-dns-cache-lookup
-rw-------. 1 pihole pihole 4.0K Jun 15 22:50 FTL-41373-domains
-rw-------. 1 pihole pihole 4.0K Jun 15 22:50 FTL-41373-domains-lookup
-rw-------. 1 pihole pihole 556K Jun 15 22:50 FTL-41373-fifo-log
-rw-------. 1 pihole pihole   88 Jun 15 22:50 FTL-41373-lock
-rw-------. 1 pihole pihole 8.0K Jun 15 22:50 FTL-41373-overTime
-rw-------. 1 pihole pihole 4.0K Jun 15 22:50 FTL-41373-per-client-regex
-rw-------. 1 pihole pihole  60M Jun 15 23:02 FTL-41373-queries
-rw-------. 1 pihole pihole 768K Jun 15 22:50 FTL-41373-recycler
-rw-------. 1 pihole pihole  144 Jun 15 22:50 FTL-41373-settings
-rw-------. 1 pihole pihole  80K Jun 15 22:50 FTL-41373-strings
-rw-------. 1 pihole pihole  28K Jun 15 22:50 FTL-41373-upstreams

*** [ DIAGNOSING ]: contents of /etc

lrwxrwxrwx. 1 root root 39 Jun 15 16:40 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
   nameserver 192.168.8.1
   search lan

*** [ DIAGNOSING ]: Pi-hole diagnosis messages

*** [ DIAGNOSING ]: Locale
    LANG=en_US.UTF-8

*** [ DIAGNOSING ]: Pi-hole log
-rw-r-----. 1 pihole pihole 290M Jun 15 23:02 /var/log/pihole/pihole.log
   -----head of pihole.log------
   Jun 15 21:59:54 dnsmasq[22722]: started, version pi-hole-v2.92test13 cachesize 10000
   Jun 15 21:59:54 dnsmasq[22722]: DNS service limited to local subnets
   Jun 15 21:59:54 dnsmasq[22722]: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n IDN2 DHCP DHCPv6 Lua TFTP no-conntrack ipset no-nftset auth DNSSEC loop-detect inotify dumpfile
   Jun 15 21:59:54 dnsmasq[22722]: using nameserver 127.0.0.1#5335
   Jun 15 21:59:54 dnsmasq[22722]: using only locally-known addresses for onion
   Jun 15 21:59:54 dnsmasq[22722]: using only locally-known addresses for bind
   Jun 15 21:59:54 dnsmasq[22722]: using only locally-known addresses for invalid
   Jun 15 21:59:54 dnsmasq[22722]: using only locally-known addresses for localhost
   Jun 15 21:59:54 dnsmasq[22722]: using only locally-known addresses for test
   Jun 15 21:59:54 dnsmasq[22722]: using only locally-known addresses for pi.hole
   Jun 15 21:59:54 dnsmasq[22722]: using only locally-known addresses for lan
   Jun 15 21:59:54 dnsmasq[22722]: using only locally-known addresses for home.arpa
   Jun 15 21:59:54 dnsmasq[22722]: read /etc/hosts - 8 names
   Jun 15 21:59:54 dnsmasq[22722]: read /etc/pihole/hosts/custom.list - 0 names
   Jun 15 22:00:22 dnsmasq[22722]: query[A] google.com from 192.168.8.140
   Jun 15 22:00:22 dnsmasq[22722]: forwarded google.com to 127.0.0.1#5335
   Jun 15 22:00:23 dnsmasq[22722]: reply google.com is 142.251.179.139
   Jun 15 22:00:23 dnsmasq[22722]: reply google.com is 142.251.179.100
   Jun 15 22:00:23 dnsmasq[22722]: reply google.com is 142.251.179.102
   Jun 15 22:00:23 dnsmasq[22722]: reply google.com is 142.251.179.138

   -----tail of pihole.log------
   Jun 15 23:02:20 dnsmasq[41373]: reply error is REFUSED
   Jun 15 23:02:20 dnsmasq[41373]: query[NS] . from redacted
   Jun 15 23:02:20 dnsmasq[41373]: forwarded . to 127.0.0.1#5335
   Jun 15 23:02:20 dnsmasq[41373]: reply error is REFUSED
   Jun 15 23:02:20 dnsmasq[41373]: query[NS] . from redacted
   Jun 15 23:02:20 dnsmasq[41373]: forwarded . to 127.0.0.1#5335
   Jun 15 23:02:20 dnsmasq[41373]: reply error is REFUSED
   Jun 15 23:02:20 dnsmasq[41373]: query[NS] . from redacted
   Jun 15 23:02:20 dnsmasq[41373]: forwarded . to 127.0.0.1#5335
   Jun 15 23:02:20 dnsmasq[41373]: reply error is REFUSED
   Jun 15 23:02:20 dnsmasq[41373]: query[NS] . from redacted
   Jun 15 23:02:20 dnsmasq[41373]: forwarded . to 127.0.0.1#5335
   Jun 15 23:02:20 dnsmasq[41373]: reply error is REFUSED
   Jun 15 23:02:20 dnsmasq[41373]: query[NS] . from redacted
   Jun 15 23:02:20 dnsmasq[41373]: forwarded . to 127.0.0.1#5335
   Jun 15 23:02:20 dnsmasq[41373]: reply error is REFUSED
   Jun 15 23:02:20 dnsmasq[41373]: query[NS] . from redacted
   Jun 15 23:02:20 dnsmasq[41373]: forwarded . to 127.0.0.1#5335
   Jun 15 23:02:20 dnsmasq[41373]: reply error is REFUSED
   Jun 15 23:02:20 dnsmasq[41373]: reply error is SERVFAIL

If you think there is any other sort of diagnostic I can run, I will respond as fast as I can.

rdwebdesign · June 16, 2025, 6:59am

Please generate a new debug log, upload it when asked and post here only the Token generated after the upload.

ranjaro · June 16, 2025, 10:54am

my fault, I think I did it right, here:

7NhtQJLG

NGr · June 16, 2025, 3:36pm

Something else is binding port 53

ranjaro · June 16, 2025, 11:14pm

So I restarted the server, ran netstat -tunlp to see what was running on port 53 and it only showed pihole-ftl was listening on port 53. After poking around the server and the web interface I've determined that it might be a combination of unbound not working correctly for some reason (even though I followed the pi-hole documentation for setting it up 1:1) and the fact I probably need to disable my router's DHCP server and use the pi-hole's DHCP Server. Problem is I'm not sure what would happen if I were to do that latter, as this is my first entry into messing around with networking heavily. If anyone could answer if I were to disable my router's DHCP server and set the same number range it had in my pi-hole, whether or not that would cause my setup to explode or something. I'll also accept any additional tips for setting the pi-hole as the DHCP server if anyone has any. I'd also like some help troubleshooting unbound as I would prefer being able to use that for my setup, as I like it's implications for user control/privacy.

I ran another pihole -d to get the latest just to give it a once over, it looks good except it keeps saying port 4711 for firewalld is not setup or something even though I ran the command to enable that, but I'm not sure why it still shows that.

Anyway, thanks again for any future help

Token: xRLqXaxf

ranjaro · June 16, 2025, 11:15pm

I checked after restarting the server but I didn't see anything else taking port 53, so I think restarting it helped fix that stuff on the back end

ranjaro · June 16, 2025, 11:35pm

if it helps this is what I get when trying to test unbound:

sudo unbound-checkconf
unbound-checkconf: no errors in /etc/unbound/unbound.conf

And just so save some people time, I know that isn't named pi-hole.conf like in the docs, I couldn't get it to use the directory by default so I just placed this one liner in unbound.conf which got me the no errors output from above

include: "/etc/unbound/unbound.conf.d/pi-hole.conf"

And these are the latest output from the DNS dig test, same as in the pi-hole documentation:

dig pi-hole.net @127.0.0.1 -p 5335

; <<>> DiG 9.18.36 <<>> pi-hole.net @127.0.0.1 -p 5335
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32792
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;pi-hole.net.                   IN      A

;; ANSWER SECTION:
pi-hole.net.            300     IN      A       3.18.136.52

;; Query time: 17 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1) (UDP)
;; WHEN: Mon Jun 16 19:32:34 EDT 2025
;; MSG SIZE  rcvd: 56

dig fail01.dnssec.works @127.0.0.1 -p 5335

; <<>> DiG 9.18.36 <<>> fail01.dnssec.works @127.0.0.1 -p 5335
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62343
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;fail01.dnssec.works.           IN      A

;; ANSWER SECTION:
fail01.dnssec.works.    3600    IN      A       5.45.109.212

;; Query time: 302 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1) (UDP)
;; WHEN: Mon Jun 16 19:32:41 EDT 2025
;; MSG SIZE  rcvd: 64

dig dnssec.works @127.0.0.1 -p 5335

; <<>> DiG 9.18.36 <<>> dnssec.works @127.0.0.1 -p 5335
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59504
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;dnssec.works.                  IN      A

;; ANSWER SECTION:
dnssec.works.           3583    IN      A       46.23.92.212

;; Query time: 0 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1) (UDP)
;; WHEN: Mon Jun 16 19:32:58 EDT 2025
;; MSG SIZE  rcvd: 57

Again any help is appreciated and thank you for helping me learn

Ladrien · June 17, 2025, 11:03pm

Because you are using Unbound, you'll need to tell pi-hole to forward local device queries to your DHCP server for DNS to work properly. It should be under the conditional forwarding section in pi-hole.

Are you trying to get DNSSEC working?

system · July 8, 2025, 11:04pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.