here are the outputs of the three commands:
pi@raspberrypi:~ $ dig pi-hole.net -p 5353
; <<>> DiG 9.10.3-P4-Raspbian <<>> pi-hole.net -p 5353
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34519
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 13
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;pi-hole.net. IN A
;; ANSWER SECTION:
pi-hole.net. 86400 IN A 206.189.252.21
;; AUTHORITY SECTION:
pi-hole.net. 86400 IN NS ns5.pi-hole.net.
pi-hole.net. 86400 IN NS ns4.pi-hole.net.
pi-hole.net. 86400 IN NS ns2.pi-hole.net.
pi-hole.net. 86400 IN NS ns1.pi-hole.net.
pi-hole.net. 86400 IN NS ns6.pi-hole.net.
pi-hole.net. 86400 IN NS ns3.pi-hole.net.
;; ADDITIONAL SECTION:
ns1.pi-hole.net. 45598 IN AAAA 2600:1800:10::1
ns2.pi-hole.net. 45598 IN AAAA 2600:1801:11::1
ns3.pi-hole.net. 45598 IN AAAA 2600:1802:12::1
ns4.pi-hole.net. 45598 IN AAAA 2600:1801:13::1
ns5.pi-hole.net. 45598 IN AAAA 2600:1802:14::1
ns6.pi-hole.net. 45598 IN AAAA 2600:1800:15::1
ns1.pi-hole.net. 45598 IN A 208.94.148.4
ns2.pi-hole.net. 45598 IN A 208.80.124.4
ns3.pi-hole.net. 45598 IN A 208.80.126.4
ns4.pi-hole.net. 45598 IN A 208.80.125.4
ns5.pi-hole.net. 45598 IN A 208.80.127.4
ns6.pi-hole.net. 45598 IN A 208.94.149.4
;; Query time: 9 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Tue Jul 31 09:07:33 UTC 2018
;; MSG SIZE rcvd: 428
pi@raspberrypi:~ $ dig pi-hole.com -p 5353
; <<>> DiG 9.10.3-P4-Raspbian <<>> pi-hole.com -p 5353
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56278
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;pi-hole.com. IN A
;; ANSWER SECTION:
pi-hole.com. 3600 IN A 159.203.180.3
;; AUTHORITY SECTION:
pi-hole.com. 86400 IN NS ns6.pi-hole.net.
pi-hole.com. 86400 IN NS ns2.pi-hole.net.
pi-hole.com. 86400 IN NS ns1.pi-hole.net.
pi-hole.com. 86400 IN NS ns5.pi-hole.net.
pi-hole.com. 86400 IN NS ns4.pi-hole.net.
pi-hole.com. 86400 IN NS ns3.pi-hole.net.
;; Query time: 83 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Tue Jul 31 09:07:51 UTC 2018
;; MSG SIZE rcvd: 175
pi@raspberrypi:~ $ dig github.com -p 5353
; <<>> DiG 9.10.3-P4-Raspbian <<>> github.com -p 5353
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17502
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 8, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;github.com. IN A
;; AUTHORITY SECTION:
github.com. 3600 IN NS ns-1283.awsdns-32.org.
github.com. 3600 IN NS ns-1707.awsdns-21.co.uk.
github.com. 3600 IN NS ns-421.awsdns-52.com.
github.com. 3600 IN NS ns-520.awsdns-01.net.
github.com. 3600 IN NS ns1.p16.dynect.net.
github.com. 3600 IN NS ns2.p16.dynect.net.
github.com. 3600 IN NS ns3.p16.dynect.net.
github.com. 3600 IN NS ns4.p16.dynect.net.
;; Query time: 17 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Tue Jul 31 09:07:56 UTC 2018
;; MSG SIZE rcvd: 259
Here is the output of the file:
pi@raspberrypi:~ $ cat /etc/unbound/unbound.conf.d/pi-hole.conf
server:
verbosity: 1
port: 5353
do-ip4: yes
do-udp: yes
do-tcp: yes
# May be set to yes if you have IPv6 connectivity
do-ip6: yes
# Use this only when you downloaded the list of primary root servers!
root-hints: "/var/lib/unbound/root.hints"
# Trust glue only if it is within the servers authority
harden-glue: yes
# Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
harden-dnssec-stripped: yes
# Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes
# see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
use-caps-for-id: no
# Reduce EDNS reassembly buffer size.
# Suggested by the unbound man page to reduce fragmentation reassembly problems
edns-buffer-size: 1472
# TTL bounds for cache
cache-min-ttl: 3600
cache-max-ttl: 86400
# Perform prefetching of close to expired message cache entries
# This only applies to domains that have been frequently queried
prefetch: yes
# One thread should be sufficient, can be increased on beefy machines
num-threads: 3
# Ensure kernel buffer is large enough to not loose messages in traffic spikes
so-rcvbuf: 1m
# Ensure privacy of local IP ranges
private-address: 10.8.0.0/8
private-address: 192.168.1.0/8
private-address: 10.9.0.0/8