My pi was actining weird so today I have reset everything, fresh install from raspberry pi builder, fresh install of pihole & teleported my settings in and all is working fine....
now id never used unbound before but I like the idea of it so though after seeing how simple it looks to setup tried following this guide, not sure if its ok to post here, if not please feel free to delete https://docs.pi-hole.net/guides/dns/unbound/
fresh install latest Raspeberry Pi & Pihole - no other apps
when i run install of unbound i get the errors below.... im wondering as i found something called avahi already listening on 5353 do i even need that with pihole? (i read it comes as default with pi install?)
Linux raspberrypi 5.10.82-v7+ #1493 SMP Wed Dec 1 11:35:18 GMT 2021 armv7l
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Dec 2 12:11:59 2021 from 192.168.99.108
pi@raspberrypi:~ $ sudo apt install unbound
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Suggested packages:
apparmor
The following NEW packages will be installed:
unbound
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 744 kB of archives.
After this operation, 3,966 kB of additional disk space will be used.
Get:1 http://raspbian.mirror.uk.sargasso.net/raspbian bullseye/main armhf unbound armhf 1.13.1-1 [744 kB]
Fetched 744 kB in 6s (131 kB/s)
Selecting previously unselected package unbound.
(Reading database ... 42275 files and directories currently installed.)
Preparing to unpack .../unbound_1.13.1-1_armhf.deb ...
Unpacking unbound (1.13.1-1) ...
Setting up unbound (1.13.1-1) ...
Job for unbound.service failed because the control process exited with error code.
See "systemctl status unbound.service" and "journalctl -xe" for details.
Job for unbound.service failed because the control process exited with error code.
See "systemctl status unbound.service" and "journalctl -xe" for details.
invoke-rc.d: initscript unbound, action "restart" failed.
● unbound.service - Unbound DNS server
Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Thu 2021-12-02 12:57:34 GMT; 77ms ago
Docs: man:unbound(8)
Process: 6279 ExecStartPre=/usr/lib/unbound/package-helper chroot_setup (code=exited, status=0/SUCCESS)
Process: 6282 ExecStartPre=/usr/lib/unbound/package-helper root_trust_anchor_update (code=exited, status=0/SUCCESS)
Process: 6285 ExecStart=/usr/sbin/unbound -d -p $DAEMON_OPTS (code=exited, status=1/FAILURE)
Process: 6286 ExecStopPost=/usr/lib/unbound/package-helper chroot_teardown (code=exited, status=0/SUCCESS)
Main PID: 6285 (code=exited, status=1/FAILURE)
CPU: 205ms
Processing triggers for man-db (2.9.4-2) ...
pi@raspberrypi:~ $ netstat -a | less
pi@raspberrypi:~ $ unbound-checkconf
unbound-checkconf: no errors in /etc/unbound/unbound.conf
pi@raspberrypi:~ $ udo grep -v '#\|^$' -R /etc/unbound/unbound.conf*
-bash: udo: command not found
pi@raspberrypi:~ $ sudo grep -v '#\|^$' -R /etc/unbound/unbound.conf*
/etc/unbound/unbound.conf:include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf:forward-zone:
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf: name: "."
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf: forward-addr: 208.67.222.222
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf: forward-addr: 208.67.220.220
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:server:
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf: auto-trust-anchor-file: "/var/lib/unbound/root.key"
pi@raspberrypi:~ $ sudo netstat -nltup | grep 'Proto\|:53 \|:5053 \|:5353 \|:5335 \|:8953 \|:67 \|:80 \|:471'
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:4711 0.0.0.0:* LISTEN 570/pihole-FTL
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 528/lighttpd
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 570/pihole-FTL
tcp6 0 0 ::1:4711 :::* LISTEN 570/pihole-FTL
tcp6 0 0 :::80 :::* LISTEN 528/lighttpd
tcp6 0 0 :::53 :::* LISTEN 570/pihole-FTL
udp 0 0 0.0.0.0:53 0.0.0.0:* 570/pihole-FTL
udp 0 0 0.0.0.0:5353 0.0.0.0:* 308/avahi-daemon: r
udp6 0 0 :::53 :::* 570/pihole-FTL
udp6 0 0 :::5353 :::* 308/avahi-daemon: r
pi@raspberrypi:~ $ sudo netstat -nltup | grep 'Proto\|:53 \|:5053 \|:5353 \|:5335 \|:8953 \|:67 \|:80 \|:471'
ah great thankyou!! seems to be working but when i do a "whats my dns server test i get
US
OPENDNS - Cisco OpenDNS, LLC
208.69.34.64
US
OPENDNS - Cisco OpenDNS, LLC
208.69.34.65
im guessing something to do with Disable resolvconf for unbound (optional) section?
Linux raspberrypi 5.10.82-v7+ #1493 SMP Wed Dec 1 11:35:18 GMT 2021 armv7l
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Dec 2 13:20:59 2021 from 192.168.99.108
pi@raspberrypi:~ $ sudo systemctl disable unbound-resolvconf.service
pi@raspberrypi:~ $ sudo systemctl stop unbound-resolvconf.service
pi@raspberrypi:~ $ sudo systemctl restart dhcpcd
pi@raspberrypi:~ $ cat /etc/resolv.conf
# Generated by resolvconf
nameserver 208.67.222.222
nameserver 208.67.220.220
pi@raspberrypi:~ $
thanks i had just gone through and disabled the
I also edited the resolv.conf file putting a # before the nameservers and saving it then restarting the service (but i still get open dns when i test)
have ran your command and shows below
Using username "pi".
pi@192.168.65.252's password:
Linux raspberrypi 5.10.82-v7+ #1493 SMP Wed Dec 1 11:35:18 GMT 2021 armv7l
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Dec 2 13:30:52 2021 from 192.168.99.108
pi@raspberrypi:~ $ cat /etc/resolv.conf
# Generated by resolvconf
nameserver 208.67.222.222
nameserver 208.67.220.220
pi@raspberrypi:~ $ sudo nano /etc/resolv.conf
pi@raspberrypi:~ $ cat /etc/resolv.conf
# Generated by resolvconf
#nameserver 208.67.222.222
#nameserver 208.67.220.220
pi@raspberrypi:~ $ sudo service unbound restart
pi@raspberrypi:~ $ cat /etc/resolv.conf
# Generated by resolvconf
#nameserver 208.67.222.222
#nameserver 208.67.220.220
pi@raspberrypi:~ $ sudo grep -nv '#\|^$' -R /etc/unbound/unbound.conf*
/etc/unbound/unbound.conf:10:include-toplevel: "/etc/unbound/unbound.conf.d/*.co nf"
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf:3:forward-zone:
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf:4: name: "."
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf:5: forward-addr: 20 8.67.222.222
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf:6: forward-addr: 20 8.67.220.220
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:1:server:
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:4: auto-trust-an chor-file: "/var/lib/unbound/root.key"
/etc/unbound/unbound.conf.d/pi-hole.conf:1:server:
/etc/unbound/unbound.conf.d/pi-hole.conf:4: verbosity: 0
/etc/unbound/unbound.conf.d/pi-hole.conf:6: interface: 127.0.0.1
/etc/unbound/unbound.conf.d/pi-hole.conf:7: port: 5335
/etc/unbound/unbound.conf.d/pi-hole.conf:8: do-ip4: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:9: do-udp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:10: do-tcp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:13: do-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf:17: prefer-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf:24: harden-glue: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:27: harden-dnssec-stripped: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:31: use-caps-for-id: no
/etc/unbound/unbound.conf.d/pi-hole.conf:35: edns-buffer-size: 1472
/etc/unbound/unbound.conf.d/pi-hole.conf:39: prefetch: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:42: num-threads: 1
/etc/unbound/unbound.conf.d/pi-hole.conf:45: so-rcvbuf: 1m
/etc/unbound/unbound.conf.d/pi-hole.conf:48: private-address: 192.168.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf:49: private-address: 169.254.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf:50: private-address: 172.16.0.0/12
/etc/unbound/unbound.conf.d/pi-hole.conf:51: private-address: 10.0.0.0/8
/etc/unbound/unbound.conf.d/pi-hole.conf:52: private-address: fd00::/8
/etc/unbound/unbound.conf.d/pi-hole.conf:53: private-address: fe80::/10
pi@raspberrypi:~ $
The post I've linked above recommends to alter a file and delete another and then restart unbound - but it does not recommend to remove nameservers individually?
Please read carefully through the linked post again.