When I do a dns leak test, the result shows my ISP as the DNS provider.
If, via my router, I force the raspi to use the router's DNS then, I can see it is ubuntu querying for ubuntu addresses, ntp, etc.
My question is, how do I change these DNS settings? For example, so instead of using my ISP's DNS ips, it uses DNS server set by me, like 1.1.1.1, unbound itself(?) , etc
Is this done at the ubuntu server level or unbound level?
Does this matter?
I had expect those network settings to had changed to those of unbound or something but somehow it got my ISP...
This is expected. Unbound is running locally, at your home IP. This typically maps to your ISP IP.
Note that there is no concept of a DNS leak unless you are routing all your traffic through a VPN service. If a DNS leak were seen in that case, it would indicate that your DNS traffic is outside the VPN tunnel (i.e. a DNS leak).
You can do a few things to verify your DNS traffic is going through unbound:
Verify your upstream DNS server settings in Pi-hole.
Verify that traffic from all your network clients is going through Pi-hole (i.e. don't have a "secondary" DNS server set in your router or DHCP server).
Run this command from the Pi terminal and verify that there is not a forwarding configuration set up in unbound which would route traffic to an upstream DNS server and prevent unbound from running in recursive mode:
So this is the expected behavior. It makes sense since everything is taking place locally.
Pi-Hole DNS setting is set to 127.0.0.1#5335
I do see all my devices DNS traffic coming through the pihole.
At the router level I've set pihole's static IP as the DHCP given DNS IP for both 1st and 2nd DNS.
Running the command shows the unbound config values.
There are no sign of any forwarding IP rules. The only settings regarding IPs are interface which is set to 127.0.0.1 on port 5335 and the private IP ranges.
I guess everything is as it should be. DNS is resolutions are working, adlists, etc are working.
I don't know, in my limited understanding of DNS and networking, when the DNS test pings I had expect for the test to yield nothing or the like but I guess nothing here is but the ISP's IP which is in itself the router IP which handles DNS resolutions on the WAN...
The Pi-hole Unbound guide lists the recursive lookup process step by step (where it starts "After you set up your Pi-hole as described in this guide ..."), but this graphic on The TCP/IP Guide is a really good good visual.
Your home network is everything in the grey box on the left side. You also have Pi-hole in there in the Resolver part. Unbound is the Local Name Server part at the top, still in the grey box on your home network.
Follow the blue and green arrows and the numbered parts, starting with "1. Resolution Request" to see how the lookup is processed.
Each one of those blue arrows leaving your home network is Unbound checking the next part of the domain name, building it up recursively, step by step. From the point of the DNS servers out there in the world that receive those requests, over on the right hand side, that traffic is coming from your ISP-assigned IP address.
That's why the Leak Test site lists your ISP – not because you are using your ISP's DNS, but because it recognises the ISP that owns your home IP address where the DNS traffic is coming from.
As jfb says it's not testing for leaks in this use case. If you see other companies listed, eg Google, it's an indication that there are other DNS servers involved at your end that you might not be aware of, and you can hunt them down.
