Is unbound set to use DNSSEC? Most default installations and guides enable it and if time is borked then the unbound will not work right. If we can isolate the problem between Pi-hole, unbound and upstreams then we have a better chance of solving this issue.
You can scan for NTP servers on your network like below (my network is 10.0.0.0/24):
pi@ph5b:~ $ sudo nmap -sU -p123 --open 10.0.0.0/24
Starting Nmap 7.80 ( https://nmap.org ) at 2022-02-24 01:07 CET
Nmap scan report for 10.0.0.3
Host is up (0.00089s latency).
PORT STATE SERVICE
123/udp open ntp
MAC Address: 00:11:32:XX:XX:XX (Synology Incorporated)
Nmap scan report for 10.0.0.9
Host is up (0.00095s latency).
PORT STATE SERVICE
123/udp open ntp
MAC Address: B8:27:EB:XX:XX:XX (Raspberry Pi Foundation)
Nmap done: 256 IP addresses (8 hosts up) scanned in 8.87 seconds
10.0.0.3 is my NAS and 10.0.0.9 is my Kodi media center.
If you install ntpdate:
sudo apt install ntpdate
You can check any NTP server(s):
pi@ph5b:~ $ ntpdate -q 10.0.0.3
server 10.0.0.3, stratum 2, offset +0.005757, delay 0.02654
24 Feb 01:16:38 ntpdate[13742]: adjust time server 10.0.0.3 offset +0.005757 sec
pi@ph5b:~ $ ntpdate -q 0.europe.pool.ntp.org
server 193.4.58.44, stratum 2, offset +0.002880, delay 0.08061
server 212.227.8.137, stratum 3, offset +0.005689, delay 0.05190
server 217.182.77.103, stratum 2, offset +0.005357, delay 0.05791
server 130.208.87.152, stratum 3, offset +0.003265, delay 0.08269
24 Feb 01:16:07 ntpdate[13740]: adjust time server 217.182.77.103 offset +0.005357 sec
So it seems that unbound uses DNSSEC and that has been causing issues. I disabled unbound and my time has been working fine.
Using ntpdate I've added ntp server adresses to my chrony.conf file, now my chrony works even with unbound enabled.
timedatectl
Local time: Thu 2022-02-24 22:16:15 CET
Universal time: Thu 2022-02-24 21:16:15 UTC
RTC time: n/a
Time zone: Europe/Amsterdam (CET, +0100)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
Another problem I've been having: even with unbound disabled my internet traffic isn't going through Pi-hole. Except from the RPi itself (I only have ~500 logged querries).
Even when I select the Pi as a custion IPv4 DNS server in Windows 10 no traffic is going through the Pi-hole.
It is.
He just saying that if he manually configs (aka, in Windows as a 'Custom Setup') Windows to point to the pi-hole, after trying to use DHCP to assign it, it is still not using it.
Some of my devices are manually configured with static addresses and DNS assigned and some use DHCP and both ways work fine.
Then it is okay to use the 64bit version on your Pi zero 2 w; I use Raspberry Pi OS (64-bit) Not full, not lite; I just find it easier to use a monitor than SSH in. The 64bit versions are at the bottom of 'Raspberry Pi OS (other)
And this time, either stick with WiFi or start out wired. WiFi works fine and you do not need to unplug it from the router every time you finish.
It is just that I see a some things lost in translation e.g. below there is a misunderstanding by deHakkelaar about configuring a windows device to use Pi-hole DNS lookup and configuring another device too to use, I presume a Windows device, for DNS lookup.
Sorry, I did mean all those are set up when Raspian was installed.
And by settle in I mean when I set up Bullseye it just would not come off GMT for minutes; even though every time I looked, under settings it was all correct. It took so long I even tried a reboot but about 7 minutes later it, finally, displayed local time in the taskbar.
And I should have supplied you also with the IPv6 version for that command:
netsh interface ipv6 show dnsservers
And above one is also not Pi-holed.
The nslookup should have returned either the IP for your Asus router (in the "Server Address" field) or the IP for the Pi-hole host for proper blocking.
Also the "Name Address" reply would then be the IP for the Pi-hole host like below example:
Asus routers are a bit tricky to configure as can be seen from below thread:
I also run an Asus router and decided to disable IPv6 support for the LAN side (dont need it anyway and complicates allot),
and disabled the DHCPv4 service on the Asus so that Pi-hole can take over:
I cannot disable DHCPv4 nor IPv6 using the web-gui.
SSH is available on this router so I can try using that but haven't been able to find a solid guide on how to disable those settings. Do you have any experience with this?
Another option might be to install an older firmware version to change the settings and upgrade. But I don't know if the settings would stay after upgrading.
That limits your options considerably.
Basically with the current setup, your only able to make use of Pi-hole if you configured DSN manually on each and every device which is not desired.
Only options I can think of besides downgrading is flashing the Asus with a custom made firmware like for example Asuswrt-Merlin or OpenWRT.
Quick search for supported devices and the RT-AC1200 model is not on the list for Asuswrt-Merlin.
OpenWRT does seem to support your RT-AC1200 model (not sure though, ask support forum!!!) :
But this is not without risks bc if something goes wrong while flashing, it could potentially brick your router permanently!!!
The other option is getting another router.
Ow ps. I've read a posting somewhere before explaining steps to change DNS via SSH but cant find it anymore.
Closest I could find was below and am not sure it will work for your Asus: