Unbound configuration

titithebad · May 17, 2025, 5:29pm

Hello,
According to the tuto @ unbound - Pi-hole documentation,

I tried
sudo sed -Ei 's/^unbound_conf=/#unbound_conf=/' /etc/resolvconf.conf

I have a rpi on bookworm and the file resolvconf.conf does not exist. But the file resol.conf exists.

What do I have to do ?

Regards

deHakkelaar · May 17, 2025, 6:56pm

Continue the guide anyway.

FYI, previous Rasbian/Pi-OS releases used to have below package installed:

$ hostnamectl
[..]
  Operating System: Raspbian GNU/Linux 11 (bullseye)

$ dpkg -S /etc/resolvconf.conf
openresolv: /etc/resolvconf.conf

$ apt policy openresolv
openresolv:
  Installed: 3.12.0-1

$ apt show openresolv
[..]
Description: management framework for resolv.conf
 Allows multiple daemons to manage resolv.conf and configures
 local resolvers such as dnsmasq and unbound.
 .
 This package may require some manual configuration.
 Please read resolvconf(8) and resolvconf.conf(5) for detailed instructions.

But apparently the latest Pi-OS Bookworm doesnt and the task previously performed by openresolv has been taken over by network-manager:

$ apt show network-manager
[..]
Description: network management framework (daemon and userspace tools)
 NetworkManager is a system network service that manages your network devices
 and connections, attempting to keep active network connectivity when
 available. It manages ethernet, Wi-Fi, mobile broadband (WWAN), and PPPoE
 devices, and provides VPN integration with a variety of different VPN
 services.

$ man NetworkManager.conf
[..]
       dns
           Set the DNS processing mode.

           If the key is unspecified, default is used, unless
           /etc/resolv.conf is a symlink to
           /run/systemd/resolve/stub-resolv.conf,
           /run/systemd/resolve/resolv.conf, /lib/systemd/resolv.conf or
           /usr/lib/systemd/resolv.conf. In that case, systemd-resolved
           is chosen automatically.

           default: NetworkManager will update /etc/resolv.conf to
           reflect the nameservers provided by currently active
           connections. The rc-manager setting (below) controls how this
           is done.
[..]
       rc-manager
           Set the resolv.conf management mode. This option is about how
           NetworkManager writes to /etc/resolv.conf, if at all.

Check out above man page for more details.

I cant confirm bc I dont have Pi-OS Bookworm installed yet on my Pi's.
But I do have a Debian Bookworm VM for tinkering thats running Network Manager + Pi-hole + Unbound and that one works just fine without any openresolv installed.

titithebad · May 17, 2025, 7:47pm

In the tuto, there are :
sudo sed -Ei 's/^unbound_conf=/#unbound_conf=/' /etc/resolvconf.conf
sudo rm /etc/unbound/unbound.conf.d/resolvconf_resolvers.conf

I do not have to replace by anything ?

After restarting and asking the status of the service, I have that :
● unbound.service - Unbound DNS server
Loaded: loaded (/lib/systemd/system/unbound.service; enabled; preset: enabled)
Active: active (running) since Sat 2025-05-17 21:45:56 CEST; 5s ago
Docs: man:unbound(8)
Process: 13333 ExecStartPre=/usr/libexec/unbound-helper chroot_setup (code=exited, status=0/SUCCESS)
Process: 13335 ExecStartPre=/usr/libexec/unbound-helper root_trust_anchor_update (code=exited, status=0/SUCCESS)
Main PID: 13338 (unbound)
Tasks: 1 (limit: 760)
CPU: 219ms
CGroup: /system.slice/unbound.service
└─13338 /usr/sbin/unbound -d -p

mai 17 21:45:56 pi-hole2 systemd[1]: Starting unbound.service - Unbound DNS server...
mai 17 21:45:56 pi-hole2 unbound[13338]: [13338:0] warning: subnetcache: prefetch is set but not working for data originating from the subnet module cache.
mai 17 21:45:56 pi-hole2 unbound[13338]: [13338:0] info: start of service (unbound 1.17.1).
mai 17 21:45:56 pi-hole2 systemd[1]: Started unbound.service - Unbound DNS server.

What about the warning ?

Regards

deHakkelaar · May 17, 2025, 11:28pm

Nope.
FYI, above file is generated by below systemd unit:

$ dpkg -L unbound
[..]
/lib/systemd/system/unbound-resolvconf.service

And serves below purpose wich is not desired in our use case so we disable it in the guide:

$ systemctl cat unbound-resolvconf.service
# /lib/systemd/system/unbound-resolvconf.service
# This is a helper unit to register local unbound resolver daemon in
# resolv.conf.  This is done asyncronously in order not to slow down
# the main unbound service startup, since this will trigger resolvconf
# reload of other services which might be a lengthly procedure.
# See #826241 for the origins of this service.
#
# Can this whole thing be done using ExecStartPost= in unbound.service?
[..]
ExecStart=/usr/libexec/unbound-helper resolvconf_start

But still have to cleanup that generated file afterwards.

I believe its nothing to worry about:

titithebad · May 18, 2025, 11:55am

Finally I reset my rpi and flash Bullseye OS.

I have trouble shooting on my network with the DNS server and onbound. I have to find why.

Thanks

Regards

system · June 8, 2025, 11:56am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.