Hi, I'm a newbie to pi-hole, and I'm trying to make my local recursive DNS server via Unbound. I follow the official documentation on this (unbound - Pi-hole documentation ). Supposedly, at the step where I test if the server is operational (command: dig pi-hole.net @ 127.0.0.1 -p 5335), it should return a status report of "NOERROR" with an IP address, right?
Also, in testing the DNSSEC validation (the two commands at the official documentation), the first command should give the status report of "SERVFAIL" and no IP address, and the second should give "NOERROR" with an IP address.
However, these are the results that I get:
At testing the DNSSEC validation, I get:
I am now stuck at this part. I don't know why it keeps returning the "SERVFAIL" report. I appreciate your help on this one. Thank you very much for your time.
My debug token is OSuIBRCc for any helpers who can't access the link. Thank you.
As you are running Bullseye, you may be affected by WARNING: Raspbian October 2021 release bullseye + unbound .
Run from your Pi-hole host machine, what's the output of:
sudo grep -v '#\|^$' -R /etc/unbound/unbound.conf*
pi@raspberrypi:~ $ sudo grep -v '#\|^$' -R /etc/unbound/unbound.conf*
/etc/unbound/unbound.conf:include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf:forward-zone:
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf: name: "."
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf: forward-addr: 2001:4450:f0:2::c53
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf: forward-addr: 2001:4450:f0:e::c53
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:server:
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf: auto-trust-anchor-file: "/var/lib/unbound/root.key"
/etc/unbound/unbound.conf.d/pi-hole.conf:server:
/etc/unbound/unbound.conf.d/pi-hole.conf: verbosity: 0
/etc/unbound/unbound.conf.d/pi-hole.conf: interface: 127.0.0.1
/etc/unbound/unbound.conf.d/pi-hole.conf: port: 5335
/etc/unbound/unbound.conf.d/pi-hole.conf: do-ip4: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-udp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-tcp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf: prefer-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-glue: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-dnssec-stripped: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: use-caps-for-id: no
/etc/unbound/unbound.conf.d/pi-hole.conf: edns-buffer-size: 1232
/etc/unbound/unbound.conf.d/pi-hole.conf: prefetch: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: num-threads: 1
/etc/unbound/unbound.conf.d/pi-hole.conf: so-rcvbuf: 1m
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 192.168.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 169.254.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 172.16.0.0/12
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 10.0.0.0/8
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: fd00::/8
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: fe80::/10
Seems like you are indeed affected by WARNING: Raspbian October 2021 release bullseye + unbound .
To fix this, try
Edit file /etc/resolvconf.conf and comment out the last line which should read:
unbound_conf=/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf
Delete the unwanted unbound configuration file:
sudo rm /etc/unbound/unbound.conf.d/resolvconf_resolvers.conf
Restart unbound:
sudo service unbound restart
It worked. Thank you so much. Will study the link you have provided. Have a nice day.
That's a very extensive discussion on analysing the issue and developing several solution approaches. You can skip reading all that if you wouldn't be too interested in all that background and if above steps have worked for you.
1 Like
system
March 28, 2022, 12:33pm
8
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.
