UNBOUND - noob needing help - cant get unbound to work with pihole

Help
1

hi folks

i need help with unbound, I'm getting SERVERFAIL with all the requests that go through it, I'm did what all the posts that I found says but first I don't understand a bunch about network (Some might say I don't understand anything) second the error that appears in most cases seems different from mine.

ill leave some of the common things that people ask for in the post hoping it might help

  • sudo grep -v '#|^$' -R /etc/unbound/unbound.conf*
/etc/unbound/unbound.conf:include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"
/etc/unbound/unbound.conf.d/remote-control.conf:remote-control:
/etc/unbound/unbound.conf.d/remote-control.conf:  control-enable: yes
/etc/unbound/unbound.conf.d/remote-control.conf:  control-interface: /run/unbound.ctl
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:server:
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:    auto-trust-anchor-file: "/var/lib/unbound/root.key"
/etc/unbound/unbound.conf.d/pi-hole.conf:server:
/etc/unbound/unbound.conf.d/pi-hole.conf:    verbosity: 0
/etc/unbound/unbound.conf.d/pi-hole.conf:    interface: 127.0.0.1
/etc/unbound/unbound.conf.d/pi-hole.conf:    port: 5335
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-ip4: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-udp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-tcp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-ip6: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    prefer-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf:    harden-glue: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    harden-dnssec-stripped: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    use-caps-for-id: no
/etc/unbound/unbound.conf.d/pi-hole.conf:    edns-buffer-size: 1232
/etc/unbound/unbound.conf.d/pi-hole.conf:    prefetch: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    num-threads: 1
/etc/unbound/unbound.conf.d/pi-hole.conf:    so-rcvbuf: 1m
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 192.168.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 169.254.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 172.16.0.0/12
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 10.0.0.0/8
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: fd00::/8
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: fe80::/10
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 192.0.2.0/24
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 198.51.100.0/24
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 203.0.113.0/24
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 255.255.255.255/32
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 2001:db8::/32
  • journalctl -u unbound
Jul 03 13:12:49 orangepizero2 systemd[1]: Starting unbound.service - Unbound DNS server...
Jul 03 13:12:50 orangepizero2 unbound-helper[10586]: Updating /var/lib/unbound/root.key from /usr/share/dns/root.key
Jul 03 13:12:50 orangepizero2 (unbound)[10592]: unbound.service: Referenced but unset environment variable evaluates to an >
Jul 03 13:12:50 orangepizero2 unbound[10592]: [1751548370] unbound[10592:0] error: can't bind socket: Address already in us>
Jul 03 13:12:50 orangepizero2 unbound[10592]: [1751548370] unbound[10592:0] fatal error: could not open ports
Jul 03 13:12:50 orangepizero2 systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE
Jul 03 13:12:50 orangepizero2 systemd[1]: unbound.service: Failed with result 'exit-code'.
Jul 03 13:12:50 orangepizero2 systemd[1]: Failed to start unbound.service - Unbound DNS server.
Jul 03 13:12:50 orangepizero2 systemd[1]: unbound.service: Scheduled restart job, restart counter is at 1.

Debug Token:

debug token pihole -d

2

Forgot to add, I followed this tutorial.

YouTube video - from Craft Computing

I got it to work (a year or so ago), but yesterday I noticed that it wasn't working properly, so I formatted the whole thing and started from scratch

3

You've cut off the right hand side of the output from journalctl.

The first probably contains the text "DAEMON_OPTS" in which case the warning is fine to ignore.

The second line ending in > would contain more information such as the port and address that it is unable to use.

You can get journalctl to not clip the right hand side of long lines with the following:
sudo journalctl --no-pager -u unbound

Please its output of the error messages.

But for now,
The most likely port would be 5335, specified in your config above, but you also have remote control enabled which defaults to port 8953.

Please also provide the output of:

sudo lsof -i:5335
and
sudo lsof -i:8953

1 Like
4
  • sudo journalctl --no-pager -u unbound
Jul 03 13:12:49 orangepizero2 systemd[1]: Starting unbound.service - Unbound DNS server...
Jul 03 13:12:50 orangepizero2 unbound-helper[10586]: Updating /var/lib/unbound/root.key from /usr/share/dns/root.key
Jul 03 13:12:50 orangepizero2 (unbound)[10592]: unbound.service: Referenced but unset environment variable evaluates to an empty string: DAEMON_OPTS
Jul 03 13:12:50 orangepizero2 unbound[10592]: [1751548370] unbound[10592:0] error: can't bind socket: Address already in use for ::1 port 53
Jul 03 13:12:50 orangepizero2 unbound[10592]: [1751548370] unbound[10592:0] fatal error: could not open ports
Jul 03 13:12:50 orangepizero2 systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE
Jul 03 13:12:50 orangepizero2 systemd[1]: unbound.service: Failed with result 'exit-code'.
Jul 03 13:12:50 orangepizero2 systemd[1]: Failed to start unbound.service - Unbound DNS server.
Jul 03 13:12:50 orangepizero2 systemd[1]: unbound.service: Scheduled restart job, restart counter is at 1.
Jul 03 13:12:50 orangepizero2 systemd[1]: Starting unbound.service - Unbound DNS server...
Jul 03 13:12:50 orangepizero2 (unbound)[10605]: unbound.service: Referenced but unset environment variable evaluates to an empty string: DAEMON_OPTS
Jul 03 13:12:50 orangepizero2 unbound[10605]: [1751548370] unbound[10605:0] error: can't bind socket: Address already in use for ::1 port 53
Jul 03 13:12:50 orangepizero2 unbound[10605]: [1751548370] unbound[10605:0] fatal error: could not open ports
Jul 03 13:12:50 orangepizero2 systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE
Jul 03 13:12:50 orangepizero2 systemd[1]: unbound.service: Failed with result 'exit-code'.
Jul 03 13:12:50 orangepizero2 systemd[1]: Failed to start unbound.service - Unbound DNS server.
Jul 03 13:12:50 orangepizero2 systemd[1]: unbound.service: Scheduled restart job, restart counter is at 2.
Jul 03 13:12:51 orangepizero2 systemd[1]: Starting unbound.service - Unbound DNS server...
Jul 03 13:12:51 orangepizero2 (unbound)[10620]: unbound.service: Referenced but unset environment variable evaluates to an empty string: DAEMON_OPTS
Jul 03 13:12:51 orangepizero2 unbound[10620]: [1751548371] unbound[10620:0] error: can't bind socket: Address already in use for ::1 port 53
Jul 03 13:12:51 orangepizero2 unbound[10620]: [1751548371] unbound[10620:0] fatal error: could not open ports
Jul 03 13:12:51 orangepizero2 systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE
Jul 03 13:12:52 orangepizero2 systemd[1]: unbound.service: Failed with result 'exit-code'.
Jul 03 13:12:52 orangepizero2 systemd[1]: Failed to start unbound.service - Unbound DNS server.
Jul 03 13:12:52 orangepizero2 systemd[1]: unbound.service: Scheduled restart job, restart counter is at 3.
Jul 03 13:12:52 orangepizero2 systemd[1]: Starting unbound.service - Unbound DNS server...
Jul 03 13:12:52 orangepizero2 (unbound)[10680]: unbound.service: Referenced but unset environment variable evaluates to an empty string: DAEMON_OPTS
Jul 03 13:12:52 orangepizero2 unbound[10680]: [1751548372] unbound[10680:0] error: can't bind socket: Address already in use for ::1 port 53
Jul 03 13:12:52 orangepizero2 unbound[10680]: [1751548372] unbound[10680:0] fatal error: could not open ports
Jul 03 13:12:52 orangepizero2 systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE
Jul 03 13:12:52 orangepizero2 systemd[1]: unbound.service: Failed with result 'exit-code'.
Jul 03 13:12:52 orangepizero2 systemd[1]: Failed to start unbound.service - Unbound DNS server.
Jul 03 13:12:52 orangepizero2 systemd[1]: unbound.service: Scheduled restart job, restart counter is at 4.
Jul 03 13:12:52 orangepizero2 systemd[1]: Starting unbound.service - Unbound DNS server...
Jul 03 13:12:52 orangepizero2 (unbound)[10699]: unbound.service: Referenced but unset environment variable evaluates to an empty string: DAEMON_OPTS
Jul 03 13:12:52 orangepizero2 unbound[10699]: [1751548372] unbound[10699:0] error: can't bind socket: Address already in use for ::1 port 53
Jul 03 13:12:52 orangepizero2 unbound[10699]: [1751548372] unbound[10699:0] fatal error: could not open ports
Jul 03 13:12:52 orangepizero2 systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE
Jul 03 13:12:52 orangepizero2 systemd[1]: unbound.service: Failed with result 'exit-code'.
Jul 03 13:12:52 orangepizero2 systemd[1]: Failed to start unbound.service - Unbound DNS server.
Jul 03 13:12:53 orangepizero2 systemd[1]: unbound.service: Scheduled restart job, restart counter is at 5.
Jul 03 13:12:53 orangepizero2 systemd[1]: unbound.service: Start request repeated too quickly.
Jul 03 13:12:53 orangepizero2 systemd[1]: unbound.service: Failed with result 'exit-code'.
Jul 03 13:12:53 orangepizero2 systemd[1]: Failed to start unbound.service - Unbound DNS server.
Jul 03 13:14:46 orangepizero2 systemd[1]: Starting unbound.service - Unbound DNS server...
Jul 03 13:14:46 orangepizero2 (unbound)[10800]: unbound.service: Referenced but unset environment variable evaluates to an empty string: DAEMON_OPTS
Jul 03 13:14:46 orangepizero2 unbound[10800]: [10800:0] warning: subnetcache: prefetch is set but not working for data originating from the subnet module cache.
Jul 03 13:14:46 orangepizero2 unbound[10800]: [10800:0] info: start of service (unbound 1.19.2).
Jul 03 13:14:46 orangepizero2 systemd[1]: Started unbound.service - Unbound DNS server.
Jul 03 15:38:17 orangepizero2 unbound[10800]: [10800:0] info: service stopped (unbound 1.19.2).
Jul 03 15:38:17 orangepizero2 systemd[1]: Stopping unbound.service - Unbound DNS server...
Jul 03 15:38:17 orangepizero2 systemd[1]: unbound.service: Deactivated successfully.
Jul 03 15:38:17 orangepizero2 systemd[1]: Stopped unbound.service - Unbound DNS server.
Jul 03 15:38:17 orangepizero2 systemd[1]: unbound.service: Consumed 30.949s CPU time, 9.3M memory peak, 0B memory swap peak.
Jul 03 15:38:17 orangepizero2 systemd[1]: Starting unbound.service - Unbound DNS server...
Jul 03 15:38:17 orangepizero2 (unbound)[17718]: unbound.service: Referenced but unset environment variable evaluates to an empty string: DAEMON_OPTS
Jul 03 15:38:17 orangepizero2 unbound[17718]: [17718:0] warning: subnetcache: prefetch is set but not working for data originating from the subnet module cache.
Jul 03 15:38:17 orangepizero2 unbound[17718]: [17718:0] info: start of service (unbound 1.19.2).
Jul 03 15:38:17 orangepizero2 systemd[1]: Started unbound.service - Unbound DNS server.
Jul 03 15:39:48 orangepizero2 unbound[17718]: [17718:0] info: service stopped (unbound 1.19.2).
Jul 03 15:39:48 orangepizero2 systemd[1]: Stopping unbound.service - Unbound DNS server...
Jul 03 15:39:48 orangepizero2 systemd[1]: unbound.service: Deactivated successfully.
Jul 03 15:39:48 orangepizero2 systemd[1]: Stopped unbound.service - Unbound DNS server.
Jul 03 15:39:48 orangepizero2 systemd[1]: Starting unbound.service - Unbound DNS server...
Jul 03 15:39:48 orangepizero2 (unbound)[17753]: unbound.service: Referenced but unset environment variable evaluates to an empty string: DAEMON_OPTS
Jul 03 15:39:48 orangepizero2 unbound[17753]: [17753:0] warning: subnetcache: prefetch is set but not working for data originating from the subnet module cache.
Jul 03 15:39:48 orangepizero2 unbound[17753]: [17753:0] info: start of service (unbound 1.19.2).
Jul 03 15:39:48 orangepizero2 systemd[1]: Started unbound.service - Unbound DNS server.
Jul 03 15:41:19 orangepizero2 unbound[17753]: [17753:0] info: service stopped (unbound 1.19.2).
Jul 03 15:41:19 orangepizero2 systemd[1]: Stopping unbound.service - Unbound DNS server...
Jul 03 15:41:19 orangepizero2 systemd[1]: unbound.service: Deactivated successfully.
Jul 03 15:41:19 orangepizero2 systemd[1]: Stopped unbound.service - Unbound DNS server.
Jul 03 15:41:19 orangepizero2 systemd[1]: Starting unbound.service - Unbound DNS server...
Jul 03 15:41:19 orangepizero2 (unbound)[17782]: unbound.service: Referenced but unset environment variable evaluates to an empty string: DAEMON_OPTS
Jul 03 15:41:19 orangepizero2 unbound[17782]: [1751557279] unbound[17782:0] debug: chdir to /etc/unbound
Jul 03 15:41:19 orangepizero2 unbound[17782]: [1751557279] unbound[17782:0] debug: drop user privileges, run as unbound
Jul 03 15:41:19 orangepizero2 unbound[17782]: [1751557279] unbound[17782:0] debug: switching log to /var/log/unbound/unbound.log
Jul 03 15:41:19 orangepizero2 systemd[1]: Started unbound.service - Unbound DNS server.
Jul 03 15:45:06 orangepizero2 systemd[1]: Stopping unbound.service - Unbound DNS server...
Jul 03 15:45:06 orangepizero2 systemd[1]: unbound.service: Deactivated successfully.
Jul 03 15:45:06 orangepizero2 systemd[1]: Stopped unbound.service - Unbound DNS server.
Jul 03 15:45:06 orangepizero2 systemd[1]: Starting unbound.service - Unbound DNS server...
Jul 03 15:45:06 orangepizero2 (unbound)[17903]: unbound.service: Referenced but unset environment variable evaluates to an empty string: DAEMON_OPTS
Jul 03 15:45:06 orangepizero2 unbound[17903]: [1751557506] unbound[17903:0] debug: chdir to /etc/unbound
Jul 03 15:45:06 orangepizero2 unbound[17903]: [1751557506] unbound[17903:0] debug: drop user privileges, run as unbound
Jul 03 15:45:06 orangepizero2 unbound[17903]: [1751557506] unbound[17903:0] debug: switching log to /var/log/unbound/unbound.log
Jul 03 15:45:06 orangepizero2 systemd[1]: Started unbound.service - Unbound DNS server.
  • sudo lsof -i:5335
COMMAND   PID    USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
unbound 17903 unbound    3u  IPv4 252551      0t0  UDP localhost:5335
unbound 17903 unbound    4u  IPv4 252552      0t0  TCP localhost:5335 (LISTEN)
  • sudo lsof -i:8953

Nothing came up from it.
image

Really appretiate that you took the time to help me

5

Ok, that's weird.

Your most recent log, and the lsof output shows unbound as working from Jul 03 15:38:17 onwards.

It is active and lisenting on port 5335.

Can you please try the following from the system you are running Pi-hole on:

dig www.google.com @127.0.0.1 -p 5335

6 
; <<>> DiG 9.18.30-0ubuntu0.24.04.2-Ubuntu <<>> www.google.com @127.0.0.1 -p 5335
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 58720
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.google.com.                        IN      A

;; Query time: 195 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1) (UDP)
;; WHEN: Fri Jul 04 13:19:11 UTC 2025
;; MSG SIZE  rcvd: 43
7

Up verbosity:

2 Likes
8

my Verbosity was alredy on 3.

im not using my pihole atm cuz unbound isn't working so the logs are small
sudo journalctl --unit unbound.service --lines 50

Jul 04 19:00:12 orangepizero2 systemd[1]: Starting unbound.service - Unbound DNS server...
Jul 04 19:00:13 orangepizero2 (unbound)[941]: unbound.service: Referenced but unset environment variable evaluates to a>
Jul 04 19:00:13 orangepizero2 unbound[941]: [1751655613] unbound[941:0] debug: chdir to /etc/unbound
Jul 04 19:00:13 orangepizero2 unbound[941]: [1751655613] unbound[941:0] debug: drop user privileges, run as unbound
Jul 04 19:00:13 orangepizero2 unbound[941]: [1751655613] unbound[941:0] debug: switching log to /var/log/unbound/unboun>
Jul 04 19:00:14 orangepizero2 systemd[1]: Started unbound.service - Unbound DNS server.
Jul 04 19:26:41 orangepizero2 systemd[1]: Stopping unbound.service - Unbound DNS server...
Jul 04 19:26:41 orangepizero2 systemd[1]: unbound.service: Deactivated successfully.
Jul 04 19:26:41 orangepizero2 systemd[1]: Stopped unbound.service - Unbound DNS server.
Jul 04 19:26:41 orangepizero2 systemd[1]: Starting unbound.service - Unbound DNS server...
Jul 04 19:26:41 orangepizero2 (unbound)[1603]: unbound.service: Referenced but unset environment variable evaluates to >
Jul 04 19:26:41 orangepizero2 unbound[1603]: [1751657201] unbound[1603:0] debug: chdir to /etc/unbound
Jul 04 19:26:41 orangepizero2 unbound[1603]: [1751657201] unbound[1603:0] debug: drop user privileges, run as unbound
Jul 04 19:26:41 orangepizero2 unbound[1603]: [1751657201] unbound[1603:0] debug: switching log to /var/log/unbound/unbo>
Jul 04 19:26:41 orangepizero2 systemd[1]: Started unbound.service - Unbound DNS server.

SERVERFAIL is happening all the time

dig pi-hole.net @127.0.0.1 -p 5335


; <<>> DiG 9.18.30-0ubuntu0.24.04.2-Ubuntu <<>> pi-hole.net @127.0.0.1 -p 5335
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 2354
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;pi-hole.net.                   IN      A

;; Query time: 15 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1) (UDP)
;; WHEN: Fri Jul 04 19:27:22 UTC 2025
;; MSG SIZE  rcvd: 40
9

It wasnt before:

You forgot to post the log lines that appear when run above query (after a fresh restart)!
Thats when the recursive action starts.

EDIT:

And please use the --follow instead of above one?

You can even print the date when digging to correlate:

date; dig pi-hole.net @127.0.0.1 -p 5335

Dont mind above, the date/time is already shown in the dig stats:

10

image
image719×103 3.3 KB

huston we have a problem...

sorry for the newbie comment, but if I run the above code nothing happens on the terminal.
i took the liberty to change from --line 0 to --line 50

sudo journalctl --full --no-hostname --follow --lines 50 --unit unbound.service

Jul 04 20:53:18 systemd[1]: Stopping unbound.service - Unbound DNS server...
Jul 04 20:53:18 systemd[1]: unbound.service: Deactivated successfully.
Jul 04 20:53:18 systemd[1]: Stopped unbound.service - Unbound DNS server.
Jul 04 20:53:18 systemd[1]: Starting unbound.service - Unbound DNS server...
Jul 04 20:53:18 (unbound)[2405]: unbound.service: Referenced but unset environment variable evaluates to an empty string: DAEMON_OPTS
Jul 04 20:53:18 unbound[2405]: [1751662398] unbound[2405:0] debug: chdir to /etc/unbound
Jul 04 20:53:18 unbound[2405]: [1751662398] unbound[2405:0] debug: drop user privileges, run as unbound
Jul 04 20:53:18 unbound[2405]: [1751662398] unbound[2405:0] debug: switching log to /var/log/unbound/unbound.log
Jul 04 20:53:18 systemd[1]: Started unbound.service - Unbound DNS server.
11

Its difficult to assist you if you keep moving the target.
Why did you configure the additional logfile directive while it wasnt active previously?

12

Here we go.

IDK what happened, but here is the thing...

I ran the command on the other post
sudo sed -i 's/verbosity: 0/verbosity: 3/' /etc/unbound/unbound.conf.d/pi-hole.conf
And somehow, even when the config file was set to verbosity 3, unbound wasn't set to verbosity 3.

So when I ran the above command, apparently I got it working?!

dig pi-hole.net @127.0.0.1 -p 5335

; <<>> DiG 9.18.30-0ubuntu0.24.04.2-Ubuntu <<>> pi-hole.net @127.0.0.1 -p 5335
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19161
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;pi-hole.net.                   IN      A

;; ANSWER SECTION:
pi-hole.net.            279     IN      A       3.18.136.52

;; Query time: 0 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1) (UDP)
;; WHEN: Fri Jul 04 20:54:26 UTC 2025
;; MSG SIZE  rcvd: 56

this is now my new file

 sudo grep -v '#|^$' -R /etc/unbound/unbound.conf*

/etc/unbound/unbound.conf:# Unbound configuration file for Debian.
/etc/unbound/unbound.conf:#
/etc/unbound/unbound.conf:# See the unbound.conf(5) man page.
/etc/unbound/unbound.conf:#
/etc/unbound/unbound.conf:# See /usr/share/doc/unbound/examples/unbound.conf for a commented
/etc/unbound/unbound.conf:# reference config file.
/etc/unbound/unbound.conf:#
/etc/unbound/unbound.conf:# The following line includes additional configuration files from the
/etc/unbound/unbound.conf:# /etc/unbound/unbound.conf.d directory.
/etc/unbound/unbound.conf:include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"
/etc/unbound/unbound.conf.d/remote-control.conf:remote-control:
/etc/unbound/unbound.conf.d/remote-control.conf:  control-enable: yes
/etc/unbound/unbound.conf.d/remote-control.conf:  # by default the control interface is is 127.0.0.1 and ::1 and port 8953
/etc/unbound/unbound.conf.d/remote-control.conf:  # it is possible to use a unix socket too
/etc/unbound/unbound.conf.d/remote-control.conf:  control-interface: /run/unbound.ctl
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:server:
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:    # The following line will configure unbound to perform cryptographic
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:    # DNSSEC validation using the root trust anchor.
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:    auto-trust-anchor-file: "/var/lib/unbound/root.key"
/etc/unbound/unbound.conf.d/pi-hole.conf:server:
/etc/unbound/unbound.conf.d/pi-hole.conf:    # If no logfile is specified, syslog is used
/etc/unbound/unbound.conf.d/pi-hole.conf:     logfile: "/var/log/unbound/unbound.log"
/etc/unbound/unbound.conf.d/pi-hole.conf:    verbosity: 3
/etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf:    interface: 127.0.0.1
/etc/unbound/unbound.conf.d/pi-hole.conf:    port: 5335
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-ip4: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-udp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-tcp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf:    # May be set to no if you don't have IPv6 connectivity
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-ip6: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf:    # You want to leave this to no unless you have *native* IPv6. With 6to4 and
/etc/unbound/unbound.conf.d/pi-hole.conf:    # Terredo tunnels your web browser should favor IPv4 for the same reasons
/etc/unbound/unbound.conf.d/pi-hole.conf:    prefer-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf:    # Use this only when you downloaded the list of primary root servers!
/etc/unbound/unbound.conf.d/pi-hole.conf:    # If you use the default dns-root-data package, unbound will find it automatically
/etc/unbound/unbound.conf.d/pi-hole.conf:    #root-hints: "/var/lib/unbound/root.hints"
/etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf:    # Trust glue only if it is within the server's authority
/etc/unbound/unbound.conf.d/pi-hole.conf:    harden-glue: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf:    # Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
/etc/unbound/unbound.conf.d/pi-hole.conf:    harden-dnssec-stripped: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf:    # Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes
/etc/unbound/unbound.conf.d/pi-hole.conf:    # see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
/etc/unbound/unbound.conf.d/pi-hole.conf:    use-caps-for-id: no
/etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf:    # Reduce EDNS reassembly buffer size.
/etc/unbound/unbound.conf.d/pi-hole.conf:    # IP fragmentation is unreliable on the Internet today, and can cause
/etc/unbound/unbound.conf.d/pi-hole.conf:    # transmission failures when large DNS messages are sent via UDP. Even
/etc/unbound/unbound.conf.d/pi-hole.conf:    # when fragmentation does work, it may not be secure; it is theoretically
/etc/unbound/unbound.conf.d/pi-hole.conf:    # possible to spoof parts of a fragmented DNS message, without easy
/etc/unbound/unbound.conf.d/pi-hole.conf:    # detection at the receiving end. Recently, there was an excellent study
/etc/unbound/unbound.conf.d/pi-hole.conf:    # >>> Defragmenting DNS - Determining the optimal maximum UDP response size for DNS <<<
/etc/unbound/unbound.conf.d/pi-hole.conf:    # by Axel Koolhaas, and Tjeerd Slokker (https://indico.dns-oarc.net/event/36/contributions/776/)
/etc/unbound/unbound.conf.d/pi-hole.conf:    # in collaboration with NLnet Labs explored DNS using real world data from the
/etc/unbound/unbound.conf.d/pi-hole.conf:    # the RIPE Atlas probes and the researchers suggested different values for
/etc/unbound/unbound.conf.d/pi-hole.conf:    # IPv4 and IPv6 and in different scenarios. They advise that servers should
/etc/unbound/unbound.conf.d/pi-hole.conf:    # be configured to limit DNS messages sent over UDP to a size that will not
/etc/unbound/unbound.conf.d/pi-hole.conf:    # trigger fragmentation on typical network links. DNS servers can switch
/etc/unbound/unbound.conf.d/pi-hole.conf:    # from UDP to TCP when a DNS response is too big to fit in this limited
/etc/unbound/unbound.conf.d/pi-hole.conf:    # buffer size. This value has also been suggested in DNS Flag Day 2020.
/etc/unbound/unbound.conf.d/pi-hole.conf:    edns-buffer-size: 1232
/etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf:    # Perform prefetching of close to expired message cache entries
/etc/unbound/unbound.conf.d/pi-hole.conf:    # This only applies to domains that have been frequently queried
/etc/unbound/unbound.conf.d/pi-hole.conf:    prefetch: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf:    # One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.
/etc/unbound/unbound.conf.d/pi-hole.conf:    num-threads: 1
/etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf:    # Ensure kernel buffer is large enough to not lose messages in traffic spikes
/etc/unbound/unbound.conf.d/pi-hole.conf:    so-rcvbuf: 1m
/etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf:    # Ensure privacy of local IP ranges
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 192.168.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 169.254.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 172.16.0.0/12
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 10.0.0.0/8
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: fd00::/8
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: fe80::/10
/etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf:    # Ensure no reverse queries to non-public IP ranges (RFC6303 4.2)
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 192.0.2.0/24
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 198.51.100.0/24
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 203.0.113.0/24
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 255.255.255.255/32
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 2001:db8::/32
13

Its still active:

14

ok, idk when i did that...

let me try to go back and see what I've done

15

Restore like it was below and up verbosity.
Thats a proper config if your ISP supports IPv6 upstream.

/etc/unbound/unbound.conf:include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"
/etc/unbound/unbound.conf.d/remote-control.conf:remote-control:
/etc/unbound/unbound.conf.d/remote-control.conf:  control-enable: yes
/etc/unbound/unbound.conf.d/remote-control.conf:  control-interface: /run/unbound.ctl
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:server:
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:    auto-trust-anchor-file: "/var/lib/unbound/root.key"
/etc/unbound/unbound.conf.d/pi-hole.conf:server:
/etc/unbound/unbound.conf.d/pi-hole.conf:    verbosity: 0
/etc/unbound/unbound.conf.d/pi-hole.conf:    interface: 127.0.0.1
/etc/unbound/unbound.conf.d/pi-hole.conf:    port: 5335
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-ip4: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-udp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-tcp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-ip6: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    prefer-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf:    harden-glue: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    harden-dnssec-stripped: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    use-caps-for-id: no
/etc/unbound/unbound.conf.d/pi-hole.conf:    edns-buffer-size: 1232
/etc/unbound/unbound.conf.d/pi-hole.conf:    prefetch: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    num-threads: 1
/etc/unbound/unbound.conf.d/pi-hole.conf:    so-rcvbuf: 1m
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 192.168.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 169.254.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 172.16.0.0/12
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 10.0.0.0/8
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: fd00::/8
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: fe80::/10
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 192.0.2.0/24
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 198.51.100.0/24
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 203.0.113.0/24
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 255.255.255.255/32
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 2001:db8::/32

You can grab it from the official guide:

16

When I was searching for a solution, someone told me that I needed to remove the comment on that line of the code...

I commented that line again and left the verbosity on 3.

17

Well if you dont tell us of any changes, its hard to shoot a moving target.

1 Like
18

Yeah... I guess I was too tired when doing that.

Sorry folks :heart: love that you guys took time to help a Newbie that doesn't know s**t

1 Like
19

No worry, we kick you into shape :wink:

1 Like
20

Proper one is:

sudo rgrep -v '^ *\(#\|$\)' /etc/unbound/unbound.conf*

It filters out any lines that start with a hash sign # or any empty lines going/greping through the files recursively.

1 Like