I have installed pihole on an Alpine Linux LXC Container using this script:
For the most part everything went smoothly and I noticed it configured unbound as the upstream server. After reading about it, I think I understand why it is preferred over a public upstream server.
Expected Behaviour:
Domains resolve reliable as when using a public DNS.
-OS: Alpine Linux 3.19 LXC container running on Proxmox
-AMD64-based PC
-unbound 1.19.3
Pi Hole versions:
-
- Pi-hole 77523d6
Actual Behaviour:
Some domains, sometimes do not resolve.
For example: discuss.linuxcontainers.org resolved on March 22 and March 24th, but not on March 23rd.
Debug Token: 3EUzeCTY
https://tricorder.pi-hole.net/3EUzeCTY/
My troubleshooting from yesterday:
using dig:
# dig discuss.linuxcontainers.org @127.0.0.1 -p5335
;; communications error to 127.0.0.1#5335: timed out
;; communications error to 127.0.0.1#5335: timed out
dig with trace
# dig discuss.linuxcontainers.org @127.0.0.1 -p 5335 +trace
; <<>> DiG 9.18.24 <<>> discuss.linuxcontainers.org @127.0.0.1 -p 5335 +trace
;; global options: +cmd
. 85797 IN NS a.root-servers.net.
. 85797 IN NS d.root-servers.net.
. 85797 IN NS h.root-servers.net.
. 85797 IN NS f.root-servers.net.
. 85797 IN NS e.root-servers.net.
. 85797 IN NS j.root-servers.net.
. 85797 IN NS l.root-servers.net.
. 85797 IN NS i.root-servers.net.
. 85797 IN NS g.root-servers.net.
. 85797 IN NS b.root-servers.net.
. 85797 IN NS m.root-servers.net.
. 85797 IN NS c.root-servers.net.
. 85797 IN NS k.root-servers.net.
. 85797 IN RRSIG NS 8 0 518400 20240406050000 20240324040000 30903 . PXAHAtT68xN58D0gPzHiNY3YNnsOpb0tdxI/vwa+/kRlPtxLJoCyMLRO LrVP7Vcb7k6xYPTNKyJHkWDXRJ+pVB/ZUZ7rNg2Nvd5gH8Jtk1MJKRwa rs5lPOtwl560LbitE1HHuQLOJ5d2qbQy+hogq25+ADYhkvyLulCkpegg 54VpVrxPE6a3T0bmyI0pXEdKGqH1PvUnj007KRGK/y8I0EG00Rge5c9q XSybnk1lFqtZ9/md9DpgKMcbkdKOKiflQMuWGCuCqmb0MtdUOon40Bkw Ozigge1QNTxrLU9EAhAnE8TwGubWjPL6+6m1vys0OZ7hS7tlUcn6Cng7 rEQlWQ==
;; Received 1097 bytes from 127.0.0.1#5335(127.0.0.1) in 0 ms
;; UDP setup with 2001:500:1::53#5335(2001:500:1::53) for discuss.linuxcontainers.org failed: network unreachable.
;; no servers could be reached
;; UDP setup with 2001:500:1::53#5335(2001:500:1::53) for discuss.linuxcontainers.org failed: network unreachable.
;; no servers could be reached
;; UDP setup with 2001:500:1::53#5335(2001:500:1::53) for discuss.linuxcontainers.org failed: network unreachable.
;; UDP setup with 2001:7fd::1#5335(2001:7fd::1) for discuss.linuxcontainers.org failed: network unreachable.
;; UDP setup with 2001:500:2d::d#5335(2001:500:2d::d) for discuss.linuxcontainers.org failed: network unreachable.
;; communications error to 192.112.36.4#5335: timed out
;; communications error to 193.0.14.129#5335: timed out
;; communications error to 192.5.5.241#5335: timed out
;; communications error to 202.12.27.33#5335: timed out
;; UDP setup with 2001:500:a8::e#5335(2001:500:a8::e) for discuss.linuxcontainers.org failed: network unreachable.
;; communications error to 192.58.128.30#5335: timed out
;; UDP setup with 2001:500:2f::f#5335(2001:500:2f::f) for discuss.linuxcontainers.org failed: network unreachable.
;; communications error to 192.33.4.12#5335: connection refused
;; communications error to 199.7.83.42#5335: timed out
;; communications error to 198.41.0.4#5335: timed out
;; UDP setup with 2001:500:12::d0d#5335(2001:500:12::d0d) for discuss.linuxcontainers.org failed: network unreachable.
;; communications error to 198.97.190.53#5335: host unreachable
;; UDP setup with 2001:7fe::53#5335(2001:7fe::53) for discuss.linuxcontainers.org failed: network unreachable.
;; communications error to 192.203.230.10#5335: host unreachable
;; UDP setup with 2001:dc3::35#5335(2001:dc3::35) for discuss.linuxcontainers.org failed: network unreachable.
;; UDP setup with 2001:500:9f::42#5335(2001:500:9f::42) for discuss.linuxcontainers.org failed: network unreachable.
;; UDP setup with 2001:503:ba3e::2:30#5335(2001:503:ba3e::2:30) for discuss.linuxcontainers.org failed: network unreachable.
;; UDP setup with 2001:500:2::c#5335(2001:500:2::c) for discuss.linuxcontainers.org failed: network unreachable.
;; UDP setup with 2801:1b8:10::b#5335(2801:1b8:10::b) for discuss.linuxcontainers.org failed: network unreachable.
;; communications error to 170.247.170.2#5335: timed out
;; UDP setup with 2001:503:c27::2:30#5335(2001:503:c27::2:30) for discuss.linuxcontainers.org failed: network unreachable.
;; communications error to 192.36.148.17#5335: connection refused
;; communications error to 199.7.91.13#5335: timed out
;; no servers could be reached
/etc/unbound/unbound.conf (without comments)
server:
verbosity: 0
interface: 127.0.0.1
port: 5335
do-ip4: yes
do-udp: yes
do-tcp: yes
do-ip6: no
prefer-ip6: no
root-hints: "/etc/unbound/root.hints"
harden-glue: yes
harden-dnssec-stripped: yes
use-caps-for-id: no
edns-buffer-size: 1232
prefetch: yes
num-threads: 1
so-rcvbuf: 1m
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
private-address: 172.16.0.0/12
private-address: 10.0.0.0/8
private-address: fd00::/8
private-address: fe80::/10
/etc/unbound/root.hints (without comments)
. 3600000 NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 170.247.170.2
B.ROOT-SERVERS.NET. 3600000 AAAA 2801:1b8:10::b
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
Dig today: (works)
dig discuss.linuxcontainers.org @127.0.0.1 -p 5335
; <<>> DiG 9.18.24 <<>> discuss.linuxcontainers.org @127.0.0.1 -p 5335
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53683
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;discuss.linuxcontainers.org. IN A
;; ANSWER SECTION:
discuss.linuxcontainers.org. 900 IN A 45.45.148.7
;; Query time: 115 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1) (UDP)
;; WHEN: Sun Mar 24 22:30:11 EDT 2024
;; MSG SIZE rcvd: 72
I read several other treads about issues with unbound but they usually cannot resolve any domains (obvious misconfiguration).
What could cause unbound to sometimes be unable to resolve some domains.
Can I configure unbound to resolve domains more reliably?
Can I configure a backup upstream server if it is unable to resolve a domain itself?