The issue here is my iPhone, which has the Pihole DNS set, isn't blocking ads (on yahoo.com or cnn.com, as examples). These same ads from these same sites are being blocked on other devices, such as my laptop.
This is what made me think there was an issue somewhere with the Pihole or even Unbound that was causing this one device to behave differently than the others.
Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:
pihole -d
or do it through the Web interface:
Tools > Generate Debug Log
Also, what is the IP of the iPhone?
These settings will make it difficult to troubleshoot your problem.
*** [ DIAGNOSING ]: Setup variables
...
QUERY_LOGGING=false
INSTALL_WEB_SERVER=false
INSTALL_WEB_INTERFACE=true
LIGHTTPD_ENABLED=false
No dnsmasq log and no query log to review to see the queries from that client.
Where do I turn those on? I didn't turn them off, if they were on by default.
On the web admin GUI:
Select "enable query logging." The screen capture shows "disable" because I have it enabled. Yours will be the opposite.
That will take care of the query logging.
For the lighttpd enable, run pihole -r and select the reconfigure option. In the menus, select enable the web server.
Ah, this options says it resets Pihole? Will this be rebuilding it from it scratch?
If you prefer, edit file /etc/pihole/setupVars.conf
and set
INSTALL_WEB_INTERFACE=true
LIGHTTPD_ENABLED=true
Then restart FTL with sudo service pihole-FTL restart
So this is already set to true.
INSTALL_WEB_SERVER is set to false.
Set this to TRUE.
Okay, set both to TRUE, restarted with sudo service pihole-FTL restart, and ran pihole -d.
Now if you look in the dnsmasq log at var/log/pihole/pihole.log you will see the queries from all clients. You can look for the IP of the iPhone and see if the queries from that device are reaching Pi-hole, and if so, how they are being processed by Pi-hole.
What would cause a site to reply with SERVFAIL when using the Pihole for DNS but when using Cloudflare or Google or any other upstream provider for DNS, it resolves just fine?
SERVFAIL indicates that the upstream DNS resolver was unable to complete the transaction.
What is the output of the following command from the Pi terminal?
sudo grep -v '#\|^$' -R /etc/unbound/unbound.conf*
/etc/unbound/unbound.conf:include: "/etc/unbound/unbound.conf.d/*.conf"
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:server:
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf: auto-trust-anchor-file: "/var/lib/unbound/root.key"
/etc/unbound/unbound.conf.d/qname-minimisation.conf:server:
/etc/unbound/unbound.conf.d/qname-minimisation.conf: qname-minimisation: yes
/etc/unbound/unbound.conf.d/use-own-identity.conf:server:
/etc/unbound/unbound.conf.d/use-own-identity.conf: hide-identity: no
/etc/unbound/unbound.conf.d/use-own-identity.conf: identity: ""
/etc/unbound/unbound.conf.d/use-own-identity.conf: hide-version: no
/etc/unbound/unbound.conf.d/use-own-identity.conf: version: ""
/etc/unbound/unbound.conf.d/use-own-identity.conf: hide-trustanchor: no
/etc/unbound/unbound.conf.d/use-expired-records.conf:server:
/etc/unbound/unbound.conf.d/use-expired-records.conf:
/etc/unbound/unbound.conf.d/use-expired-records.conf:
/etc/unbound/unbound.conf.d/use-expired-records.conf: serve-expired: yes
/etc/unbound/unbound.conf.d/use-expired-records.conf: serve-expired-ttl: 0
/etc/unbound/unbound.conf.d/use-expired-records.conf: serve-expired-ttl-reset: yes
/etc/unbound/unbound.conf.d/use-multithreaded-udp.conf:server:
/etc/unbound/unbound.conf.d/use-multithreaded-udp.conf: so-reuseport: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:server:
/etc/unbound/unbound.conf.d/pi-hole.conf: verbosity: 1
/etc/unbound/unbound.conf.d/pi-hole.conf: interface: 127.0.0.1
/etc/unbound/unbound.conf.d/pi-hole.conf: port: 5335
/etc/unbound/unbound.conf.d/pi-hole.conf: do-ip4: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-udp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-tcp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf: prefer-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf: root-hints: "/var/lib/unbound/root.hints"
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-glue: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-dnssec-stripped: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: use-caps-for-id: no
/etc/unbound/unbound.conf.d/pi-hole.conf: edns-buffer-size: 1232
/etc/unbound/unbound.conf.d/pi-hole.conf: prefetch: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: num-threads: 1
/etc/unbound/unbound.conf.d/pi-hole.conf: so-rcvbuf: 1m
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 192.168.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 169.254.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 172.16.0.0/12
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 10.0.0.0/8
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: fd00::/8
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: fe80::/10
/etc/unbound/unbound.conf.d/remote-control.conf:remote-control:
/etc/unbound/unbound.conf.d/remote-control.conf: control-enable: yes
/etc/unbound/unbound.conf.d/use-large-buffers.conf:server:
/etc/unbound/unbound.conf.d/use-large-buffers.conf: so-rcvbuf: 8m
/etc/unbound/unbound.conf.d/use-large-buffers.conf: so-sndbuf: 8m
/etc/unbound/unbound.conf.d/use-safe-edns-buffer.conf:server:
/etc/unbound/unbound.conf.d/use-safe-edns-buffer.conf: edns-buffer-size: 1472
/etc/unbound/unbound.conf.d/use-optimized-threads.conf:server:
/etc/unbound/unbound.conf.d/use-optimized-threads.conf: num-threads: 4
/etc/unbound/unbound.conf.d/use-prefetch.conf:server:
/etc/unbound/unbound.conf.d/use-prefetch.conf: prefetch: yes
/etc/unbound/unbound.conf.d/use-prefetch.conf: prefetch-key: yes
/etc/unbound/unbound.conf.d/use-optimized-caches.conf:server:
/etc/unbound/unbound.conf.d/use-optimized-caches.conf: msg-cache-slabs: 4
/etc/unbound/unbound.conf.d/use-optimized-caches.conf: rrset-cache-slabs: 4
/etc/unbound/unbound.conf.d/use-optimized-caches.conf: infra-cache-slabs: 4
/etc/unbound/unbound.conf.d/use-optimized-caches.conf: key-cache-slabs: 4
/etc/unbound/unbound.conf.d/use-optimized-caches.conf: rrset-cache-size: 128m
/etc/unbound/unbound.conf.d/use-optimized-caches.conf: msg-cache-size: 64m
/etc/unbound/unbound.conf.d/use-optimized-caches.conf: key-cache-size: 64m
/etc/unbound/unbound.conf.d/use-optimized-caches.conf: neg-cache-size: 64m
/etc/unbound/unbound.conf.d/use-unbound-control.conf:remote-control:
/etc/unbound/unbound.conf.d/use-unbound-control.conf: control-enable: yes
/etc/unbound/unbound.conf.d/use-unbound-control.conf: server-key-file: /etc/unbound/unbound_server.key
/etc/unbound/unbound.conf.d/use-unbound-control.conf: server-cert-file: /etc/unbound/unbound_server.pem
/etc/unbound/unbound.conf.d/use-unbound-control.conf: control-key-file: /etc/unbound/unbound_control.key
/etc/unbound/unbound.conf.d/use-unbound-control.conf: control-cert-file: /etc/unbound/unbound_control.pem
/etc/unbound/unbound.conf.d/use-extended-statistics.conf:server:
/etc/unbound/unbound.conf.d/use-extended-statistics.conf: verbosity: 1
/etc/unbound/unbound.conf.d/use-extended-statistics.conf: statistics-interval: 600
/etc/unbound/unbound.conf.d/use-extended-statistics.conf: extended-statistics: yes
/etc/unbound/unbound.conf.d/use-extended-statistics.conf: statistics-cumulative: yes
You can up verbosity like described below:
Ow and I still see duplicates:
I don't know where these are coming from 
I didn't make these files, such as use-extended-statistics.conf or add anything into them.
I dont know either.
You can check whats in the Unbound package with below:
dpkg -L unbound
And search wih below if that use-extended-statistics.conf file comes with some other package:
dpkg -S use-extended-statistics.conf