jfb
August 3, 2023, 9:24pm
12
Now if you look in the dnsmasq log at var/log/pihole/pihole.log you will see the queries from all clients. You can look for the IP of the iPhone and see if the queries from that device are reaching Pi-hole, and if so, how they are being processed by Pi-hole.
Grady
August 3, 2023, 9:49pm
13
What would cause a site to reply with SERVFAIL
when using the Pihole for DNS but when using Cloudflare or Google or any other upstream provider for DNS, it resolves just fine?
jfb
August 3, 2023, 9:55pm
15
SERVFAIL indicates that the upstream DNS resolver was unable to complete the transaction.
What is the output of the following command from the Pi terminal?
sudo grep -v '#\|^$' -R /etc/unbound/unbound.conf*
Grady
August 3, 2023, 10:00pm
16
/etc/unbound/unbound.conf:include: "/etc/unbound/unbound.conf.d/*.conf"
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:server:
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf: auto-trust-anchor-file: "/var/lib/unbound/root.key"
/etc/unbound/unbound.conf.d/qname-minimisation.conf:server:
/etc/unbound/unbound.conf.d/qname-minimisation.conf: qname-minimisation: yes
/etc/unbound/unbound.conf.d/use-own-identity.conf:server:
/etc/unbound/unbound.conf.d/use-own-identity.conf: hide-identity: no
/etc/unbound/unbound.conf.d/use-own-identity.conf: identity: ""
/etc/unbound/unbound.conf.d/use-own-identity.conf: hide-version: no
/etc/unbound/unbound.conf.d/use-own-identity.conf: version: ""
/etc/unbound/unbound.conf.d/use-own-identity.conf: hide-trustanchor: no
/etc/unbound/unbound.conf.d/use-expired-records.conf:server:
/etc/unbound/unbound.conf.d/use-expired-records.conf:
/etc/unbound/unbound.conf.d/use-expired-records.conf:
/etc/unbound/unbound.conf.d/use-expired-records.conf: serve-expired: yes
/etc/unbound/unbound.conf.d/use-expired-records.conf: serve-expired-ttl: 0
/etc/unbound/unbound.conf.d/use-expired-records.conf: serve-expired-ttl-reset: yes
/etc/unbound/unbound.conf.d/use-multithreaded-udp.conf:server:
/etc/unbound/unbound.conf.d/use-multithreaded-udp.conf: so-reuseport: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:server:
/etc/unbound/unbound.conf.d/pi-hole.conf: verbosity: 1
/etc/unbound/unbound.conf.d/pi-hole.conf: interface: 127.0.0.1
/etc/unbound/unbound.conf.d/pi-hole.conf: port: 5335
/etc/unbound/unbound.conf.d/pi-hole.conf: do-ip4: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-udp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-tcp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf: prefer-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf: root-hints: "/var/lib/unbound/root.hints"
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-glue: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-dnssec-stripped: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: use-caps-for-id: no
/etc/unbound/unbound.conf.d/pi-hole.conf: edns-buffer-size: 1232
/etc/unbound/unbound.conf.d/pi-hole.conf: prefetch: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: num-threads: 1
/etc/unbound/unbound.conf.d/pi-hole.conf: so-rcvbuf: 1m
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 192.168.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 169.254.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 172.16.0.0/12
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 10.0.0.0/8
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: fd00::/8
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: fe80::/10
/etc/unbound/unbound.conf.d/remote-control.conf:remote-control:
/etc/unbound/unbound.conf.d/remote-control.conf: control-enable: yes
/etc/unbound/unbound.conf.d/use-large-buffers.conf:server:
/etc/unbound/unbound.conf.d/use-large-buffers.conf: so-rcvbuf: 8m
/etc/unbound/unbound.conf.d/use-large-buffers.conf: so-sndbuf: 8m
/etc/unbound/unbound.conf.d/use-safe-edns-buffer.conf:server:
/etc/unbound/unbound.conf.d/use-safe-edns-buffer.conf: edns-buffer-size: 1472
/etc/unbound/unbound.conf.d/use-optimized-threads.conf:server:
/etc/unbound/unbound.conf.d/use-optimized-threads.conf: num-threads: 4
/etc/unbound/unbound.conf.d/use-prefetch.conf:server:
/etc/unbound/unbound.conf.d/use-prefetch.conf: prefetch: yes
/etc/unbound/unbound.conf.d/use-prefetch.conf: prefetch-key: yes
/etc/unbound/unbound.conf.d/use-optimized-caches.conf:server:
/etc/unbound/unbound.conf.d/use-optimized-caches.conf: msg-cache-slabs: 4
/etc/unbound/unbound.conf.d/use-optimized-caches.conf: rrset-cache-slabs: 4
/etc/unbound/unbound.conf.d/use-optimized-caches.conf: infra-cache-slabs: 4
/etc/unbound/unbound.conf.d/use-optimized-caches.conf: key-cache-slabs: 4
/etc/unbound/unbound.conf.d/use-optimized-caches.conf: rrset-cache-size: 128m
/etc/unbound/unbound.conf.d/use-optimized-caches.conf: msg-cache-size: 64m
/etc/unbound/unbound.conf.d/use-optimized-caches.conf: key-cache-size: 64m
/etc/unbound/unbound.conf.d/use-optimized-caches.conf: neg-cache-size: 64m
/etc/unbound/unbound.conf.d/use-unbound-control.conf:remote-control:
/etc/unbound/unbound.conf.d/use-unbound-control.conf: control-enable: yes
/etc/unbound/unbound.conf.d/use-unbound-control.conf: server-key-file: /etc/unbound/unbound_server.key
/etc/unbound/unbound.conf.d/use-unbound-control.conf: server-cert-file: /etc/unbound/unbound_server.pem
/etc/unbound/unbound.conf.d/use-unbound-control.conf: control-key-file: /etc/unbound/unbound_control.key
/etc/unbound/unbound.conf.d/use-unbound-control.conf: control-cert-file: /etc/unbound/unbound_control.pem
/etc/unbound/unbound.conf.d/use-extended-statistics.conf:server:
/etc/unbound/unbound.conf.d/use-extended-statistics.conf: verbosity: 1
/etc/unbound/unbound.conf.d/use-extended-statistics.conf: statistics-interval: 600
/etc/unbound/unbound.conf.d/use-extended-statistics.conf: extended-statistics: yes
/etc/unbound/unbound.conf.d/use-extended-statistics.conf: statistics-cumulative: yes
You can up verbosity like described below:
Is this all there is when things go south? (EDIT: with verbosity set to 3?)
If so, increase verbosity to get more details?
pi@ph5b:~ $ man unbound.conf
[..]
verbosity: <number>
The verbosity number, level 0 means no verbosity, only er‐
rors. Level 1 gives operational information. Level 2 gives
detailed operational information. Level 3 gives query level
information, output per query. Level 4 gives algorithm
…
Ow and I still see duplicates:
Grady
August 3, 2023, 10:06pm
19
Ow and I still see duplicates:
/etc/unbound/unbound.conf.d/use-extended-statistics.conf: verbosity: 1
I don't know where these are coming from I didn't make these files, such as use-extended-statistics.conf
or add anything into them.
I dont know either.
You can check whats in the Unbound package with below:
dpkg -L unbound
And search wih below if that use-extended-statistics.conf file comes with some other package:
dpkg -S use-extended-statistics.conf
Grady
August 3, 2023, 10:14pm
22
This is the contents of use-extended-statistics.conf
:
# DEFINE SERVER
server:
# EXTENDED STATISTICS
# Note: Set desired verbosity
# use-entended-statistics.conf is called after unbound.conf
# so we can override the verbosity set there
# Verbosity levels are
# 1 - operational information
# 2 - detailed operational information
# 3 - query level information
# 4 - algorithm level information
# 5 - client level information
verbosity: 1
# Note: Number of seconds between statistics log updates
# Rarely required often, but needing to be fresh when it
# is, I have chosen ten minutes as my 'sweet spot'
statistics-interval: 600
# Note: Enable extended statistics
extended-statistics: yes
# Note: Enable cumulative statistics
statistics-cumulative: yes
Grady
August 3, 2023, 10:18pm
23
deHakkelaar:
You can check whats in the Unbound package with below:
dpkg -L unbound
And search wih below if that use-extended-statistics.conf file comes with some other package:
dpkg -S use-extended-statistics.conf
Didn't see those files anywhere in the unbound
package and dpkg-query: no path found matching pattern *use-extended-statistics.conf*
was returned for looking in all packages.
Grady
August 3, 2023, 10:24pm
24
Should I just reinstall Pihole and Unbound from scratch?
All below files usualy dont come with a basic default unbound setup when following the official guide:
use-own-identity.conf
use-expired-records.conf
use-multithreaded-udp.conf
remote-control.conf
use-large-buffers.conf
use-optimized-threads.conf
use-prefetch.conf
use-optimized-caches.conf
use-unbound-control.conf
use-extended-statistics.conf
As long as those config files keep interfering, I wont be able to help.
Grady
August 3, 2023, 10:25pm
26
Yeah, I honestly have no idea where those came from.
Grady
August 3, 2023, 10:30pm
28
Okay, okay, okay...those results are bringing back memories from when I originally installed Pihole and Unbound 3-4 years ago. I think I followed a guide that guy made and it resulted in those config files based on "their setup".
I think I should just probably uninstall Pihole and Unbound and start over.
Just reinstall unbound only!
Purge everything with below:
sudo apt purge unbound
Make sure no config file is left behind with below:
sudo rm -r /etc/unbound
And follow the guide to the letter:
https://docs.pi-hole.net/guides/dns/unbound/
Do you have a link for that guide?
Grady
August 3, 2023, 10:48pm
31
I think it was a guide referencing this post by the same person you found: saint-lascivious comments on DoH on PiHole?
Grady
August 3, 2023, 10:50pm
32
deHakkelaar:
Just reinstall unbound only!
Purge everything with below:
sudo apt purge unbound
Make sure no config file is left behind with below:
sudo rm -r /etc/unbound
And follow the guide to the letter:
unbound - Pi-hole documentation
Okay, will do this now and report back if the same issues are being seen.