The alterations that have been made to the guide are a bit wrong or explained slightly wrong in my opinion.
Recent Debian-based OS releases auto-install a package called openresolv ...
1)) Above bit in the guide is wrong as openresolv was already installed before the Bullseye release:
pi@ph5a:~ $ lsb_release -d
Description: Raspbian GNU/Linux 10 (buster)
pi@ph5a:~ $ apt policy openresolv
openresolv:
Installed: 3.8.0-1
But it didnt affect your setup bc the path for the unbound configuration file was different and thus not affecting unbound:
pi@ph5a:~ $ cat /etc/resolvconf.conf
[..]
unbound_conf=/var/cache/unbound/resolvconf_resolvers.conf
pi@ph5a:~ $ cat /var/cache/unbound/resolvconf_resolvers.conf
# Generated by resolvconf
forward-zone:
name: "home.dehakkelaar.nl"
forward-addr: 10.0.0.1
forward-zone:
name: "."
forward-addr: 10.0.0.1
forward-addr: 2a02:a459:XXXX
pi@ph5a:~ $ sudo unbound-control lookup .
The following name servers are used for lookup of .
;rrset 9639 13 1 8 0
. 9639 IN NS a.root-servers.net.
. 9639 IN NS b.root-servers.net.
. 9639 IN NS c.root-servers.net.
. 9639 IN NS d.root-servers.net.
. 9639 IN NS e.root-servers.net.
. 9639 IN NS f.root-servers.net.
. 9639 IN NS g.root-servers.net.
. 9639 IN NS h.root-servers.net.
. 9639 IN NS i.root-servers.net.
. 9639 IN NS j.root-servers.net.
. 9639 IN NS k.root-servers.net.
. 9639 IN NS l.root-servers.net.
. 9639 IN NS m.root-servers.net.
[..]
Compared to the path on Bullseye:
pi@ph5b:~ $ lsb_release -d
Description: Raspbian GNU/Linux 11 (bullseye)
pi@ph5b:~ $ cat /etc/resolvconf.conf
[..]
#unbound_conf=/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf
So the only thing that has changed from Buster to Bullseye is the path for the unbound configuration file thats being created by openresolv.
Openresolv's service/config instructs resolvconf to write unbound's own DNS service at nameserver 127.0.0.1 , but without the 5335 port, into the file /etc/resolv.conf.
openresolv has a systemd service called unbound-resolvconf.service.
2)) Its not above openresolv package thats changing the nameserver in the resolv.conf file on its own.
Its the unbound-resolvconf.service systemd unit that comes with the unbound package which instructs resolvconf to alter the resolv.conf file with that nameserver 127.0.0.1 line:
pi@ph5b:~ $ dpkg -S unbound-resolvconf.service
unbound: /lib/systemd/system/unbound-resolvconf.service
If you are sure you don't need the features of openresolv, then removal of the package is the simplest option.
3)) I disagree with above where removing openresolv
is the first option.
How can someone be sure they dont need resolvconf?
Most likely if you install a VPN client on the Pi-hole host, it will reinstall the openresolv or resolvconf package to alter local DNS servers to those supplied by the VPN server.
I can imagine other software wanting to do something similar using resolvconf.
4)) For if someone is going to alter the guide, below command in the guide:
sudo systemctl status unbound-resolvconf.service
can be replaced with
systemctl is-active unbound-resolvconf.service
And below two:
sudo systemctl disable unbound-resolvconf.service
sudo systemctl stop unbound-resolvconf.service
can be compounded to:
sudo systemctl disable --now unbound-resolvconf.service