Please follow the below template, it will help us to help you!
Expected Behaviour:
See ip addresses showing what sites they are connecting to.
Actual Behaviour:
See ip addresses connecting to what sites they visit but also seeing my pihole IP address looking up these addresses.
I use unbound with pihole and I noticed every so often the dns request will come from my pihole internal ip address, I can see them easily because I have use caps on inside of unbound and the request come through with the random caps.
I have my openwrt router set with list dhcp_option '6,piholeip' and I can see the dns ip on my devices so shouldn't they also show from their own ip addresses as requests on my pihole?
I'll post more of this later this afternoon when I have a chance. My guess is something in there is not correct. To prefix I use a VM for unbound/pihole.
server:
verbosity: 1
interface: 0.0.0.0
port: 5353
do-ip4: yes
do-udp: yes
do-tcp: yes
# May be set to yes if you have IPv6 connectivity
do-ip6: yes
prefer-ip6: yes
# Use this only when you downloaded the list of primary root servers!
# Location of root.hints
root-hints: "/var/lib/unbound/root.hints"
# Trust glue only if it is within the servers authority
harden-glue: yes
# Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
# If you want to disable DNSSEC, set harden-dnssec stripped: no
harden-dnssec-stripped: yes
# Use Capitalization randomization
# This is an experimental resilience method which uses upper and lower case letters in the question hostname to obtain randomness.
# Two names with the same spelling but different case should be treated as identical.
# Attackers hoping to poison a DNS cache must guess the mixed-case encoding of the query.
# This increases the difficulty of such an attack significantly
use-caps-for-id: yes
# Reduce EDNS reassembly buffer size.
# Suggested by the unbound man page to reduce fragmentation reassembly problems
edns-buffer-size: 1472
# TTL bounds for cache (Domains will be cached for minimum of 3600 seconds)
cache-min-ttl: 3600
cache-max-ttl: 86400
# Perform prefetching of close to expired message cache entries
# This only applies to domains that have been frequently queried
# This flag updates the cached domains
prefetch: yes
prefetch-key: yes
# One thread should be sufficient, can be increased on beefy machines
num-threads: 2
# the number of slabs to use for cache and must be a power of 2 times the
# number of num-threads set above. more slabs reduce lock contention, but
# fragment memory usage.
msg-cache-slabs: 1
rrset-cache-slabs: 1
infra-cache-slabs: 1
key-cache-slabs: 1
outgoing-range: 950
num-queries-per-thread: 450
unwanted-reply-threshold: 10000
val-clean-additional: yes
# more cache memory. rrset-cache-size should twice what msg-cache-size is.
msg-cache-size: 50m
rrset-cache-size: 100m
# Faster UDP with multithreading (only on Linux).
so-reuseport: yes
# Ensure kernel buffer is large enough to not loose messages in traffix spikes
so-rcvbuf: 4m
# Enable to not answer id.server and hostname.bind queries.
hide-identity: yes
# Enable to not answer version.server and version.bind queries.
hide-version: yes
# Ensure privacy of local IP ranges
private-address: 10.0.0.0/8
private-domain: "home"
access-control: 10.0.0.0/8 allow
access-control: 127.0.0.0/8 allow
I use a combination of that guide and calomel.org guide. Since I am using a debian VM my setup would be slightly different.
My device is a quad core but only use two cores and since I am not using libevent this create two instances, per unbound documentation you should run your config as if it were a single core.
Personally no I have not. With the error you were seeing from my log of using use-caps-for-id: yes works just fine on my system. But I have always used this even when I was using pihole on an actual pi.