What should be the content of /etc/resolv.conf when using unbound?

NorbertKl · September 27, 2023, 11:44am

I use pi-hole with unbound as my dns server , referenced and used from my router (Fritzbox).
pi-hole is installed as a lxc container under proxmox. The whole environment is debian bullseye.

The whole system works but feels sluiggish.

DNS Benchmark shows pi-hole as te fastest nameserver but with a very a large Standard deviation for uncached entries:

   10. 10.  1. 20 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  + Cached Name   | 0,002 | 0,003 | 0,006 | 0,001 | 100,0 |
  + Uncached Name | 0,013 | 0,599 | 3,774 | 0,925 | 100,0 |
  + DotCom Lookup | 0,012 | 0,016 | 0,025 | 0,003 | 100,0 |
  ---<O-OO---->---+-------+-------+-------+-------+-------+
                         pi.hole
                Local Network Nameserver

Looking around I found that /etc/resolv.conf references the fritzbox which is certainly wrong.

Reading https://docs.pi-hole.net/guides/dns/unbound/ i checked

root@pi-hole:/etc# systemctl is-active unbound-resolvconf.service
inactive

and

root@pi-hole:/etc# resolvectl
Global
         Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: foreign
Current DNS Server: 10.10.1.1
       DNS Servers: 10.10.1.1
        DNS Domain: fritz.box

Link 2 (eth0)
Current Scopes: LLMNR/IPv4 LLMNR/IPv6
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

How should /etc/resolv.conf be filled when I use unbound ?

Thanks a lot

Norbert

Bucking_Horn · September 27, 2023, 12:15pm

The choice is yours.

The DNS resolution of Pi-hole's host OS is separate and independent from the DNS resolution provided by Pi-hole (regardless of its configured upstreams).
The usual precautions apply, i.e. make sure you do not configure a DNS loop.

You could even opt to have your host's DNS requests filtered by Pi-hole as well, though we'd commonly recommend to use at least one other (public) resolver, so you'd still be able top run OS and Pi-hole updates as well as Pihole repairs in case your Pi-hole would be inoperational.

If 10.10.1.1 is your router's IP, and that router is running a DNS resolver, that would be a perfectly valid choice.

system · October 18, 2023, 12:16pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.