Pi-hole logs all replies from unbound as "N/A" but dig test works
lokety opened this issue · 2 comments
lokety commented
I have pi-hole 5.11.4 and unbound-docker-rpi latest both running in docker containers on a RPI 4B host.
When I look at the pi-hole query log against the unbound DNS as 127.0.0.1:5335, the replies are all "N/A". If I configure this as my only DNS, all my clients will time out.
When I do a dig from localhost or from another client (another RPI 4B), I get valid responses like:
dig adobe.com @127.0.0.1 -p 5335
; <<>> DiG 9.16.27-Debian <<>> adobe.com @127.0.0.1 -p 5335
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37295
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;adobe.com. IN A
;; ANSWER SECTION:
adobe.com. 86 IN A 123.253.148.51
adobe.com. 86 IN A 123.253.148.59
;; Query time: 3 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1)
;; WHEN: Mon Aug 29 01:06:00 NZST 2022
;; MSG SIZE rcvd: 70
I followed the instructions to set up the unbound container with only this customization for forward-records.conf:
cat forward-records.conf
forward-zone:
# Forward all queries (except those in cache and local zone) to
# upstream recursive servers
name: "."
# Queries to this forward zone use TLS
forward-tls-upstream: yes
# https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Test+Servers
## Cloudflare
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
## Quad9
forward-addr: 9.9.9.9@853#dns.quad9.net
forward-addr: 149.112.112.112@853#dns.quad9.net
forward-addr: 2620:fe::fe@853#dns.quad9.net
forward-addr: 2620:fe::9@853#dns.quad9.net
Any help? Thanks.
MatthewVance commented
My best guess without diving into it and knowing all the details is that it is a container networking issue. Why are you checking against 127.0.0.1? If Unbound is a different container than Pi-hole, it’ll need to use the addressable address of the Unbound instance.
… On Aug 28, 2022, at 8:24 AM, lokety ***@***.***> wrote:
When I look at the pi-hole query log against the unbound DNS as 127.0.0.1:5335, the replies are all "N/A". If I configure this as my only DNS, all my clients will time out.
When I do a dig from localhost (RPI 4B) or from another client (another RPI 4B), I get valid responses like:
dig adobe.com @127.0.0.1 -p 5335
; <<>> DiG 9.16.27-Debian <<>> adobe.com @127.0.0.1 -p 5335
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37295
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;adobe.com. IN A
;; ANSWER SECTION:
adobe.com. 86 IN A 123.253.148.51
adobe.com. 86 IN A 123.253.148.59
;; Query time: 3 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1)
;; WHEN: Mon Aug 29 01:06:00 NZST 2022
;; MSG SIZE rcvd: 70
I followed the instructions to set up the unbound container with only this customization for forward-records.conf:
cat forward-records.conf
forward-zone:
# Forward all queries (except those in cache and local zone) to
# upstream recursive servers
name: "."
# Queries to this forward zone use TLS
forward-tls-upstream: yes
# https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Test+Servers
## Cloudflare
forward-addr: ***@***.***#cloudflare-dns.com
forward-addr: ***@***.***#cloudflare-dns.com
forward-addr: ***@***.***#cloudflare-dns.com
forward-addr: ***@***.***#cloudflare-dns.com
## Quad9
forward-addr: ***@***.***#dns.quad9.net
forward-addr: ***@***.***#dns.quad9.net
forward-addr: ***@***.***#dns.quad9.net
forward-addr: ***@***.***#dns.quad9.net
Any help? Thanks.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.
MatthewVance commented
Closing due to no response. Please re-open if needed.