Skip to content

Commit 78b3d4b

Browse files
rrobgillyubiuser
rrobgill
and
yubiuser
authored
Update unbound guide (#1318)
Signed-off-by: Rob Gill <[email protected]> Co-authored-by: yubiuser <[email protected]>
1 parent 3d9bfe9 commit 78b3d4b

File tree

1 file changed

+32
-3
lines changed

1 file changed

+32
-3
lines changed

docs/guides/dns/unbound.md

Lines changed: 32 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -76,9 +76,9 @@ Highlights:
7676
- Verify DNSSEC signatures, discarding BOGUS domains
7777
- Apply a few security and privacy tricks
7878

79-
`/etc/unbound/unbound.conf.d/pi-hole.conf`:
79+
(Note that for some Red Hat based distros including CentOS up to v10, the path for the `pi-hole.conf` file may be `/etc/unbound/conf.d/pi-hole.conf`)
8080

81-
```yaml
81+
```yaml title="/etc/unbound/unbound.conf.d/pi-hole.conf"
8282
server:
8383
# If no logfile is specified, syslog is used
8484
# logfile: "/var/log/unbound/unbound.log"
@@ -269,6 +269,27 @@ Lastly, restart unbound:
269269
sudo service unbound restart
270270
```
271271

272+
### Verifying that Pi-hole is querying unbound as its upstream
273+
274+
Query a dns using `dig`:
275+
276+
```bash
277+
dig en.wikipedia.org @127.0.0.1
278+
```
279+
280+
Then view Pi-hole's log file, follow a query seeing it sent to and receiving a reply from 127.0.0.1#5335 such as below:
281+
282+
```bash
283+
sudo tail /var/log/pihole/pihole.log
284+
285+
Nov 24 11:57:47 dnsmasq[973]: query[A] en.wikipedia.org from 127.0.0.1
286+
Nov 24 11:57:47 dnsmasq[973]: forwarded en.wikipedia.org to 127.0.0.1#5335
287+
Nov 24 11:57:47 dnsmasq[973]: reply en.wikipedia.org is <CNAME>
288+
Nov 24 11:57:47 dnsmasq[973]: reply dyna.wikimedia.org is 103.102.166.224
289+
```
290+
291+
If you see the reply to queries from 127.0.0.1#5335, then Pi-hole is using unbound as its upstream.
292+
272293
### Common Issues & Troubleshooting
273294

274295
#### Fix `so-rcvbuf` warning in unbound
@@ -299,14 +320,22 @@ To fix it:
299320
sudo sysctl -w net.core.rmem_max=1048576
300321
```
301322
302-
3. Make it permanent. Edit `/etc/sysctl.conf` and add or edit the line:
323+
3. Make it permanent. Edit `/etc/sysctl.d/99-unbound.conf` (or on old systems eg Debian ≤ 12 edit `/etc/sysctl.conf`) and add or edit the line:
303324
304325
```bash
305326
net.core.rmem_max=1048576
306327
```
307328
308329
4. Save and apply:
309330
331+
On up to date systems (eg Debian 13)
332+
333+
```bash
334+
sudo systemctl restart systemd-sysctl
335+
```
336+
337+
Older systems (eg Debian ≤ 12)
338+
310339
```bash
311340
sudo sysctl -p
312341
```

0 commit comments

Comments
 (0)