Describe the bug
Getting some SERVFAILS from unbound, tried to alter the config, but didn't get successful, im out of ideas.
The time is correct on host and container.
Please complete the following information:
- Device: Raspberry Pi 4
- OS: Raspbian
- Architecture: arm64
- Version:
Additional context
`; <<>> DiG 9.16.48-Raspbian <<>> duckduckgo.com @172.20.0.7 -p 5335
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 20927
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;duckduckgo.com. IN A
;; Query time: 4 msec
;; SERVER: 172.20.0.7#5335(172.20.0.7)
;; WHEN: Thu Apr 11 16:36:26 CEST 2024
;; MSG SIZE rcvd: 43`
docker-compose.yml
`networks:
dns-bridge:
driver: bridge
enable_ipv6: true
ipam:
config:
- subnet: 172.20.0.0/16
gateway: 172.20.0.1
- subnet: fdc4:056e:8a54::/48
gateway: fdc4:056e:8a54::1
services:
pihole:
container_name: pi-hole
hostname: pi-hole
domainname: fritz.box
image: pihole/pihole:latest
networks:
dns-bridge:
ipv4_address: 172.20.0.6
ipv6_address: fdc4:056e:8a54::6
dns:
- 172.20.0.7
- fdc4:056e:8a54::7
ports:
- "53:53/tcp"
- "53:53/udp"
- "80:80/tcp"
cap_add:
- NET_ADMIN
- NET_BIND_SERVICE
environment:
- TZ=Europe/Berlin
- WEBPASSWORD=*****************
- PIHOLE_DNS_=172.20.0.7#5335;fdc4:056e:8a54::7#5335
- CUSTOM_CACHE_SIZE=0
- REV_SERVER=true
- REV_SERVER_DOMAIN=fritz.box
- REV_SERVER_TARGET=10.0.0.1
- REV_SERVER_CIDR=10.0.0.0/24
- FTLCONF_LOCAL_IPV4=127.20.0.6
- FTLCONF_LOCAL_IPV6=fdc4:056e:8a54::6
- WEBTHEME=default-dark
- CORS_HOSTS=pihole.home.systemfehler.eu,pihole.tail.systemfehler.eu
- DNS_BOGUS_PRIV=true
- DNS_FQDN_REQUIRED=true
volumes:
- /etc/resolv.conf:/etc/resolv.conf:ro
- /etc/localtime:/etc/localtime:ro
- /home/moarsmokes/pihole/etc-pihole/:/etc/pihole/:rw
- /home/moarsmokes/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/:rw
depends_on:
- unbound
restart: unless-stopped
unbound:
container_name: unbound
hostname: unbound
domainname: fritz.box
image: madnuttah/unbound:latest
networks:
dns-bridge:
ipv4_address: 172.20.0.7
ipv6_address: fdc4:056e:8a54::7
environment:
- TZ=Europe/Berlin
- UNBOUND_UID=1000 #Example only, check your docker user info
- UNBOUND_GID=1000
volumes:
- /etc/localtime:/etc/localtime:ro
- /home/moarsmokes/unbound/unbound.conf:/usr/local/unbound/unbound.conf:rw
- /home/moarsmokes/unbound/conf.d/:/usr/local/unbound/conf.d/:rw
- /home/moarsmokes/unbound/log.d/unbound.log:/usr/local/unbound/log.d/unbound.log:rw
- /home/moarsmokes/unbound/zones.d/:/usr/local/unbound/zones.d/:rw
- /home/moarsmokes/unbound/iana.d/:/usr/local/unbound/iana.d/:rw
ports:
- "5335:5335/tcp"
- "5335:5335/udp"
healthcheck:
disable: true
restart: unless-stopped`
unbound.confs
`server:
#interface: 127.0.0.1@5335
#interface: ::1@5335
interface: 0.0.0.0@5335
interface: ::0@5335
#outgoing-interface: 0.0.0.0
so-reuseport: yes
do-ip4: yes
do-ip6: yes
do-tcp: yes
do-udp: yes
udp-connect: yes
prefer-ip4: yes
prefer-ip6: no
server:
do-not-query-localhost: no
unblock-lan-zones: no
insecure-lan-zones: yes
private-domain: "fritz.box."
private-domain: "0.0.10.in-addr.arpa."
domain-insecure: "fritz.box."
domain-insecure: "0.0.10.in-addr.arpa."
private-address: 10.0.0.0/8
private-address: 172.16.0.0/12
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
private-address: fd00::/8
private-address: fe80::/10
private-address: ::ffff:0:0/96
hide-identity: yes
identity: "server"
hide-version: yes
version: ""
aggressive-nsec: yes
qname-minimisation: yes
qname-minimisation-strict: no
disable-dnssec-lame-check: no
hide-trustanchor: yes
harden-algo-downgrade: no
harden-below-nxdomain: yes
harden-dnssec-stripped: yes
harden-glue: yes
harden-large-queries: no
harden-referral-path: no
harden-short-bufsize: yes
minimal-responses: yes
deny-any: yes
use-caps-for-id: no
val-clean-additional: yes
val-max-restart: 5
root-key-sentinel: yes
zonemd-permissive-mode: no
target-fetch-policy: "0 0 0 0 0"
server:
num-threads: 2
num-queries-per-thread: 4096
cache-max-ttl: 86400
cache-min-ttl: 0
edns-buffer-size: 1472
rrset-roundrobin: yes
neg-cache-size: 4M
delay-close: 10000
rrset-cache-size: 256m
rrset-cache-slabs: 4
ratelimit: 1000
unwanted-reply-threshold: 10000
infra-cache-slabs: 4
infra-cache-numhosts: 100000
msg-cache-size: 256m
msg-cache-slabs: 4
key-cache-size: 4m
key-cache-slabs: 4
prefetch: yes
prefetch-key: yes
serve-expired: yes
max-udp-size: 4096
msg-buffer-size: 65552
stream-wait-size: 4m
outgoing-range: 32768
outgoing-port-permit: 32768`