kutzilla Posted July 26, 2021 Posted July 26, 2021 (edited) Overview: Support for the Unbound Docker Container Docker: https://hub.docker.com/r/kutzilla/unbound GitHub: https://github.com/kutzilla/unbound-docker This is an unofficial Docker implementation of Unbound. It was build to run Unbound on your Unraid machine. Unbound is a validating, recursive, and caching DNS resolver. It can be used to create your own recursive DNS-Server at home. You can use Unbound for services such as Pi-Hole or you can create custom DNS Records for your local network. Here is a tutorial how to configure Pi-Hole with Unbound (Not exclusively on Unraid): Edited July 26, 2021 by kutzilla 1 Quote
HisEvilness Posted August 15, 2021 Posted August 15, 2021 Great use case for PiHole making it even better. Quote
BelgarionNL Posted August 20, 2021 Posted August 20, 2021 nice. and uhm nice name kut. I could do with a couple more steps on how to get it to work with unraid. The vid from craft computing is a bit vague. I would love to run unbound with pihole on unraid since now I have unbound with pi hole on a RPI. Quote
kutzilla Posted September 5, 2021 Author Posted September 5, 2021 @BelgarionNL Thank you for your feedback. I'm going to provide a more detailed introduction for unraid soon. Any suggestions what I should include? PS: I know what you mean about my name. Many dutch ppl think it is funny. But my last name is part of this pseudonym. Thats why I chose it Quote
ySkNight Posted September 14, 2021 Posted September 14, 2021 How to configure it so I can resolve local hostname, Example, If I would like to access one of my docker container "home-assistant-core" I would like to enter homeassistant/ on browser to direct to the dashboard instead of 192.168.x.x:8123 I've seen the a-record.conf, but it doesn't work for me. Any help would be appreciated Quote
ySkNight Posted September 23, 2021 Posted September 23, 2021 On 7/26/2021 at 8:44 AM, kutzilla said: Overview: Support for the Unbound Docker Container Docker: https://hub.docker.com/r/kutzilla/unbound GitHub: https://github.com/kutzilla/unbound-docker This is an unofficial Docker implementation of Unbound. It was build to run Unbound on your Unraid machine. Unbound is a validating, recursive, and caching DNS resolver. It can be used to create your own recursive DNS-Server at home. You can use Unbound for services such as Pi-Hole or you can create custom DNS Records for your local network. Can you provide step on how to create custom DNS Records for your local network? What' I've done is add a PTR record on the config but it doesn't resolve it # A Record #local-data: "somecomputer.local. A 192.168.1.1" # PTR Record #local-data-ptr: "192.168.1.1 somecomputer.local." #local-data-ptr: "192.168.1.190 tenseven.local." I thought you need to remove the hash symbol, but after I saved the file, unbound won't start after a restart due to the file missing/incorrect. Quote
kutzilla Posted October 7, 2021 Author Posted October 7, 2021 @ySkNight Sorry for the long silence. I was working on other projects and totally forgot about this issue. This sounds weird, because the syntax looks right. I might sound stupid, but did you keep the hash symbols on the description fields "# A Record" and "# PTR Record"? Those symbols need to stay, because those are just descriptive comments. Hopefully this helps. @BelgarionNL I didn't forget about you either. I try to provide a "Getting started"-guide soon. Cheers, kutzilla Quote
ySkNight Posted October 8, 2021 Posted October 8, 2021 @kutzilla Yes, # A Record #local-data: "somecomputer.local. A 192.168.1.1" #local-data: "unraid. A 192.168.3.190" # PTR Record #local-data-ptr: "192.168.1.1 somecomputer.local." #local-data-ptr: "192.168.3.190 unraid." This is my a-records.conf it didn't work for me. Also even if it work how do you config a services or docker that has port number? eg 192.168.1.10:8000? Quote
S1nglebarrel Posted October 15, 2021 Posted October 15, 2021 @kutzilla When building the container I see their is an option to mount the config to a share/volume. When I put in for instance host Path: /user/appdata/unbound which maps to Container Path: /opt/unbound/etc/unbound/. I see some of the files/directories. However I'm unable to edit them unless I go in to the terminal and change the permissions. Even after doing that the container will not start and throws a critical error listed below. Any thoughts on how to resolve this? I'm hoping that it should be straight forward having share access to the unbound config files to modify them. [1634322343] unbound[1:0] fatal error: Could not read config file: /opt/unbound/etc/unbound/unbound.conf. Maybe try unbound -dd, it stays on the commandline to see more errors, or unbound-checkconf 1 Quote
BelgarionNL Posted October 23, 2021 Posted October 23, 2021 (edited) I am ok. I decided to go with OPNsense vm + adguard + unbound. its running smooth now. Edited October 23, 2021 by BelgarionNL Quote
unraid-user Posted December 14, 2021 Posted December 14, 2021 Hi. I've been using piHole in unraid docker for ages and it's great. I now want to add unbound to the mix. I'm following the video linked in the documentation but it's not unraid specific. I've dropped into the unbound console and gone into /etc but there is no unbound folder in there so I'm not sure where to put the pihole config file that is detailed here https://docs.pi-hole.net/guides/dns/unbound/ It says to create the file /etc/unbound/unbound.conf.d/pi-hole.conf but it seems I have the unbound folders missing. Quote
unraid-user Posted December 18, 2021 Posted December 18, 2021 (edited) On 10/15/2021 at 7:31 PM, S1nglebarrel said: @kutzilla When building the container I see their is an option to mount the config to a share/volume. When I put in for instance host Path: /user/appdata/unbound which maps to Container Path: /opt/unbound/etc/unbound/. I see some of the files/directories. However I'm unable to edit them unless I go in to the terminal and change the permissions. Even after doing that the container will not start and throws a critical error listed below. Any thoughts on how to resolve this? I'm hoping that it should be straight forward having share access to the unbound config files to modify them. [1634322343] unbound[1:0] fatal error: Could not read config file: /opt/unbound/etc/unbound/unbound.conf. Maybe try unbound -dd, it stays on the commandline to see more errors, or unbound-checkconf I get this also as soon as I specify the appdata directory for config files. Docker won't start up. I've also noticed that only the unbound.conf file is present in the appdata unbound folder. There is also a Dev and var folder. No other config files. Log files show the below Quote /opt/unbound/etc/unbound/unbound.conf:293: error: cannot open include file '/opt/unbound/etc/unbound/a-records.conf': No such file or directory /opt/unbound/etc/unbound/unbound.conf:294: error: cannot open include file '/opt/unbound/etc/unbound/srv-records.conf': No such file or directory /opt/unbound/etc/unbound/unbound.conf:300: error: cannot open include file '/opt/unbound/etc/unbound/forward-records.conf': No such file or directory read /opt/unbound/etc/unbound/unbound.conf failed: 3 errors in configuration file [1639840290] unbound[1:0] fatal error: Could not read config file: /opt/unbound/etc/unbound/unbound.conf. Maybe try unbound -dd, it stays on the commandline to see more errors, or unbound-checkconf @kutzilla Any ideas? Edited December 18, 2021 by unraid-user 1 Quote
unraid-user Posted December 19, 2021 Posted December 19, 2021 As an aside. I also get this when I used a docker hub image so it feels like possibly user error rather than anything wrong with the image. Still, would appreciate some help! Quote
kutzilla Posted December 20, 2021 Author Posted December 20, 2021 @unraid-user I'm going to look into this. The configuration folder inside the container you are looking for is: /opt/unbound/etc/unbound 1 Quote
MephistoJB Posted December 23, 2021 Posted December 23, 2021 I got the same error. Therefore I first ran the container with a volume /opt/unbound/etc/unbound2 then I copied everything from /opt/unbound/etc/unbound to /opt/unbound/etc/unbound2 then I rebuild the container with the correct volumepath /opt/unbound/etc/unbound then you will see every file and the error is gone, though still some warnings are shown. But: I cannot reach the Container from my Adguard container. Any ideas? the Adguard runs on an own ip on unraid and unbound runs in bridged mode with port 5335 published. Quote
debizaemon Posted January 12, 2022 Posted January 12, 2022 To anyone still having issues, the way I resolved it was to download a-records.conf srv-records.conf forward-records.conf from https://github.com/MatthewVance/unbound-docker/tree/master/1.10.1 and copy them to ../appdata/unbound then restart the unbound and all should work. 2 Quote
Lanraider Posted January 27, 2022 Posted January 27, 2022 (edited) I have the issue with adguard + unbound that i cant access the unraid ui anymore i get the DNS_PROBE_POSSIBLE error, when i use the Unbound DNS IP. I set it up like this: Unbound.conf ip 127.0.0.1 port 5335 in the Docker template i put it in br0 network (shows in Adguard client list as unbound.br0) and the ip for it is 192.168.178.3 (thats what i use in the adguard DNS Settings). After i save this settings the ui is not working anymore, but other sites are loading normal and ads also get blocked. So i guess unbound is doing its job. I also put a DNS Rebind in my router for unraid.net and the server ip but no luck to get it working. So any ideas what im doing wrong? Update: On Pi-Hole the Unraid Gui works but had an Maximum number of concurrent DNS queries reached (max: 150) error Edited January 27, 2022 by Lanraider Quote
Wozzagonebush Posted February 2, 2022 Posted February 2, 2022 Could someone share a working config of both unbound and pi-hole please? I have tried all the suggestions here but have not had any success. # dig pi-hole.net @127.0.0.1 -p 5335 ; <<>> DiG 9.11.5-P4-5.1+deb10u6-Debian <<>> pi-hole.net @127.0.0.1 -p 5335 ;; global options: +cmd ;; connection timed out; no servers could be reached # Quote
Lanraider Posted February 2, 2022 Posted February 2, 2022 (edited) 11 hours ago, Wozzagonebush said: Could someone share a working config of both unbound and pi-hole please? I have tried all the suggestions here but have not had any success. # dig pi-hole.net @127.0.0.1 -p 5335 ; <<>> DiG 9.11.5-P4-5.1+deb10u6-Debian <<>> pi-hole.net @127.0.0.1 -p 5335 ;; global options: +cmd ;; connection timed out; no servers could be reached # Thats what i did: 1. Put the container to brO 2. Put an fixed IP in the optional field 3. create an folder /mnt/user/appdata/unbound/ 4. Paste the path /mnt/user/appdata/unbound/ in the Config Path in the docker tab 5. Paste in the unbound folder this files a-records.conf srv-records.conf forward-records.conf from https://github.com/MatthewVance/unbound-docker/tree/master/1.10.1 like suggested from debizaemon 6. Create an folder unbound.conf.d in /mnt/user/appdata/unbound/ 7. Create an txt file in unbound.conf.d with the settings from https://docs.pi-hole.net/guides/dns/unbound/ 8. rename it to pihole.conf after you save it 9. Go to you Pihole then to settings/dns/costum1 IPv4 put in 127.0.0.1#5335 (dont forget to untick all the other DNS Upstreamservers) 10. save it Then it should work (kind of), i still have time outs reaching the unraid ui. Please tell me how it worked out for you... A proper tutorial would be nice from the unbound (unraid) pros, because i still have issues (like i said) and have to stick to the conventional DNS Upstream Servers. What i noticed is that in the docker tab the container is still using port 53, instead of showing that it is using port 5335 (like put in the docker config) is this right? Edited February 2, 2022 by Lanraider Quote
gyto6 Posted February 2, 2022 Posted February 2, 2022 (edited) I'll add that you might be concerned about logs errors "due" to poor ressources for Unbound.. Unless you've more than 500 workers in your network depending on your stuff, do not urge to set the container as "Priviledge" if only for home usage. What i noticed is that in the docker tab the container is still using port 53, instead of showing that it is using port 5335 (like put in the docker config) is this right? To me, it sounds like a false positive and refers to the out port for DNS request. In my own case, it solves DNS queries and is indeed listening my pihole request on port 5335. Edited February 2, 2022 by gyto6 Added a Quote Quote
Wozzagonebush Posted February 3, 2022 Posted February 3, 2022 I've got it working by setting pi-hole ip to 192.168.1.2 br0, pointing to unbound br0 192.168.1.3#53 Quote
gyto6 Posted February 3, 2022 Posted February 3, 2022 3 hours ago, Wozzagonebush said: I've got it working by setting pi-hole ip to 192.168.1.2 br0, pointing to unbound br0 192.168.1.3#53 Doesn't sound good to me as Pi-Hole uses this port to reslove clients DNS queries. Can you check in PiHole's Query Log section if the solver's unbound's docker name (With #53 for you of course)? Quote
Lanraider Posted February 5, 2022 Posted February 5, 2022 On 2/3/2022 at 12:13 AM, gyto6 said: I'll add that you might be concerned about logs errors "due" to poor ressources for Unbound.. Unless you've more than 500 workers in your network depending on your stuff, do not urge to set the container as "Priviledge" if only for home usage. What i noticed is that in the docker tab the container is still using port 53, instead of showing that it is using port 5335 (like put in the docker config) is this right? To me, it sounds like a false positive and refers to the out port for DNS request. In my own case, it solves DNS queries and is indeed listening my pihole request on port 5335. Thanks for your answer! I had time again to play around a bit with unbound & pi-hole, so the pihole container was not set to "Priviledge" i think the "Maximum number of concurrent DNS queries reached (max: 150) error" was because i restarted the pihole container and it always forgets the DNS Settings i put in and changes to "listen to all devices", even though i put in "Allow only local devices" and another DNS Server it should use, when it starts again. So i tested unbound and i figured out that it is not using my pihole.conf file in the unbound.conf.d dir! Dont know why it is doing this... So i tested unbound with the unbound.conf that is in the unbound main dir and it is working fine and answering in the pihole query log with "sent to unbound.br0#5335" like i put it in the unbound.conf file. How can i say to unbound to use my pihole.conf file or how do i fix this? Another thing i noticed is that it is not using DNS over TLS with the unbound.conf, like with the pihole.conf file when it was recognised. Also i get the following errors in the unbound log: [1644065587] libunbound[21:0] error: udp connect failed: Cannot assign requested address for 2001:500:200::b port 53 [1644065587] libunbound[21:0] error: udp connect failed: Cannot assign requested address for 2001:500:200::b port 53 [1644065587] libunbound[21:0] error: udp connect failed: Cannot assign requested address for 2001:500:2d::d port 53 [1644065587] unbound[1:0] warning: setrlimit: Operation not permitted [1644065587] unbound[1:0] warning: cannot increase max open fds from 40960 to 189120 [1644065587] unbound[1:0] warning: continuing with less udp ports: 1750 [1644065587] unbound[1:0] warning: increase ulimit or decrease threads, ports in config to remove this warning [1644065587] unbound[1:0] error: Could not open logfile /dev/null: Permission denied 1 Quote
gyto6 Posted February 7, 2022 Posted February 7, 2022 (edited) On 2/5/2022 at 2:41 PM, Lanraider said: Thanks for your answer! I had time again to play around a bit with unbound & pi-hole, so the pihole container was not set to "Priviledge" i think the "Maximum number of concurrent DNS queries reached (max: 150) error" was because i restarted the pihole container and it always forgets the DNS Settings i put in and changes to "listen to all devices", even though i put in "Allow only local devices" and another DNS Server it should use, when it starts again. So i tested unbound and i figured out that it is not using my pihole.conf file in the unbound.conf.d dir! Dont know why it is doing this... So i tested unbound with the unbound.conf that is in the unbound main dir and it is working fine and answering in the pihole query log with "sent to unbound.br0#5335" like i put it in the unbound.conf file. How can i say to unbound to use my pihole.conf file or how do i fix this? Another thing i noticed is that it is not using DNS over TLS with the unbound.conf, like with the pihole.conf file when it was recognised. Also i get the following errors in the unbound log: [1644065587] libunbound[21:0] error: udp connect failed: Cannot assign requested address for 2001:500:200::b port 53 [1644065587] libunbound[21:0] error: udp connect failed: Cannot assign requested address for 2001:500:200::b port 53 [1644065587] libunbound[21:0] error: udp connect failed: Cannot assign requested address for 2001:500:2d::d port 53 [1644065587] unbound[1:0] warning: setrlimit: Operation not permitted [1644065587] unbound[1:0] warning: cannot increase max open fds from 40960 to 189120 [1644065587] unbound[1:0] warning: continuing with less udp ports: 1750 [1644065587] unbound[1:0] warning: increase ulimit or decrease threads, ports in config to remove this warning [1644065587] unbound[1:0] error: Could not open logfile /dev/null: Permission denied You're welcome. First, how do you know that unbound isn't using the pihole.conf? Then, I didn't set DoH yet, i'll warn you once done how to do this. And at last, the errors refers to what I said sooner. Except for the ipv6 address as it's disabled in default unbound.conf file. Edit 1 : Concerning the pi-hole.conf file not used, open the unbound console : find / -name pi-hole.conf -print You're supposed to get your file path inside the docker : /opt/unbound/etc/unbound/unbound.conf.d/pi-hole.conf Now, execute the following command and restart Pi-Hole unbound -c /opt/unbound/etc/unbound/unbound.conf.d/pi-hole.conf Edit 2 : I didn't find the docker parameter to use another unbound.conf file aka pi-hole.conf at launch. So you can, as you did, set your pi-hole.conf config into the unbound.conf. But the file given by pi-hole is less configured that the original pi-hole file and I don't see what's better, so be cautious. Especially with certificate and key files path which must be kept in the config for DNSSEC. The only difference from original config file in pi-hole.conf is this line which's been set to "no" : use-caps-for-id: no Edited February 7, 2022 by gyto6 Edition Quote
gyto6 Posted February 7, 2022 Posted February 7, 2022 (edited) So, The original unbound config is set for DNSSEC. Nothing more to configure else to check the "Use DNSSEC" boxe within Pi-Hole GUI. But even if the box is not checked, it tends to unbound to already use DNSSEC. Furthermore, don't be suprised to see a lot of well known websites not using DNSSEC. Once done, go on your web browser to https://nifc.fr (a domain name I've set with DNSSEC) and check "Queries Logs" Else, you can check this site https://dnssec.vs.uni-due.de/ Source : https://discourse.pi-hole.net/t/how-do-i-interperet-the-dnssec-column-in-the-query-log/7185 https://medium.com/nlnetlabs/dns-over-https-in-unbound-c7a407e8480 Edited February 7, 2022 by gyto6 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.