July 26, 20214 yr Overview: Support for the Unbound Docker Container Docker: https://hub.docker.com/r/kutzilla/unbound GitHub: https://github.com/kutzilla/unbound-docker This is an unofficial Docker implementation of Unbound. It was build to run Unbound on your Unraid machine. Unbound is a validating, recursive, and caching DNS resolver. It can be used to create your own recursive DNS-Server at home. You can use Unbound for services such as Pi-Hole or you can create custom DNS Records for your local network. Here is a tutorial how to configure Pi-Hole with Unbound (Not exclusively on Unraid): Edited July 26, 20214 yr by kutzilla
August 20, 20214 yr nice. and uhm nice name kut. I could do with a couple more steps on how to get it to work with unraid. The vid from craft computing is a bit vague. I would love to run unbound with pihole on unraid since now I have unbound with pi hole on a RPI.
September 5, 20214 yr Author @BelgarionNL Thank you for your feedback. I'm going to provide a more detailed introduction for unraid soon. Any suggestions what I should include? PS: I know what you mean about my name. Many dutch ppl think it is funny. But my last name is part of this pseudonym. Thats why I chose it
September 14, 20214 yr How to configure it so I can resolve local hostname, Example, If I would like to access one of my docker container "home-assistant-core" I would like to enter homeassistant/ on browser to direct to the dashboard instead of 192.168.x.x:8123 I've seen the a-record.conf, but it doesn't work for me. Any help would be appreciated
September 23, 20214 yr On 7/26/2021 at 8:44 AM, kutzilla said: Overview: Support for the Unbound Docker Container Docker: https://hub.docker.com/r/kutzilla/unbound GitHub: https://github.com/kutzilla/unbound-docker This is an unofficial Docker implementation of Unbound. It was build to run Unbound on your Unraid machine. Unbound is a validating, recursive, and caching DNS resolver. It can be used to create your own recursive DNS-Server at home. You can use Unbound for services such as Pi-Hole or you can create custom DNS Records for your local network. Can you provide step on how to create custom DNS Records for your local network? What' I've done is add a PTR record on the config but it doesn't resolve it # A Record #local-data: "somecomputer.local. A 192.168.1.1" # PTR Record #local-data-ptr: "192.168.1.1 somecomputer.local." #local-data-ptr: "192.168.1.190 tenseven.local." I thought you need to remove the hash symbol, but after I saved the file, unbound won't start after a restart due to the file missing/incorrect.
October 7, 20214 yr Author @ySkNight Sorry for the long silence. I was working on other projects and totally forgot about this issue. This sounds weird, because the syntax looks right. I might sound stupid, but did you keep the hash symbols on the description fields "# A Record" and "# PTR Record"? Those symbols need to stay, because those are just descriptive comments. Hopefully this helps. @BelgarionNL I didn't forget about you either. I try to provide a "Getting started"-guide soon. Cheers, kutzilla
October 8, 20214 yr @kutzilla Yes, # A Record #local-data: "somecomputer.local. A 192.168.1.1" #local-data: "unraid. A 192.168.3.190" # PTR Record #local-data-ptr: "192.168.1.1 somecomputer.local." #local-data-ptr: "192.168.3.190 unraid." This is my a-records.conf it didn't work for me. Also even if it work how do you config a services or docker that has port number? eg 192.168.1.10:8000?
October 15, 20214 yr @kutzilla When building the container I see their is an option to mount the config to a share/volume. When I put in for instance host Path: /user/appdata/unbound which maps to Container Path: /opt/unbound/etc/unbound/. I see some of the files/directories. However I'm unable to edit them unless I go in to the terminal and change the permissions. Even after doing that the container will not start and throws a critical error listed below. Any thoughts on how to resolve this? I'm hoping that it should be straight forward having share access to the unbound config files to modify them. [1634322343] unbound[1:0] fatal error: Could not read config file: /opt/unbound/etc/unbound/unbound.conf. Maybe try unbound -dd, it stays on the commandline to see more errors, or unbound-checkconf
October 23, 20214 yr I am ok. I decided to go with OPNsense vm + adguard + unbound. its running smooth now. Edited October 23, 20214 yr by BelgarionNL
December 14, 20214 yr Hi. I've been using piHole in unraid docker for ages and it's great. I now want to add unbound to the mix. I'm following the video linked in the documentation but it's not unraid specific. I've dropped into the unbound console and gone into /etc but there is no unbound folder in there so I'm not sure where to put the pihole config file that is detailed here https://docs.pi-hole.net/guides/dns/unbound/ It says to create the file /etc/unbound/unbound.conf.d/pi-hole.conf but it seems I have the unbound folders missing.
December 18, 20214 yr On 10/15/2021 at 7:31 PM, S1nglebarrel said: @kutzilla When building the container I see their is an option to mount the config to a share/volume. When I put in for instance host Path: /user/appdata/unbound which maps to Container Path: /opt/unbound/etc/unbound/. I see some of the files/directories. However I'm unable to edit them unless I go in to the terminal and change the permissions. Even after doing that the container will not start and throws a critical error listed below. Any thoughts on how to resolve this? I'm hoping that it should be straight forward having share access to the unbound config files to modify them. [1634322343] unbound[1:0] fatal error: Could not read config file: /opt/unbound/etc/unbound/unbound.conf. Maybe try unbound -dd, it stays on the commandline to see more errors, or unbound-checkconf I get this also as soon as I specify the appdata directory for config files. Docker won't start up. I've also noticed that only the unbound.conf file is present in the appdata unbound folder. There is also a Dev and var folder. No other config files. Log files show the below Quote /opt/unbound/etc/unbound/unbound.conf:293: error: cannot open include file '/opt/unbound/etc/unbound/a-records.conf': No such file or directory /opt/unbound/etc/unbound/unbound.conf:294: error: cannot open include file '/opt/unbound/etc/unbound/srv-records.conf': No such file or directory /opt/unbound/etc/unbound/unbound.conf:300: error: cannot open include file '/opt/unbound/etc/unbound/forward-records.conf': No such file or directory read /opt/unbound/etc/unbound/unbound.conf failed: 3 errors in configuration file [1639840290] unbound[1:0] fatal error: Could not read config file: /opt/unbound/etc/unbound/unbound.conf. Maybe try unbound -dd, it stays on the commandline to see more errors, or unbound-checkconf @kutzilla Any ideas? Edited December 18, 20214 yr by unraid-user
December 19, 20214 yr As an aside. I also get this when I used a docker hub image so it feels like possibly user error rather than anything wrong with the image. Still, would appreciate some help!
December 20, 20214 yr Author @unraid-user I'm going to look into this. The configuration folder inside the container you are looking for is: /opt/unbound/etc/unbound
December 23, 20214 yr I got the same error. Therefore I first ran the container with a volume /opt/unbound/etc/unbound2 then I copied everything from /opt/unbound/etc/unbound to /opt/unbound/etc/unbound2 then I rebuild the container with the correct volumepath /opt/unbound/etc/unbound then you will see every file and the error is gone, though still some warnings are shown. But: I cannot reach the Container from my Adguard container. Any ideas? the Adguard runs on an own ip on unraid and unbound runs in bridged mode with port 5335 published.
January 12, 20224 yr To anyone still having issues, the way I resolved it was to download a-records.conf srv-records.conf forward-records.conf from https://github.com/MatthewVance/unbound-docker/tree/master/1.10.1 and copy them to ../appdata/unbound then restart the unbound and all should work.
January 27, 20224 yr I have the issue with adguard + unbound that i cant access the unraid ui anymore i get the DNS_PROBE_POSSIBLE error, when i use the Unbound DNS IP. I set it up like this: Unbound.conf ip 127.0.0.1 port 5335 in the Docker template i put it in br0 network (shows in Adguard client list as unbound.br0) and the ip for it is 192.168.178.3 (thats what i use in the adguard DNS Settings). After i save this settings the ui is not working anymore, but other sites are loading normal and ads also get blocked. So i guess unbound is doing its job. I also put a DNS Rebind in my router for unraid.net and the server ip but no luck to get it working. So any ideas what im doing wrong? Update: On Pi-Hole the Unraid Gui works but had an Maximum number of concurrent DNS queries reached (max: 150) error Edited January 27, 20224 yr by Lanraider
February 2, 20224 yr Could someone share a working config of both unbound and pi-hole please? I have tried all the suggestions here but have not had any success. # dig pi-hole.net @127.0.0.1 -p 5335 ; <<>> DiG 9.11.5-P4-5.1+deb10u6-Debian <<>> pi-hole.net @127.0.0.1 -p 5335 ;; global options: +cmd ;; connection timed out; no servers could be reached #
February 2, 20224 yr 11 hours ago, Wozzagonebush said: Could someone share a working config of both unbound and pi-hole please? I have tried all the suggestions here but have not had any success. # dig pi-hole.net @127.0.0.1 -p 5335 ; <<>> DiG 9.11.5-P4-5.1+deb10u6-Debian <<>> pi-hole.net @127.0.0.1 -p 5335 ;; global options: +cmd ;; connection timed out; no servers could be reached # Thats what i did: 1. Put the container to brO 2. Put an fixed IP in the optional field 3. create an folder /mnt/user/appdata/unbound/ 4. Paste the path /mnt/user/appdata/unbound/ in the Config Path in the docker tab 5. Paste in the unbound folder this files a-records.conf srv-records.conf forward-records.conf from https://github.com/MatthewVance/unbound-docker/tree/master/1.10.1 like suggested from debizaemon 6. Create an folder unbound.conf.d in /mnt/user/appdata/unbound/ 7. Create an txt file in unbound.conf.d with the settings from https://docs.pi-hole.net/guides/dns/unbound/ 8. rename it to pihole.conf after you save it 9. Go to you Pihole then to settings/dns/costum1 IPv4 put in 127.0.0.1#5335 (dont forget to untick all the other DNS Upstreamservers) 10. save it Then it should work (kind of), i still have time outs reaching the unraid ui. Please tell me how it worked out for you... A proper tutorial would be nice from the unbound (unraid) pros, because i still have issues (like i said) and have to stick to the conventional DNS Upstream Servers. What i noticed is that in the docker tab the container is still using port 53, instead of showing that it is using port 5335 (like put in the docker config) is this right? Edited February 2, 20224 yr by Lanraider
February 2, 20224 yr I'll add that you might be concerned about logs errors "due" to poor ressources for Unbound.. Unless you've more than 500 workers in your network depending on your stuff, do not urge to set the container as "Priviledge" if only for home usage. What i noticed is that in the docker tab the container is still using port 53, instead of showing that it is using port 5335 (like put in the docker config) is this right? To me, it sounds like a false positive and refers to the out port for DNS request. In my own case, it solves DNS queries and is indeed listening my pihole request on port 5335. Edited February 2, 20224 yr by gyto6 Added a Quote
February 3, 20224 yr I've got it working by setting pi-hole ip to 192.168.1.2 br0, pointing to unbound br0 192.168.1.3#53
February 3, 20224 yr 3 hours ago, Wozzagonebush said: I've got it working by setting pi-hole ip to 192.168.1.2 br0, pointing to unbound br0 192.168.1.3#53 Doesn't sound good to me as Pi-Hole uses this port to reslove clients DNS queries. Can you check in PiHole's Query Log section if the solver's unbound's docker name (With #53 for you of course)?
February 5, 20224 yr On 2/3/2022 at 12:13 AM, gyto6 said: I'll add that you might be concerned about logs errors "due" to poor ressources for Unbound.. Unless you've more than 500 workers in your network depending on your stuff, do not urge to set the container as "Priviledge" if only for home usage. What i noticed is that in the docker tab the container is still using port 53, instead of showing that it is using port 5335 (like put in the docker config) is this right? To me, it sounds like a false positive and refers to the out port for DNS request. In my own case, it solves DNS queries and is indeed listening my pihole request on port 5335. Thanks for your answer! I had time again to play around a bit with unbound & pi-hole, so the pihole container was not set to "Priviledge" i think the "Maximum number of concurrent DNS queries reached (max: 150) error" was because i restarted the pihole container and it always forgets the DNS Settings i put in and changes to "listen to all devices", even though i put in "Allow only local devices" and another DNS Server it should use, when it starts again. So i tested unbound and i figured out that it is not using my pihole.conf file in the unbound.conf.d dir! Dont know why it is doing this... So i tested unbound with the unbound.conf that is in the unbound main dir and it is working fine and answering in the pihole query log with "sent to unbound.br0#5335" like i put it in the unbound.conf file. How can i say to unbound to use my pihole.conf file or how do i fix this? Another thing i noticed is that it is not using DNS over TLS with the unbound.conf, like with the pihole.conf file when it was recognised. Also i get the following errors in the unbound log: [1644065587] libunbound[21:0] error: udp connect failed: Cannot assign requested address for 2001:500:200::b port 53 [1644065587] libunbound[21:0] error: udp connect failed: Cannot assign requested address for 2001:500:200::b port 53 [1644065587] libunbound[21:0] error: udp connect failed: Cannot assign requested address for 2001:500:2d::d port 53 [1644065587] unbound[1:0] warning: setrlimit: Operation not permitted [1644065587] unbound[1:0] warning: cannot increase max open fds from 40960 to 189120 [1644065587] unbound[1:0] warning: continuing with less udp ports: 1750 [1644065587] unbound[1:0] warning: increase ulimit or decrease threads, ports in config to remove this warning [1644065587] unbound[1:0] error: Could not open logfile /dev/null: Permission denied
February 7, 20224 yr On 2/5/2022 at 2:41 PM, Lanraider said: Thanks for your answer! I had time again to play around a bit with unbound & pi-hole, so the pihole container was not set to "Priviledge" i think the "Maximum number of concurrent DNS queries reached (max: 150) error" was because i restarted the pihole container and it always forgets the DNS Settings i put in and changes to "listen to all devices", even though i put in "Allow only local devices" and another DNS Server it should use, when it starts again. So i tested unbound and i figured out that it is not using my pihole.conf file in the unbound.conf.d dir! Dont know why it is doing this... So i tested unbound with the unbound.conf that is in the unbound main dir and it is working fine and answering in the pihole query log with "sent to unbound.br0#5335" like i put it in the unbound.conf file. How can i say to unbound to use my pihole.conf file or how do i fix this? Another thing i noticed is that it is not using DNS over TLS with the unbound.conf, like with the pihole.conf file when it was recognised. Also i get the following errors in the unbound log: [1644065587] libunbound[21:0] error: udp connect failed: Cannot assign requested address for 2001:500:200::b port 53 [1644065587] libunbound[21:0] error: udp connect failed: Cannot assign requested address for 2001:500:200::b port 53 [1644065587] libunbound[21:0] error: udp connect failed: Cannot assign requested address for 2001:500:2d::d port 53 [1644065587] unbound[1:0] warning: setrlimit: Operation not permitted [1644065587] unbound[1:0] warning: cannot increase max open fds from 40960 to 189120 [1644065587] unbound[1:0] warning: continuing with less udp ports: 1750 [1644065587] unbound[1:0] warning: increase ulimit or decrease threads, ports in config to remove this warning [1644065587] unbound[1:0] error: Could not open logfile /dev/null: Permission denied You're welcome. First, how do you know that unbound isn't using the pihole.conf? Then, I didn't set DoH yet, i'll warn you once done how to do this. And at last, the errors refers to what I said sooner. Except for the ipv6 address as it's disabled in default unbound.conf file. Edit 1 : Concerning the pi-hole.conf file not used, open the unbound console : find / -name pi-hole.conf -print You're supposed to get your file path inside the docker : /opt/unbound/etc/unbound/unbound.conf.d/pi-hole.conf Now, execute the following command and restart Pi-Hole unbound -c /opt/unbound/etc/unbound/unbound.conf.d/pi-hole.conf Edit 2 : I didn't find the docker parameter to use another unbound.conf file aka pi-hole.conf at launch. So you can, as you did, set your pi-hole.conf config into the unbound.conf. But the file given by pi-hole is less configured that the original pi-hole file and I don't see what's better, so be cautious. Especially with certificate and key files path which must be kept in the config for DNSSEC. The only difference from original config file in pi-hole.conf is this line which's been set to "no" : use-caps-for-id: no Edited February 7, 20224 yr by gyto6 Edition
February 7, 20224 yr So, The original unbound config is set for DNSSEC. Nothing more to configure else to check the "Use DNSSEC" boxe within Pi-Hole GUI. But even if the box is not checked, it tends to unbound to already use DNSSEC. Furthermore, don't be suprised to see a lot of well known websites not using DNSSEC. Once done, go on your web browser to https://nifc.fr (a domain name I've set with DNSSEC) and check "Queries Logs" Else, you can check this site https://dnssec.vs.uni-due.de/ Source : https://discourse.pi-hole.net/t/how-do-i-interperet-the-dnssec-column-in-the-query-log/7185 https://medium.com/nlnetlabs/dns-over-https-in-unbound-c7a407e8480 Edited February 7, 20224 yr by gyto6
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.