Vous en avez marre des pubs répétitives sur le forum ? Enregistrez-vous pour les stopper !




Pour s'inscrire



Unbound avec pihole

Discussions sur les réseaux

Modérateur : alloja

Avatar du membre
arl0ng
⭐ Membre VIP donateur ⭐
⭐ Membre VIP donateur ⭐
Messages : 1934
Enregistré le : 13 avr. 2019, 13:03
A remercié : 15 fois
A été remercié : 123 fois

Unbound avec pihole

Message par arl0ng »

Hello,

Après avoir installé pi-hole sur mon mini pc, j'ai entrepris d'installer unbound mais je rencontre des soucis.

Je pense que ça doit venir du service dns par défaut sur Linux mint.

J'ai modifié le port par défaut pour ne pas utiliser le même que pihole.

Si quelqu'un a une idée, voici qques logs

code : Tout sélectionner

root@arlong-MINI-S:/home/arlong# sudo grep -v ‘#\|^$’ -R /etc/unbound/unbound.conf*                             /etc/unbound/unbound.conf:server:
/etc/unbound/unbound.conf:                              /etc/unbound/unbound.conf:    # The  verbosity  number, level 0 means no verbosity, only errors.
/etc/unbound/unbound.conf:    # Level 1 gives operational information. Level  2  gives  detailed                /etc/unbound/unbound.conf:    # operational  information. Level 3 gives query level information,
/etc/unbound/unbound.conf:    # output per query.  Level 4 gives  algorithm  level  information.                /etc/unbound/unbound.conf:    # Level 5 logs client identification for cache misses.  Default is                /etc/unbound/unbound.conf:    # level 1.
/etc/unbound/unbound.conf:    verbosity: 0              /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf:    interface: 127.0.0.1      /etc/unbound/unbound.conf:    port: 5335                /etc/unbound/unbound.conf:    do-ip4: yes               /etc/unbound/unbound.conf:    do-udp: yes               /etc/unbound/unbound.conf:    do-tcp: yes               /etc/unbound/unbound.conf:                              /etc/unbound/unbound.conf:    # May be set to yes if you have IPv6 connectivity                                 /etc/unbound/unbound.conf:    do-ip6: yes               /etc/unbound/unbound.conf:                              /etc/unbound/unbound.conf:    # You want to leave this to no unless you have *native* IPv6. With 6to4 and
/etc/unbound/unbound.conf:    # Terredo tunnels your web browser should favor IPv4 for the same reasons         /etc/unbound/unbound.conf:    prefer-ip6: no            /etc/unbound/unbound.conf:                              /etc/unbound/unbound.conf:    # Use this only when you downloaded the list of primary root servers!             /etc/unbound/unbound.conf:    # Read  the  root  hints from this file. Make sure to                             /etc/unbound/unbound.conf:    # update root.hints evry 5-6 months.                                              /etc/unbound/unbound.conf:    root-hints: "/var/lib/unbound/root.hints"                                         /etc/unbound/unbound.conf:                              /etc/unbound/unbound.conf:    # Trust glue only if it is within the servers authority                           /etc/unbound/unbound.conf:    harden-glue: yes          /etc/unbound/unbound.conf:                              /etc/unbound/unbound.conf:    # Ignore very large queries.
/etc/unbound/unbound.conf:    harden-large-queries: yes /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf:    # Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
/etc/unbound/unbound.conf:    # If you want to disable DNSSEC, set harden-dnssec stripped: no
/etc/unbound/unbound.conf:    harden-dnssec-stripped: yes
/etc/unbound/unbound.conf:                              /etc/unbound/unbound.conf:    # Number of bytes size to advertise as the EDNS reassembly buffer                 /etc/unbound/unbound.conf:    # size. This is the value put into  datagrams over UDP towards                    /etc/unbound/unbound.conf:    # peers. The actual buffer size is determined by msg-buffer-size                  /etc/unbound/unbound.conf:    # (both for TCP and UDP). /etc/unbound/unbound.conf:    edns-buffer-size: 1232
/etc/unbound/unbound.conf:                              /etc/unbound/unbound.conf:    # Rotates RRSet order in response (the pseudo-random
/etc/unbound/unbound.conf:    # number is taken from Ensure privacy of local IP                                 /etc/unbound/unbound.conf:    # ranges the query ID, for speed and thread safety).
/etc/unbound/unbound.conf:    # private-address: 192.168.0.0/16
/etc/unbound/unbound.conf:    rrset-roundrobin: yes
/etc/unbound/unbound.conf:                              /etc/unbound/unbound.conf:    # Time to live minimum for RRsets and messages in the cache. If the minimum       /etc/unbound/unbound.conf:    # kicks in, the data is cached for longer than the domain owner intended,         /etc/unbound/unbound.conf:    # and thus less queries are made to look up the data. Zero makes sure the         /etc/unbound/unbound.conf:    # data in the cache is as the domain owner intended, higher values,               /etc/unbound/unbound.conf:    # especially more than an hour or so, can lead to trouble as the data in          /etc/unbound/unbound.conf:    # the cache does not match up with the actual data anymore                        /etc/unbound/unbound.conf:    cache-min-ttl: 300
/etc/unbound/unbound.conf:    cache-max-ttl: 86400      /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf:    # Have unbound attempt to serve old responses from cache with a TTL of 0 in       /etc/unbound/unbound.conf:    # the response without waiting for the actual resolution to finish. The           /etc/unbound/unbound.conf:    # actual resolution answer ends up in the cache later on.                         /etc/unbound/unbound.conf:    serve-expired: yes        /etc/unbound/unbound.conf:                              /etc/unbound/unbound.conf:    # Harden against algorithm downgrade when multiple algorithms are                 /etc/unbound/unbound.conf:    # advertised in the DS record.                                                    /etc/unbound/unbound.conf:    harden-algo-downgrade: yes/etc/unbound/unbound.conf:                              /etc/unbound/unbound.conf:    # Ignore very small EDNS buffer sizes from queries.                               /etc/unbound/unbound.conf:    harden-short-bufsize: yes /etc/unbound/unbound.conf:                              /etc/unbound/unbound.conf:    # Refuse id.server and hostname.bind queries                                      /etc/unbound/unbound.conf:    hide-identity: yes        /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf:    # Report this identity rather than the hostname of the server.
/etc/unbound/unbound.conf:    identity: "Server"        /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf:    # Refuse version.server and version.bind queries
/etc/unbound/unbound.conf:    hide-version: yes         /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf:    # Prevent the unbound server from forking into the background as a daemon
/etc/unbound/unbound.conf:    do-daemonize: no          /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf:    # Number  of  bytes size of the aggressive negative cache.
/etc/unbound/unbound.conf:    neg-cache-size: 4m        /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf:    # Send minimum amount of information to upstream servers to enhance privacy       /etc/unbound/unbound.conf:    qname-minimisation: yes   /etc/unbound/unbound.conf:                              /etc/unbound/unbound.conf:    # Deny queries of type ANY with an empty response.
/etc/unbound/unbound.conf:    # Works only on version 1.8 and above
/etc/unbound/unbound.conf:    deny-any: yes             /etc/unbound/unbound.conf:                              /etc/unbound/unbound.conf:    # Do no insert authority/additional sections into response messages when          /etc/unbound/unbound.conf:    # those sections are not required. This reduces response size
/etc/unbound/unbound.conf:    # significantly, and may avoid TCP fallback for some responses. This may
/etc/unbound/unbound.conf:    # cause a slight speedup  /etc/unbound/unbound.conf:    minimal-responses: yes
/etc/unbound/unbound.conf:                              /etc/unbound/unbound.conf:    # Perform prefetching of close to expired message cache entries                   /etc/unbound/unbound.conf:    # This only applies to domains that have been frequently queried                  /etc/unbound/unbound.conf:    # This flag updates the cached domains                                            /etc/unbound/unbound.conf:    prefetch: yes
/etc/unbound/unbound.conf:                              /etc/unbound/unbound.conf:    # Fetch the DNSKEYs earlier in the validation process, when a DS record is        /etc/unbound/unbound.conf:    # encountered. This lowers the latency of requests at the expense of little       /etc/unbound/unbound.conf:    # more CPU usage.         /etc/unbound/unbound.conf:    prefetch-key: yes
/etc/unbound/unbound.conf:
/etc/unbound/unbound.conf:    # One thread should be sufficient, can be increased on beefy machines. In reality for                                                     /etc/unbound/unbound.conf:    # most users running on small networks or on a single machine, it should be unnecessary                                                   /etc/unbound/unbound.conf:    # to seek performance enhancement by increasing num-threads above 1.              /etc/unbound/unbound.conf:    num-threads: 1            /etc/unbound/unbound.conf:                              /etc/unbound/unbound.conf:    # more cache memory. rrset-cache-size should twice what msg-cache-size is.        /etc/unbound/unbound.conf:    msg-cache-size: 50m       /etc/unbound/unbound.conf:    rrset-cache-size: 100m
/etc/unbound/unbound.conf:                              /etc/unbound/unbound.conf:    # Faster UDP with multithreading (only on Linux).
/etc/unbound/unbound.conf:    so-reuseport: yes         /etc/unbound/unbound.conf:                              /etc/unbound/unbound.conf:    # Ensure kernel buffer is large enough to not lose messages in traffix spikes
/etc/unbound/unbound.conf:    so-rcvbuf: 4m             /etc/unbound/unbound.conf:    so-sndbuf: 4m
/etc/unbound/unbound.conf:
/etc/unbound/unbound.conf:    # Set the total number of unwanted replies to keep track of in every thread.
/etc/unbound/unbound.conf:    # When it reaches the threshold, a defensive action of clearing the rrset         /etc/unbound/unbound.conf:    # and message caches is taken, hopefully flushing away any poison.                /etc/unbound/unbound.conf:    # Unbound suggests a value of 10 million.                                         /etc/unbound/unbound.conf:    unwanted-reply-threshold: 100000                                                  /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf:    # Minimize logs           /etc/unbound/unbound.conf:    # Do not print one line per query to the log                                      /etc/unbound/unbound.conf:    log-queries: no           /etc/unbound/unbound.conf:    # Do not print one line per reply to the log
/etc/unbound/unbound.conf:    log-replies: no           /etc/unbound/unbound.conf:    # Do not print log lines that say why queries return SERVFAIL to clients          /etc/unbound/unbound.conf:    log-servfail: no          /etc/unbound/unbound.conf:    # Do not print log lines to inform about local zone actions
/etc/unbound/unbound.conf:    log-local-actions: no     /etc/unbound/unbound.conf:    # Do not print log lines that say why queries return SERVFAIL to clients          /etc/unbound/unbound.conf:    logfile: /dev/null        /etc/unbound/unbound.conf:                              /etc/unbound/unbound.conf:    # Ensure privacy of local IP ranges                                               /etc/unbound/unbound.conf:    private-address: 192.168.0.0/16                                                   /etc/unbound/unbound.conf:    private-address: 169.254.0.0/16
/etc/unbound/unbound.conf:    private-address: 172.16.0.0/12                                                    /etc/unbound/unbound.conf:    private-address: 10.0.0.0/8                                                       /etc/unbound/unbound.conf:    private-address: fd00::/8 /etc/unbound/unbound.conf:    private-address: fe80::/10
/etc/unbound/unbound.conf.d/pi-hole.conf:server:        /etc/unbound/unbound.conf.d/pi-hole.conf:    # If no logfile is specified, syslog is used                       /etc/unbound/unbound.conf.d/pi-hole.conf:    # logfile: "/var/log/unbound/unbound.log"                          /etc/unbound/unbound.conf.d/pi-hole.conf:    verbosity: 0
/etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf:    interface: 127.0.0.1
/etc/unbound/unbound.conf.d/pi-hole.conf:    port: 5335 /etc/unbound/unbound.conf.d/pi-hole.conf:    do-ip4: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-udp: yes/etc/unbound/unbound.conf.d/pi-hole.conf:    do-tcp: yes/etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf:    # May be set to yes if you have IPv6 connectivity
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-ip6: yes/etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf:    # You want to leave this to no unless you have *native* IPv6. With 6to4 and
/etc/unbound/unbound.conf.d/pi-hole.conf:    # Terredo tunnels your web browser should favor IPv4 for the same reasons                                                  /etc/unbound/unbound.conf.d/pi-hole.conf:    prefer-ip6: no                                                     /etc/unbound/unbound.conf.d/pi-hole.conf:               /etc/unbound/unbound.conf.d/pi-hole.conf:    # Use this only when you downloaded the list of primary root servers!                                                      /etc/unbound/unbound.conf.d/pi-hole.conf:    # If you use the default dns-root-data package, unbound will find it automatically
/etc/unbound/unbound.conf.d/pi-hole.conf:    #root-hints: "/var/lib/unbound/root.hints"
/etc/unbound/unbound.conf.d/pi-hole.conf:               /etc/unbound/unbound.conf.d/pi-hole.conf:    # Trust glue only if it is within the server's authority
/etc/unbound/unbound.conf.d/pi-hole.conf:    harden-glue: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:               /etc/unbound/unbound.conf.d/pi-hole.conf:    # Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS                             /etc/unbound/unbound.conf.d/pi-hole.conf:    harden-dnssec-stripped: yes                                        /etc/unbound/unbound.conf.d/pi-hole.conf:               /etc/unbound/unbound.conf.d/pi-hole.conf:    # Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes                                      /etc/unbound/unbound.conf.d/pi-hole.conf:    # see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
/etc/unbound/unbound.conf.d/pi-hole.conf:    use-caps-for-id: no
/etc/unbound/unbound.conf.d/pi-hole.conf:               /etc/unbound/unbound.conf.d/pi-hole.conf:    # Reduce EDNS reassembly buffer size.                              /etc/unbound/unbound.conf.d/pi-hole.conf:    # IP fragmentation is unreliable on the Internet today, and can cause
/etc/unbound/unbound.conf.d/pi-hole.conf:    # transmission failures when large DNS messages are sent via UDP. Even                                                     /etc/unbound/unbound.conf.d/pi-hole.conf:    # when fragmentation does work, it may not be secure; it is theoretically
/etc/unbound/unbound.conf.d/pi-hole.conf:    # possible to spoof parts of a fragmented DNS message, without easy
/etc/unbound/unbound.conf.d/pi-hole.conf:    # detection at the receiving end. Recently, there was an excellent study                                                   /etc/unbound/unbound.conf.d/pi-hole.conf:    # >>> Defragmenting DNS - Determining the optimal maximum UDP response size for DNS <<<
/etc/unbound/unbound.conf.d/pi-hole.conf:    # by Axel Koolhaas, and Tjeerd Slokker (https://indico.dns-oarc.net/event/36/contributions/776/)
/etc/unbound/unbound.conf.d/pi-hole.conf:    # in collaboration with NLnet Labs explored DNS using real world data from the
/etc/unbound/unbound.conf.d/pi-hole.conf:    # the RIPE Atlas probes and the researchers suggested different values for                                                 /etc/unbound/unbound.conf.d/pi-hole.conf:    # IPv4 and IPv6 and in different scenarios. They advise that servers should                                                /etc/unbound/unbound.conf.d/pi-hole.conf:    # be configured to limit DNS messages sent over UDP to a size that will not                                                /etc/unbound/unbound.conf.d/pi-hole.conf:    # trigger fragmentation on typical network links. DNS servers can switch
/etc/unbound/unbound.conf.d/pi-hole.conf:    # from UDP to TCP when a DNS response is too big to fit in this limited                                                    /etc/unbound/unbound.conf.d/pi-hole.conf:    # buffer size. This value has also been suggested in DNS Flag Day 2020.                                                    /etc/unbound/unbound.conf.d/pi-hole.conf:    edns-buffer-size: 1232                                             /etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf:    # Perform prefetching of close to expired message cache entries
/etc/unbound/unbound.conf.d/pi-hole.conf:    # This only applies to domains that have been frequently queried
/etc/unbound/unbound.conf.d/pi-hole.conf:    prefetch: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:               /etc/unbound/unbound.conf.d/pi-hole.conf:    # One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.                                                     /etc/unbound/unbound.conf.d/pi-hole.conf:    num-threads: 1                                                     /etc/unbound/unbound.conf.d/pi-hole.conf:               /etc/unbound/unbound.conf.d/pi-hole.conf:    # Ensure kernel buffer is large enough to not lose messages in traffic spikes                                              /etc/unbound/unbound.conf.d/pi-hole.conf:    so-rcvbuf: 1m                                                      /etc/unbound/unbound.conf.d/pi-hole.conf:               /etc/unbound/unbound.conf.d/pi-hole.conf:    # Ensure privacy of local IP ranges                                /etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 192.168.0.0/16                                    /etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 169.254.0.0/16                                    /etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 172.16.0.0/12
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 10.0.0.0/8
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: fd00::/8                                          /etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: fe80::/10
/etc/unbound/unbound.conf.d/pi-hole.conf:
grep: /etc/unbound/unbound.conf.d/.pi-hole.conf.swp : fichiers binaires correspondent
root@arlong-MINI-S:/home/arlong# sudo grep -v ‘#\|^$’ -R /etc/unbound/unbound.conf*
/etc/unbound/unbound.conf:server:                       /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf:    # The  verbosity  number, level 0 means no verbosity, only errors.
/etc/unbound/unbound.conf:    # Level 1 gives operational information. Level  2  gives  detailed                /etc/unbound/unbound.conf:    # operational  information. Level 3 gives query level information,
/etc/unbound/unbound.conf:    # output per query.  Level 4 gives  algorithm  level  information.
/etc/unbound/unbound.conf:    # Level 5 logs client identification for cache misses.  Default is                /etc/unbound/unbound.conf:    # level 1.                /etc/unbound/unbound.conf:    verbosity: 0              /etc/unbound/unbound.conf:                              /etc/unbound/unbound.conf:    interface: 127.0.0.1      /etc/unbound/unbound.conf:    port: 5335
/etc/unbound/unbound.conf:    do-ip4: yes               /etc/unbound/unbound.conf:    do-udp: yes
/etc/unbound/unbound.conf:    do-tcp: yes               /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf:    # May be set to yes if you have IPv6 connectivity
/etc/unbound/unbound.conf:    do-ip6: yes               /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf:    # You want to leave this to no unless you have *native* IPv6. With 6to4 and
/etc/unbound/unbound.conf:    # Terredo tunnels your web browser should favor IPv4 for the same reasons
/etc/unbound/unbound.conf:    prefer-ip6: no            /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf:    # Use this only when you downloaded the list of primary root servers!             /etc/unbound/unbound.conf:    # Read  the  root  hints from this file. Make sure to
/etc/unbound/unbound.conf:    # update root.hints evry 5-6 months.
/etc/unbound/unbound.conf:    root-hints: "/var/lib/unbound/root.hints"                                         /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf:    # Trust glue only if it is within the servers authority                           /etc/unbound/unbound.conf:    harden-glue: yes          /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf:    # Ignore very large queries.                                                      /etc/unbound/unbound.conf:    harden-large-queries: yes /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf:    # Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS                                            /etc/unbound/unbound.conf:    # If you want to disable DNSSEC, set harden-dnssec stripped: no
/etc/unbound/unbound.conf:    harden-dnssec-stripped: yes
/etc/unbound/unbound.conf:
/etc/unbound/unbound.conf:    # Number of bytes size to advertise as the EDNS reassembly buffer
/etc/unbound/unbound.conf:    # size. This is the value put into  datagrams over UDP towards                    /etc/unbound/unbound.conf:    # peers. The actual buffer size is determined by msg-buffer-size                  /etc/unbound/unbound.conf:    # (both for TCP and UDP).
/etc/unbound/unbound.conf:    edns-buffer-size: 1232    /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf:    # Rotates RRSet order in response (the pseudo-random
/etc/unbound/unbound.conf:    # number is taken from Ensure privacy of local IP
/etc/unbound/unbound.conf:    # ranges the query ID, for speed and thread safety).
/etc/unbound/unbound.conf:    # private-address: 192.168.0.0/16
/etc/unbound/unbound.conf:    rrset-roundrobin: yes     /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf:    # Time to live minimum for RRsets and messages in the cache. If the minimum       /etc/unbound/unbound.conf:    # kicks in, the data is cached for longer than the domain owner intended,         /etc/unbound/unbound.conf:    # and thus less queries are made to look up the data. Zero makes sure the
/etc/unbound/unbound.conf:    # data in the cache is as the domain owner intended, higher values,               /etc/unbound/unbound.conf:    # especially more than an hour or so, can lead to trouble as the data in          /etc/unbound/unbound.conf:    # the cache does not match up with the actual data anymore                        /etc/unbound/unbound.conf:    cache-min-ttl: 300        /etc/unbound/unbound.conf:    cache-max-ttl: 86400      /etc/unbound/unbound.conf:                              /etc/unbound/unbound.conf:    # Have unbound attempt to serve old responses from cache with a TTL of 0 in       /etc/unbound/unbound.conf:    # the response without waiting for the actual resolution to finish. The           /etc/unbound/unbound.conf:    # actual resolution answer ends up in the cache later on.                         /etc/unbound/unbound.conf:    serve-expired: yes        /etc/unbound/unbound.conf:                              /etc/unbound/unbound.conf:    # Harden against algorithm downgrade when multiple algorithms are                 /etc/unbound/unbound.conf:    # advertised in the DS record.                                                    /etc/unbound/unbound.conf:    harden-algo-downgrade: yes
/etc/unbound/unbound.conf:                              /etc/unbound/unbound.conf:    # Ignore very small EDNS buffer sizes from queries.                               /etc/unbound/unbound.conf:    harden-short-bufsize: yes
/etc/unbound/unbound.conf:                              /etc/unbound/unbound.conf:    # Refuse id.server and hostname.bind queries                                      /etc/unbound/unbound.conf:    hide-identity: yes
/etc/unbound/unbound.conf:                              /etc/unbound/unbound.conf:    # Report this identity rather than the hostname of the server.                    /etc/unbound/unbound.conf:    identity: "Server"        /etc/unbound/unbound.conf:                              /etc/unbound/unbound.conf:    # Refuse version.server and version.bind queries                                  /etc/unbound/unbound.conf:    hide-version: yes         /etc/unbound/unbound.conf:                              /etc/unbound/unbound.conf:    # Prevent the unbound server from forking into the background as a daemon
/etc/unbound/unbound.conf:    do-daemonize: no          /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf:    # Number  of  bytes size of the aggressive negative cache.                        /etc/unbound/unbound.conf:    neg-cache-size: 4m        /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf:    # Send minimum amount of information to upstream servers to enhance privacy       /etc/unbound/unbound.conf:    qname-minimisation: yes   /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf:    # Deny queries of type ANY with an empty response.                                /etc/unbound/unbound.conf:    # Works only on version 1.8 and above
/etc/unbound/unbound.conf:    deny-any: yes             /etc/unbound/unbound.conf:                              /etc/unbound/unbound.conf:    # Do no insert authority/additional sections into response messages when
/etc/unbound/unbound.conf:    # those sections are not required. This reduces response size
/etc/unbound/unbound.conf:    # significantly, and may avoid TCP fallback for some responses. This may
/etc/unbound/unbound.conf:    # cause a slight speedup  /etc/unbound/unbound.conf:    minimal-responses: yes
/etc/unbound/unbound.conf:
/etc/unbound/unbound.conf:    # Perform prefetching of close to expired message cache entries                   /etc/unbound/unbound.conf:    # This only applies to domains that have been frequently queried                  /etc/unbound/unbound.conf:    # This flag updates the cached domains                                            /etc/unbound/unbound.conf:    prefetch: yes             /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf:    # Fetch the DNSKEYs earlier in the validation process, when a DS record is        /etc/unbound/unbound.conf:    # encountered. This lowers the latency of requests at the expense of little
/etc/unbound/unbound.conf:    # more CPU usage.         /etc/unbound/unbound.conf:    prefetch-key: yes         /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf:    # One thread should be sufficient, can be increased on beefy machines. In reality for
/etc/unbound/unbound.conf:    # most users running on small networks or on a single machine, it should be unnecessary                                                   /etc/unbound/unbound.conf:    # to seek performance enhancement by increasing num-threads above 1.              /etc/unbound/unbound.conf:    num-threads: 1            /etc/unbound/unbound.conf:                              /etc/unbound/unbound.conf:    # more cache memory. rrset-cache-size should twice what msg-cache-size is.        /etc/unbound/unbound.conf:    msg-cache-size: 50m       /etc/unbound/unbound.conf:    rrset-cache-size: 100m
/etc/unbound/unbound.conf:                              /etc/unbound/unbound.conf:    # Faster UDP with multithreading (only on Linux).                                 /etc/unbound/unbound.conf:    so-reuseport: yes         /etc/unbound/unbound.conf:                              /etc/unbound/unbound.conf:    # Ensure kernel buffer is large enough to not lose messages in traffix spikes     /etc/unbound/unbound.conf:    so-rcvbuf: 4m
/etc/unbound/unbound.conf:    so-sndbuf: 4m             /etc/unbound/unbound.conf:
/etc/unbound/unbound.conf:    # Set the total number of unwanted replies to keep track of in every thread.
/etc/unbound/unbound.conf:    # When it reaches the threshold, a defensive action of clearing the rrset         /etc/unbound/unbound.conf:    # and message caches is taken, hopefully flushing away any poison.
/etc/unbound/unbound.conf:    # Unbound suggests a value of 10 million.
/etc/unbound/unbound.conf:    unwanted-reply-threshold: 100000
/etc/unbound/unbound.conf:                              /etc/unbound/unbound.conf:    # Minimize logs
/etc/unbound/unbound.conf:    # Do not print one line per query to the log                                      /etc/unbound/unbound.conf:    log-queries: no
/etc/unbound/unbound.conf:    # Do not print one line per reply to the log
/etc/unbound/unbound.conf:    log-replies: no
/etc/unbound/unbound.conf:    # Do not print log lines that say why queries return SERVFAIL to clients
/etc/unbound/unbound.conf:    log-servfail: no
/etc/unbound/unbound.conf:    # Do not print log lines to inform about local zone actions                       /etc/unbound/unbound.conf:    log-local-actions: no     /etc/unbound/unbound.conf:    # Do not print log lines that say why queries return SERVFAIL to clients          /etc/unbound/unbound.conf:    logfile: /dev/null        /etc/unbound/unbound.conf:                              /etc/unbound/unbound.conf:    # Ensure privacy of local IP ranges                                               /etc/unbound/unbound.conf:    private-address: 192.168.0.0/16                                                   /etc/unbound/unbound.conf:    private-address: 169.254.0.0/16                                                   /etc/unbound/unbound.conf:    private-address: 172.16.0.0/12                                                    /etc/unbound/unbound.conf:    private-address: 10.0.0.0/8                                                       /etc/unbound/unbound.conf:    private-address: fd00::/8 /etc/unbound/unbound.conf:    private-address: fe80::/10
/etc/unbound/unbound.conf.d/pi-hole.conf:server:
/etc/unbound/unbound.conf.d/pi-hole.conf:    # If no logfile is specified, syslog is used                       /etc/unbound/unbound.conf.d/pi-hole.conf:    # logfile: "/var/log/unbound/unbound.log"
/etc/unbound/unbound.conf.d/pi-hole.conf:    verbosity: 0
/etc/unbound/unbound.conf.d/pi-hole.conf:               /etc/unbound/unbound.conf.d/pi-hole.conf:    interface: 127.0.0.1                                               /etc/unbound/unbound.conf.d/pi-hole.conf:    port: 5335
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-ip4: yes/etc/unbound/unbound.conf.d/pi-hole.conf:    do-udp: yes/etc/unbound/unbound.conf.d/pi-hole.conf:    do-tcp: yes/etc/unbound/unbound.conf.d/pi-hole.conf:               /etc/unbound/unbound.conf.d/pi-hole.conf:    # May be set to yes if you have IPv6 connectivity                  /etc/unbound/unbound.conf.d/pi-hole.conf:    do-ip6: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:               /etc/unbound/unbound.conf.d/pi-hole.conf:    # You want to leave this to no unless you have *native* IPv6. With 6to4 and                                                /etc/unbound/unbound.conf.d/pi-hole.conf:    # Terredo tunnels your web browser should favor IPv4 for the same reasons                                                  /etc/unbound/unbound.conf.d/pi-hole.conf:    prefer-ip6: no                                                     /etc/unbound/unbound.conf.d/pi-hole.conf:               /etc/unbound/unbound.conf.d/pi-hole.conf:    # Use this only when you downloaded the list of primary root servers!
/etc/unbound/unbound.conf.d/pi-hole.conf:    # If you use the default dns-root-data package, unbound will find it automatically                                         /etc/unbound/unbound.conf.d/pi-hole.conf:    #root-hints: "/var/lib/unbound/root.hints"                         /etc/unbound/unbound.conf.d/pi-hole.conf:               /etc/unbound/unbound.conf.d/pi-hole.conf:    # Trust glue only if it is within the server's authority           /etc/unbound/unbound.conf.d/pi-hole.conf:    harden-glue: yes                                                   /etc/unbound/unbound.conf.d/pi-hole.conf:               /etc/unbound/unbound.conf.d/pi-hole.conf:    # Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS                             /etc/unbound/unbound.conf.d/pi-hole.conf:    harden-dnssec-stripped: yes                                        /etc/unbound/unbound.conf.d/pi-hole.conf:               /etc/unbound/unbound.conf.d/pi-hole.conf:    # Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes                                      /etc/unbound/unbound.conf.d/pi-hole.conf:    # see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details                            /etc/unbound/unbound.conf.d/pi-hole.conf:    use-caps-for-id: no                                                /etc/unbound/unbound.conf.d/pi-hole.conf:               /etc/unbound/unbound.conf.d/pi-hole.conf:    # Reduce EDNS reassembly buffer size.                              /etc/unbound/unbound.conf.d/pi-hole.conf:    # IP fragmentation is unreliable on the Internet today, and can cause                                                      /etc/unbound/unbound.conf.d/pi-hole.conf:    # transmission failures when large DNS messages are sent via UDP. Even
/etc/unbound/unbound.conf.d/pi-hole.conf:    # when fragmentation does work, it may not be secure; it is theoretically                                                  /etc/unbound/unbound.conf.d/pi-hole.conf:    # possible to spoof parts of a fragmented DNS message, without easy/etc/unbound/unbound.conf.d/pi-hole.conf:    # detection at the receiving end. Recently, there was an excellent study                                                   /etc/unbound/unbound.conf.d/pi-hole.conf:    # >>> Defragmenting DNS - Determining the optimal maximum UDP response size for DNS <<<
/etc/unbound/unbound.conf.d/pi-hole.conf:    # by Axel Koolhaas, and Tjeerd Slokker (https://indico.dns-oarc.net/event/36/contributions/776/)                           /etc/unbound/unbound.conf.d/pi-hole.conf:    # in collaboration with NLnet Labs explored DNS using real world data from the                                             /etc/unbound/unbound.conf.d/pi-hole.conf:    # the RIPE Atlas probes and the researchers suggested different values for                                                 /etc/unbound/unbound.conf.d/pi-hole.conf:    # IPv4 and IPv6 and in different scenarios. They advise that servers should                                                /etc/unbound/unbound.conf.d/pi-hole.conf:    # be configured to limit DNS messages sent over UDP to a size that will not                                                /etc/unbound/unbound.conf.d/pi-hole.conf:    # trigger fragmentation on typical network links. DNS servers can switch
/etc/unbound/unbound.conf.d/pi-hole.conf:    # from UDP to TCP when a DNS response is too big to fit in this limited                                                    /etc/unbound/unbound.conf.d/pi-hole.conf:    # buffer size. This value has also been suggested in DNS Flag Day 2020.                                                    /etc/unbound/unbound.conf.d/pi-hole.conf:    edns-buffer-size: 1232                                             /etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf:    # Perform prefetching of close to expired message cache entries
/etc/unbound/unbound.conf.d/pi-hole.conf:    # This only applies to domains that have been frequently queried   /etc/unbound/unbound.conf.d/pi-hole.conf:    prefetch: yes                                                      /etc/unbound/unbound.conf.d/pi-hole.conf:               /etc/unbound/unbound.conf.d/pi-hole.conf:    # One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.                                                     /etc/unbound/unbound.conf.d/pi-hole.conf:    num-threads: 1                                                     /etc/unbound/unbound.conf.d/pi-hole.conf:               /etc/unbound/unbound.conf.d/pi-hole.conf:    # Ensure kernel buffer is large enough to not lose messages in traffic spikes
/etc/unbound/unbound.conf.d/pi-hole.conf:    so-rcvbuf: 1m                                                      /etc/unbound/unbound.conf.d/pi-hole.conf:               /etc/unbound/unbound.conf.d/pi-hole.conf:    # Ensure privacy of local IP ranges                                /etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 192.168.0.0/16                                    /etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 169.254.0.0/16                                    /etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 172.16.0.0/12                                     /etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 10.0.0.0/8                                        /etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: fd00::/8                                          /etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: fe80::/10                                         /etc/unbound/unbound.conf.d/pi-hole.conf:               grep: /etc/unbound/unbound.conf.d/.pi-hole.conf.swp : fichiers binaires correspondent                           root@arlong-MINI-S:/home/arlong#

code : Tout sélectionner

root@arlong-MINI-S:/home/arlong# dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5335                            dig sigok.verteiltesysteme.net @127.0.0.1 -p 5335       ;; communications error to 127.0.0.1#5335: connection refused                                                                                                           ;; communications error to 127.0.0.1#5335: connection refused                                                                                                           root@arlong-MINI-S:/home/arlong#

code : Tout sélectionner

root@arlong-MINI-S:/home/arlong# sudo service unbound restart                                                   dig pi-hole.net @127.0.0.1 -p 5335                      Job for unbound.service failed because the control process exited with error code.                              See "systemctl status unbound.service" and "journalctl -xeu unbound.service" for details.                       ;; communications error to 127.0.0.1#5335: connection refused                                                                                                           root@arlong-MINI-S:/home/arlong#

code : Tout sélectionner

root@arlong-MINI-S:/home/arlong# systemctl status unbound.service                                               × unbound.service - Unbound DNS server                       Loaded: loaded (/lib/systemd/system/unbound.servic>     Active: failed (Result: exit-code) since Sat 2022->       Docs: man:unbound(8)                                 Process: 11509 ExecStartPre=/usr/lib/unbound/packag>    Process: 11512 ExecStartPre=/usr/lib/unbound/packag>    Process: 11515 ExecStart=/usr/sbin/unbound -d -p $D>    Process: 11516 ExecStopPost=/usr/lib/unbound/packag>   Main PID: 11515 (code=exited, status=1/FAILURE)              CPU: 59ms                                                                                               déc 24 11:00:06 arlong-MINI-S systemd[1]: unbound.servi>déc 24 11:00:06 arlong-MINI-S systemd[1]: Stopped Unbou>déc 24 11:00:06 arlong-MINI-S systemd[1]: unbound.servi>
déc 24 11:00:06 arlong-MINI-S systemd[1]: unbound.servi>déc 24 11:00:06 arlong-MINI-S systemd[1]: Failed to sta>
lines 1-16/16 (END)

Envoyé de mon Mi 10T pro en utilisant Tapatalk

Avatar du membre
Unix-Linux
⭐ Membre VIP donateur ⭐
⭐ Membre VIP donateur ⭐
Messages : 8326
Enregistré le : 10 nov. 2017, 21:50
Localisation : Ou la caravane sait se garer.
A remercié : 207 fois
A été remercié : 423 fois

Re: Unbound avec pihole

Message par Unix-Linux »

Ayo technology ;-)
Vérifies déjà:

code : Tout sélectionner

# Ensure privacy of local IP ranges
    private-address: 192.168.0.0/16
    private-address: 169.254.0.0/16
    private-address: 172.16.0.0/12
    private-address: 10.0.0.0/8
    private-address: fd00::/8
    private-address: fe80::/10
 



Copié/collé de ton message :
J'ai modifié le port par défaut pour ne pas utiliser le même que pihole.
Tu dois paramétrer ton pi-hole pour qu'il passe par unbound justement, donc changer l'upstream DNS server en "custom" et y mettre 127.0.0.1:5335

Test :

code : Tout sélectionner

service unbound restart
dig solarsystem.nasa.gov @127.0.0.1 -p 5335
Voo duo + CI, parabole Triax Multifeed 4 LNB + OVH VoIP + DAB+ RTL2832U R820T2
Raspberry Pi 4 + NAS / DietPi v9.1
Main O.S : Debian Bookworm / FreeBSD 15 aarch64
Anciennement : EDPnet VDSL XL - Scarlet - Brutele - RealRoot
vî trigu : sacwè ki n' sieve pus.
Avatar du membre
arl0ng
⭐ Membre VIP donateur ⭐
⭐ Membre VIP donateur ⭐
Messages : 1934
Enregistré le : 13 avr. 2019, 13:03
A remercié : 15 fois
A été remercié : 123 fois

Re: Unbound avec pihole

Message par arl0ng »

Unix-Linux a écrit :Ayo technology ;-)
Vérifies déjà:

code : Tout sélectionner

# Ensure privacy of local IP ranges
    private-address: 192.168.0.0/16
    private-address: 169.254.0.0/16
    private-address: 172.16.0.0/12
    private-address: 10.0.0.0/8
    private-address: fd00::/8
    private-address: fe80::/10
 



Copié/collé de ton message :
J'ai modifié le port par défaut pour ne pas utiliser le même que pihole.
Tu dois paramétrer ton pi-hole pour qu'il passe par unbound justement, donc changer l'upstream DNS server en "custom" et y mettre 127.0.0.1:5335

Test :

code : Tout sélectionner

service unbound restart
dig solarsystem.nasa.gov @127.0.0.1 -p 5335
Ah ouais mince sur fritz c'est 192.168.178.x

En fait je pensais que je devais d'abord activer unbound avant de le mettre dans pihole

Envoyé de mon Mi 10T pro en utilisant Tapatalk

Avatar du membre
Unix-Linux
⭐ Membre VIP donateur ⭐
⭐ Membre VIP donateur ⭐
Messages : 8326
Enregistré le : 10 nov. 2017, 21:50
Localisation : Ou la caravane sait se garer.
A remercié : 207 fois
A été remercié : 423 fois

Re: Unbound avec pihole

Message par Unix-Linux »

En fait, pi-hole et unbound étant sur la même machine, dans pi-hole, tu lui mets comme upstream DNS server son loopback, donc le 127.0.0.1 et son port 5335 ;-)
Voo duo + CI, parabole Triax Multifeed 4 LNB + OVH VoIP + DAB+ RTL2832U R820T2
Raspberry Pi 4 + NAS / DietPi v9.1
Main O.S : Debian Bookworm / FreeBSD 15 aarch64
Anciennement : EDPnet VDSL XL - Scarlet - Brutele - RealRoot
vî trigu : sacwè ki n' sieve pus.
Avatar du membre
arl0ng
⭐ Membre VIP donateur ⭐
⭐ Membre VIP donateur ⭐
Messages : 1934
Enregistré le : 13 avr. 2019, 13:03
A remercié : 15 fois
A été remercié : 123 fois

Re: Unbound avec pihole

Message par arl0ng »

Ça n'allait pas j'ai donc fait une purge de unbound


La j'entreprends une réinstallation avec ce guide

https://www.wundertech.net/use-unbound- ... pberry-pi/

code : Tout sélectionner

root@arlong-MINI-S:/home/arlong# sudo service unbound restart                                                   dig pi-hole.net @127.0.0.1 -p 5335                                                                              ; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> pi-hole.net @127.0.0.1 -p 5335                                         ;; global options: +cmd                                 ;; Got answer:                                          ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46967                                                       ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1                                                                                                    ;; OPT PSEUDOSECTION:                                   ; EDNS: version: 0, flags:; udp: 1472                   ;; QUESTION SECTION:
;pi-hole.net.                   IN      A                                                                       ;; ANSWER SECTION:                                      pi-hole.net.            300     IN      A       3.18.136.52                                                                                                             ;; Query time: 275 msec                                 ;; SERVER: 127.0.0.1#5335(127.0.0.1) (UDP)              ;; WHEN: Sat Dec 24 14:07:54 CET 2022                   ;; MSG SIZE  rcvd: 56                                   
root@arlong-MINI-S:/home/arlong# dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5335
                                                        ; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> sigfail.verteiltesysteme.net @127.0.0.1 -p 5335                        ;; global options: +cmd
;; connection timed out; no servers could be reached                                                            root@arlong-MINI-S:/home/arlong#
Envoyé de mon Mi 10T pro en utilisant Tapatalk



Ajouté après : 1 minute 18 secondes:

code : Tout sélectionner

root@arlong-MINI-S:/home/arlong# dig sigok.verteiltesysteme.net @127.0.0.1 -p 5335                              
; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> sigok.verteiltesysteme.net @127.0.0.1 -p 5335
;; global options: +cmd                                 ;; Got answer:                                          ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 45260
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1                                                                                                    ;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472                   ;; QUESTION SECTION:                                    ;sigok.verteiltesysteme.net.    IN      A
                                                        ;; Query time: 0 msec                                   ;; SERVER: 127.0.0.1#5335(127.0.0.1) (UDP)              ;; WHEN: Sat Dec 24 14:19:18 CET 2022
;; MSG SIZE  rcvd: 55                                   
root@arlong-MINI-S:/home/arlong#
Envoyé de mon Mi 10T pro en utilisant Tapatalk
Avatar du membre
arl0ng
⭐ Membre VIP donateur ⭐
⭐ Membre VIP donateur ⭐
Messages : 1934
Enregistré le : 13 avr. 2019, 13:03
A remercié : 15 fois
A été remercié : 123 fois

Re: Unbound avec pihole

Message par arl0ng »

code : Tout sélectionner

root@arlong-MINI-S:/home/arlong# dig sigok.verteiltesysteme.net @127.0.0.1 -p 5335                              
; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> sigok.verteiltesysteme.net @127.0.0.1 -p 5335
;; global options: +cmd                                 ;; Got answer:                                          ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 45260
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1                                                                                                    ;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472                   ;; QUESTION SECTION:                                    ;sigok.verteiltesysteme.net.    IN      A
                                                        ;; Query time: 0 msec                                   ;; SERVER: 127.0.0.1#5335(127.0.0.1) (UDP)              ;; WHEN: Sat Dec 24 14:19:18 CET 2022
;; MSG SIZE  rcvd: 55                                   
root@arlong-MINI-S:/home/arlong#
Envoyé de mon Mi 10T pro en utilisant Tapatalk



Ajouté après : 19 minutes 16 secondes:
Ça m'a l'air positif

code : Tout sélectionner

root@arlong-MINI-S:/home/arlong# systemctl status unbound
● unbound.service - Unbound DNS server                       Loaded: loaded (/lib/systemd/system/unbound.servic>     Active: active (running) since Sat 2022-12-24 14:0>       Docs: man:unbound(8)
    Process: 16542 ExecStartPre=/usr/lib/unbound/packag>    Process: 16545 ExecStartPre=/usr/lib/unbound/packag>   Main PID: 16548 (unbound)                                  Tasks: 1 (limit: 9126)
     Memory: 7.4M                                               CPU: 118ms
     CGroup: /system.slice/unbound.service                           └─16548 /usr/sbin/unbound -d -p
                                                        déc 24 14:07:53 arlong-MINI-S systemd[1]: Starting Unbo>déc 24 14:07:53 arlong-MINI-S unbound[16548]: [16718872>déc 24 14:07:53 arlong-MINI-S unbound[16548]: [16548:0]>déc 24 14:07:53 arlong-MINI-S systemd[1]: Started Unbou>lines 1-17/17 (END) 
Apparemment y a juste le dnssec qui est pas activé

Envoyé de mon Mi 10T pro en utilisant Tapatalk
Avatar du membre
arl0ng
⭐ Membre VIP donateur ⭐
⭐ Membre VIP donateur ⭐
Messages : 1934
Enregistré le : 13 avr. 2019, 13:03
A remercié : 15 fois
A été remercié : 123 fois

Re: Unbound avec pihole

Message par arl0ng »

Ça m'a l'air positif

code : Tout sélectionner

root@arlong-MINI-S:/home/arlong# systemctl status unbound
● unbound.service - Unbound DNS server                       Loaded: loaded (/lib/systemd/system/unbound.servic>     Active: active (running) since Sat 2022-12-24 14:0>       Docs: man:unbound(8)
    Process: 16542 ExecStartPre=/usr/lib/unbound/packag>    Process: 16545 ExecStartPre=/usr/lib/unbound/packag>   Main PID: 16548 (unbound)                                  Tasks: 1 (limit: 9126)
     Memory: 7.4M                                               CPU: 118ms
     CGroup: /system.slice/unbound.service                           └─16548 /usr/sbin/unbound -d -p
                                                        déc 24 14:07:53 arlong-MINI-S systemd[1]: Starting Unbo>déc 24 14:07:53 arlong-MINI-S unbound[16548]: [16718872>déc 24 14:07:53 arlong-MINI-S unbound[16548]: [16548:0]>déc 24 14:07:53 arlong-MINI-S systemd[1]: Started Unbou>lines 1-17/17 (END) 
Apparemment y a juste le dnssec qui est pas activé

Envoyé de mon Mi 10T pro en utilisant Tapatalk

Avatar du membre
Unix-Linux
⭐ Membre VIP donateur ⭐
⭐ Membre VIP donateur ⭐
Messages : 8326
Enregistré le : 10 nov. 2017, 21:50
Localisation : Ou la caravane sait se garer.
A remercié : 207 fois
A été remercié : 423 fois

Re: Unbound avec pihole

Message par Unix-Linux »

Magnifaïk ! ;-)

Pour le dnssec :

code : Tout sélectionner

dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5335
Et tu n'auras pas de retour d'ip

Ensuite :

code : Tout sélectionner

dig sigok.verteiltesysteme.net @127.0.0.1 -p 5335
Et tu auras un IP

Si les deux tests fonctionnent, c'est que le DNSSEC fonctionne ;-)
Voo duo + CI, parabole Triax Multifeed 4 LNB + OVH VoIP + DAB+ RTL2832U R820T2
Raspberry Pi 4 + NAS / DietPi v9.1
Main O.S : Debian Bookworm / FreeBSD 15 aarch64
Anciennement : EDPnet VDSL XL - Scarlet - Brutele - RealRoot
vî trigu : sacwè ki n' sieve pus.
Avatar du membre
arl0ng
⭐ Membre VIP donateur ⭐
⭐ Membre VIP donateur ⭐
Messages : 1934
Enregistré le : 13 avr. 2019, 13:03
A remercié : 15 fois
A été remercié : 123 fois

Re: Unbound avec pihole

Message par arl0ng »

Unix-Linux a écrit :Magnifaïk ! ;-)

Pour le dnssec :

code : Tout sélectionner

dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5335
Et tu n'auras pas de retour d'ip

Ensuite :

code : Tout sélectionner

dig sigok.verteiltesysteme.net @127.0.0.1 -p 5335
Et tu auras un IP

Si les deux tests fonctionnent, c'est que le DNSSEC fonctionne ;-)
Oups j'avais pas coché la case dans pihole

code : Tout sélectionner

root@arlong-MINI-S:/home/arlong# dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5335
                                                        ; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> sigfail.verteiltesysteme.net @127.0.0.1 -p 5335                        ;; global options: +cmd                                 ;; Got answer:                                          ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 55895
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1                                                                                                    ;; OPT PSEUDOSECTION:                                   ; EDNS: version: 0, flags:; udp: 1472                   ;; QUESTION SECTION:                                    ;sigfail.verteiltesysteme.net.  IN      A                                                                       ;; Query time: 3 msec                                   ;; SERVER: 127.0.0.1#5335(127.0.0.1) (UDP)              ;; WHEN: Sat Dec 24 14:57:17 CET 2022
;; MSG SIZE  rcvd: 57                                                                                                            root@arlong-MINI-S:/home/arlong# dig sigok.verteiltesysteme.net @127.0.0.1 -p 5335                                                                                      ; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> sigok.verteiltesysteme.net @127.0.0.1 -p 5335                          ;; global options: +cmd                                 ;; Got answer:                                          ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 27518
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1                                                                                                    ;; OPT PSEUDOSECTION:                                   ; EDNS: version: 0, flags:; udp: 1472                   ;; QUESTION SECTION:                                    ;sigok.verteiltesysteme.net.    IN      A                                                                       ;; Query time: 0 msec                                   ;; SERVER: 127.0.0.1#5335(127.0.0.1) (UDP)              ;; WHEN: Sat Dec 24 14:57:57 CET 2022
;; MSG SIZE  rcvd: 55                                                                                           root@arlong-MINI-S:/home/arlong#

Envoyé de mon Mi 10T pro en utilisant Tapatalk



Ajouté après : 4 minutes 6 secondes:
Re: Unbound avec pihole
Je pense que c'est positif si en dns server sur ipleak.net, j'ai l'ip de ma fritzbox ?

Envoyé de mon Mi 10T pro en utilisant Tapatalk
Avatar du membre
arl0ng
⭐ Membre VIP donateur ⭐
⭐ Membre VIP donateur ⭐
Messages : 1934
Enregistré le : 13 avr. 2019, 13:03
A remercié : 15 fois
A été remercié : 123 fois

Re: Unbound avec pihole

Message par arl0ng »

Je pense que c'est positif si en dns server sur ipleak.net, j'ai l'ip de ma fritzbox ?

Envoyé de mon Mi 10T pro en utilisant Tapatalk

Avatar du membre
Unix-Linux
⭐ Membre VIP donateur ⭐
⭐ Membre VIP donateur ⭐
Messages : 8326
Enregistré le : 10 nov. 2017, 21:50
Localisation : Ou la caravane sait se garer.
A remercié : 207 fois
A été remercié : 423 fois

Re: Unbound avec pihole

Message par Unix-Linux »

l'ip WAN ?
Voo duo + CI, parabole Triax Multifeed 4 LNB + OVH VoIP + DAB+ RTL2832U R820T2
Raspberry Pi 4 + NAS / DietPi v9.1
Main O.S : Debian Bookworm / FreeBSD 15 aarch64
Anciennement : EDPnet VDSL XL - Scarlet - Brutele - RealRoot
vî trigu : sacwè ki n' sieve pus.
Avatar du membre
arl0ng
⭐ Membre VIP donateur ⭐
⭐ Membre VIP donateur ⭐
Messages : 1934
Enregistré le : 13 avr. 2019, 13:03
A remercié : 15 fois
A été remercié : 123 fois

Re: Unbound avec pihole

Message par arl0ng »

Unix-Linux a écrit :l'ip WAN ?
Euh l'ipv4 public de la fritzbox

Envoyé de mon Mi 10T pro en utilisant Tapatalk

Avatar du membre
arl0ng
⭐ Membre VIP donateur ⭐
⭐ Membre VIP donateur ⭐
Messages : 1934
Enregistré le : 13 avr. 2019, 13:03
A remercié : 15 fois
A été remercié : 123 fois

Re: Unbound avec pihole

Message par arl0ng »

Petit up

Madame a quelques soucis avec son iPhone, il arrive souvent qu'elle ne puisse pas se connecter.
Je crois que c'est dû à pihole, je suis en train de tester, j'ai ajouté quelques whitelist

code : Tout sélectionner

pihole --white-regex *.push.apple.com *.itunes.apple.com *.apps.apple.com *.mzstatic.com *.amazonaws.com *.cdn-apple.com *.digicert.com deimos3.apple.com *.symcb.com gg*.apple.com *.symcd.com mesu.apple.com

pihole -w albert.apple.com captive.apple.com gs.apple.com humb.apple.com static.ips.apple.com tbsc.apple.com time-ios.apple.com time.apple.com appldnld.apple.com gg.apple.com gnf-mdn.apple.com gnf-mr.apple.com gs.apple.com ig.apple.com mesu.apple.com ns.itunes.apple.com oscdn.apple.com osrecovery.apple.com skl.apple.com swcdn.apple.com swdist.apple.com swdownload.apple.com swpost.apple.com swscan.apple.com updates-http.cdn-apple.com updates.cdn-apple.com xp.apple.com itunes.apple.com ppq.apple.com lcdn-registration.apple.com crl.apple.com crl.entrust.net crl3.digicert.com crl4.digicert.com ocsp.apple.com ocsp.digicert.com ocsp.entrust.net ocsp.verisign.net gdmf.apple.com deviceenrollment.apple.com deviceservices-external.apple.com identity.apple.com iprofiles.apple.com mdmenrollment.apple.com setup.icloud.com vpp.itunes.apple.com
Trouvé sur https://discourse.pi-hole.net/t/commonl ... ins/212/74



Envoyé de mon Mi 10T pro en utilisant Tapatalk

Avatar du membre
arl0ng
⭐ Membre VIP donateur ⭐
⭐ Membre VIP donateur ⭐
Messages : 1934
Enregistré le : 13 avr. 2019, 13:03
A remercié : 15 fois
A été remercié : 123 fois

Re: Unbound avec pihole

Message par arl0ng »

En fait c'est pas apple le problème mais googleadservices

J'ai essayé de whitelister ca

code : Tout sélectionner

googleadservices.com
www.googleadservices.com
ad.doubleclick.net
www.dartsearch.net
dartsearch.net
clickserve.dartsearch.net
Pour le moment ça marche pas ... Googleadservices.com est injoignable

Envoyé de mon Mi 10T pro en utilisant Tapatalk

Avatar du membre
Unix-Linux
⭐ Membre VIP donateur ⭐
⭐ Membre VIP donateur ⭐
Messages : 8326
Enregistré le : 10 nov. 2017, 21:50
Localisation : Ou la caravane sait se garer.
A remercié : 207 fois
A été remercié : 423 fois

Re: Unbound avec pihole

Message par Unix-Linux »

Si tu commences à whitelister tout ça, finalement, ton pi-hole ne servira plus à rien :mrgreen:

Et si madame utilisait un autre dns pour son iPhone ?

Comme cela, son IPhone se choppe toute les merdes mais ton réseau interne reste safe :grin:

:jesors:

Plus sérieusement, qu'elle mette comme DNS le bien connu 1(dot)1(dot)1(dot)1 (pour ne pas faire de pub) ;-)
Voo duo + CI, parabole Triax Multifeed 4 LNB + OVH VoIP + DAB+ RTL2832U R820T2
Raspberry Pi 4 + NAS / DietPi v9.1
Main O.S : Debian Bookworm / FreeBSD 15 aarch64
Anciennement : EDPnet VDSL XL - Scarlet - Brutele - RealRoot
vî trigu : sacwè ki n' sieve pus.
Avatar du membre
arl0ng
⭐ Membre VIP donateur ⭐
⭐ Membre VIP donateur ⭐
Messages : 1934
Enregistré le : 13 avr. 2019, 13:03
A remercié : 15 fois
A été remercié : 123 fois

Re: Unbound avec pihole

Message par arl0ng »

Unix-Linux a écrit :Si tu commences à whitelister tout ça, finalement, ton pi-hole ne servira plus à rien :mrgreen:

Et si madame utilisait un autre dns pour son iPhone ?

Comme cela, son IPhone se choppe toute les merdes mais ton réseau interne reste safe :grin:

:jesors:

Plus sérieusement, qu'elle mette comme DNS le bien connu 1(dot)1(dot)1(dot)1 (pour ne pas faire de pub) ;-)
Yep c'est ce que j'ai fait parce que ça me saoulait de chercher

Envoyé de mon Mi 10T pro en utilisant Tapatalk

Avatar du membre
solar10
⭐Modérateur en chef ⭐
⭐Modérateur en chef ⭐
Messages : 13933
Enregistré le : 01 nov. 2017, 12:15
Localisation : https://www.liege.be/fr/evenements/agenda
A remercié : 932 fois
A été remercié : 1269 fois
Contact :

Re: Unbound avec pihole

Message par solar10 »

arl0ng a écrit : 03 janv. 2023, 17:59 Petit up

Madame a quelques soucis avec son iPhone, il arrive souvent qu'elle ne puisse pas se connecter.
Je crois que c'est dû à pihole, je suis en train de tester, j'ai ajouté quelques whitelist

code : Tout sélectionner

pihole --white-regex *.push.apple.com *.itunes.apple.com *.apps.apple.com *.mzstatic.com *.amazonaws.com *.cdn-apple.com *.digicert.com deimos3.apple.com *.symcb.com gg*.apple.com *.symcd.com mesu.apple.com

pihole -w albert.apple.com captive.apple.com gs.apple.com humb.apple.com static.ips.apple.com tbsc.apple.com time-ios.apple.com time.apple.com appldnld.apple.com gg.apple.com gnf-mdn.apple.com gnf-mr.apple.com gs.apple.com ig.apple.com mesu.apple.com ns.itunes.apple.com oscdn.apple.com osrecovery.apple.com skl.apple.com swcdn.apple.com swdist.apple.com swdownload.apple.com swpost.apple.com swscan.apple.com updates-http.cdn-apple.com updates.cdn-apple.com xp.apple.com itunes.apple.com ppq.apple.com lcdn-registration.apple.com crl.apple.com crl.entrust.net crl3.digicert.com crl4.digicert.com ocsp.apple.com ocsp.digicert.com ocsp.entrust.net ocsp.verisign.net gdmf.apple.com deviceenrollment.apple.com deviceservices-external.apple.com identity.apple.com iprofiles.apple.com mdmenrollment.apple.com setup.icloud.com vpp.itunes.apple.com
Trouvé sur https://discourse.pi-hole.net/t/commonl ... ins/212/74



Envoyé de mon Mi 10T pro en utilisant Tapatalk
Ce serait plus simple de mettre apple.com et *.apple.com #JDCJDR
Internet: _ [passé: EDPNet - Scarlet - dxADSL - Scarlet One (NL) - Cybernet - Compuserve] + Fritz!Box 7490+4040 + rep.310
TV: TCL 50" UHD/HDR Android TV + Fransat + TNT belge + Parabole multi-LNB (5°W + 13°E +19.2E + 28.2°E)
Tel Fixe: VOIP OVH (abonnement découverte) + 4x Fritz!Fon C5
Tel Mobile: abo Base15 - Poco M3 avec ROM Custom crDroid
Raspberry Pi: 3B: [Debian Buster/Sid] NAS 12TB OMV4
Avatar du membre
arl0ng
⭐ Membre VIP donateur ⭐
⭐ Membre VIP donateur ⭐
Messages : 1934
Enregistré le : 13 avr. 2019, 13:03
A remercié : 15 fois
A été remercié : 123 fois

Re: Unbound avec pihole

Message par arl0ng »

Si jamais vous avez des soucis de vérification recaptcha, personnellement j'ai du ajouter gstatic.com en whitelist list sinon je ne voyais même pas le captcha

Envoyé de mon Mi 10T pro en utilisant Tapatalk

Avatar du membre
arl0ng
⭐ Membre VIP donateur ⭐
⭐ Membre VIP donateur ⭐
Messages : 1934
Enregistré le : 13 avr. 2019, 13:03
A remercié : 15 fois
A été remercié : 123 fois

Re: Unbound avec pihole

Message par arl0ng »

Pour info , j'ai upgrade pihole et plus rien ne fonctionnait.
Le port de l'interface admin était revenu à 80 (au lieu de 8093).
Ça j'ai pu rapidement le remettre.

Par contre pihole avait l'air de fonctionner mais j'avais pas les dns Image.

Le soucis était avec unbound.
J'ai réglé le soucis avec :

code : Tout sélectionner

sudo systemctl unmask unbound && sudo systemctl enable unbound

sudo systemctl start unbound
Envoyé de mon Mi 10T pro en utilisant Tapatalk

Ces utilisateurs ont remercié l’auteur arl0ng pour son message :
solar10
Avatar du membre
Mackguil
⭐Modérateur en chef ⭐
⭐Modérateur en chef ⭐
Messages : 17891
Enregistré le : 31 oct. 2017, 18:35
Localisation : Tx
A remercié : 747 fois
A été remercié : 801 fois

Re: Unbound avec pihole

Message par Mackguil »

arl0ng a écrit : 23 janv. 2023, 11:37 Pour info , j'ai upgrade pihole et plus rien ne fonctionnait.
Le port de l'interface admin était revenu à 80 (au lieu de 8093).
Ça j'ai pu rapidement le remettre.

Par contre pihole avait l'air de fonctionner mais j'avais pas les dns Image.

Le soucis était avec unbound.
J'ai réglé le soucis avec :

code : Tout sélectionner

sudo systemctl unmask unbound && sudo systemctl enable unbound

sudo systemctl start unbound
Envoyé de mon Mi 10T pro en utilisant Tapatalk
Bizarre que la configuration ait changé pendant l'upgrade.
Internet: Fiber XS Edpnet 35.95, TV Télésat + Fransat 16 euros, Tél fixe OVH + Betamax 2.5 euros, Mobile orange 1.5 euros, Molotov TV bouquet Extended 9.99.
Merci Edpnet de proposer des tarifs attractifs, pour le téléphone fixe et l'internet.

+-66 euros/mois pour du quadruple play fibré, les alternatives existent, si l'on ajoute l'abonnement mobile Français avec 200 Gigas, minutes et sms illimités, on arrive à 82 euros.il faut juste oser !
Répondre

Créer un compte ou se connecter pour rejoindre la discussion

Vous devez être membre pour pouvoir répondre

Créer un compte

Vous n‘êtes pas membre ? Inscrivez-vous pour rejoindre notre communauté
Les membres peuvent créer leurs propres sujets et s‘abonner à des sujets
C‘est gratuit et cela ne prend qu‘une minute

S’enregistrer

Se connecter