search

chriscrowe / docker-pihole-unbound

Run Pi-Hole + Unbound on Docker
1.08k stars 282 forks source link

Testing Unbound #89

Closed C8opmBM closed 2 years ago

C8opmBM commented 2 years ago

Hello, I don't know if this is how it's supposed to work, but I need some clarifications, for my peace of mind. Pihole is working, blocking as intended, however, how can I be sure the unbound server is doing what's supposed to do?

Testing unbound with the suggested methods from the server's ip, all tests fail 

dig pi-hole.net @127.0.0.1 -p 5335

; <<>> DiG 9.11.5-P4-5.1+deb10u6-Debian <<>> pi-hole.net @127.0.0.1 -p 5335
;; global options: +cmd
;; connection timed out; no servers could be reached

dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5353

; <<>> DiG 9.11.5-P4-5.1+deb10u6-Debian <<>> sigfail.verteiltesysteme.net @127.0.0.1 -p 5353
;; global options: +cmd
;; connection timed out; no servers could be reached

dig sigok.verteiltesysteme.net @127.0.0.1 -p 5335

; <<>> DiG 9.11.5-P4-5.1+deb10u6-Debian <<>> sigok.verteiltesysteme.net @127.0.0.1 -p 5335
;; global options: +cmd
;; connection timed out; no servers could be reached

nslookup pi-hole.net
Server:         192.168.1.1  (instead of 127.0.0.1)
Address:        192.168.1.1#53 (instead of 127.0.0.1#53)

Non-authoritative answer:
Name:   pi-hole.net
Address: 3.18.136.52

Also I get these messages:

OK, sent to localhost#5335
INSECURE

OK, answered by localhost#5335
INSECURE

OK (already forwarded)
INSECURE

Is my container working as it should? I know that pihole is ok, but does the unbound is working as recursive and protects my privacy as it should? Sorry for the nooby questions, but after all tests failed, I got a bit suspicious. Thank you.

LE: Executing the command INSIDE the container works. But outside (on the server) all commands fail.

root@d03b65fc43da:/# dig sigok.verteiltesysteme.net @127.0.0.1 -p 5335

; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> sigok.verteiltesysteme.net @127.0.0.1 -p 5335
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44799
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;sigok.verteiltesysteme.net.    IN      A

;; ANSWER SECTION:
sigok.verteiltesysteme.net. 60  IN      A       134.91.78.139

;; Query time: 35 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1)
;; WHEN: Tue Dec 21 01:21:17 EET 2021
;; MSG SIZE  rcvd: 71

LE2: Nerver mind, it works as intended, checked the dnsleak.com I have same dns as my ip. Also ping whoami.akamai.net resolves my ip. Please delete. Thank you!!

chriscrowe commented 2 years ago

Yes this is functioning as intended-- the 5335 port that Unbound is using is not exposed outside the container (on purpose) so you won't be able to resolve hostnames using that port unless you're using a shell inside the container.