From 78b3d4babf2bd1914303c491f732dfd58db3cfd2 Mon Sep 17 00:00:00 2001
From: Rob Gill <rrobgill@protonmail.com>
Date: Wed, 26 Nov 2025 17:52:13 +1000
Subject: [PATCH] Update unbound guide (#1318)

Signed-off-by: Rob Gill <rrobgill@protonmail.com>
Co-authored-by: yubiuser <github@yubiuser.dev>
---
 docs/guides/dns/unbound.md | 35 ++++++++++++++++++++++++++++++++---
 1 file changed, 32 insertions(+), 3 deletions(-)

diff --git a/docs/guides/dns/unbound.md b/docs/guides/dns/unbound.md
index 436fc10..d1c435c 100644
--- a/docs/guides/dns/unbound.md
+++ b/docs/guides/dns/unbound.md
@@ -76,9 +76,9 @@ Highlights:
 - Verify DNSSEC signatures, discarding BOGUS domains
 - Apply a few security and privacy tricks
 
-`/etc/unbound/unbound.conf.d/pi-hole.conf`:
+(Note that for some Red Hat based distros including CentOS up to v10, the path for the `pi-hole.conf` file may be `/etc/unbound/conf.d/pi-hole.conf`)
 
-```yaml
+```yaml title="/etc/unbound/unbound.conf.d/pi-hole.conf"
 server:
     # If no logfile is specified, syslog is used
     # logfile: "/var/log/unbound/unbound.log"
@@ -269,6 +269,27 @@ Lastly, restart unbound:
 sudo service unbound restart
 ```
 
+### Verifying that Pi-hole is querying unbound as its upstream
+
+Query a dns using `dig`:
+
+```bash
+dig en.wikipedia.org @127.0.0.1
+```
+
+Then view Pi-hole's log file, follow a query seeing it sent to and receiving a reply from 127.0.0.1#5335 such as below:
+
+```bash
+sudo tail /var/log/pihole/pihole.log
+
+Nov 24 11:57:47 dnsmasq[973]: query[A] en.wikipedia.org from 127.0.0.1
+Nov 24 11:57:47 dnsmasq[973]: forwarded en.wikipedia.org to 127.0.0.1#5335
+Nov 24 11:57:47 dnsmasq[973]: reply en.wikipedia.org is <CNAME>
+Nov 24 11:57:47 dnsmasq[973]: reply dyna.wikimedia.org is 103.102.166.224
+```
+
+If you see the reply to queries from 127.0.0.1#5335, then Pi-hole is using unbound as its upstream.
+
 ### Common Issues & Troubleshooting
 
 #### Fix `so-rcvbuf` warning in unbound
@@ -299,7 +320,7 @@ To fix it:
     sudo sysctl -w net.core.rmem_max=1048576
     ```
 
-3. Make it permanent. Edit `/etc/sysctl.conf` and add or edit the line:
+3. Make it permanent. Edit `/etc/sysctl.d/99-unbound.conf` (or on old systems eg Debian ≤ 12 edit `/etc/sysctl.conf`) and add or edit the line:
 
     ```bash
     net.core.rmem_max=1048576
@@ -307,6 +328,14 @@ To fix it:
 
 4. Save and apply:
 
+    On up to date systems (eg Debian 13)
+
+    ```bash
+    sudo systemctl restart systemd-sysctl
+    ```
+
+    Older systems (eg Debian ≤ 12)
+
     ```bash
     sudo sysctl -p
     ```