API tools faq
paste
Guest User

Pi-OS Bullseye plus Pi-hole and Unbound

a guest
Dec 23rd, 2021
118
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 5.17 KB | None | 0 0
raw download clone embed print report
  1. # @laptop
  2.  
  3. cd ~
  4.  
  5. wget https://downloads.raspberrypi.org/raspios_lite_armhf/images/raspios_lite_armhf-2021-11-08/2021-10-30-raspios-bullseye-armhf-lite.zip -O raspbian_lite_latest.zip
  6.  
  7. zipinfo raspbian_lite_latest.zip
  8.  
  9. unzip raspbian_lite_latest.zip
  10.  
  11. lsblk
  12.  
  13. umount /media/dehakkelaar/rootfs /media/dehakkelaar/boot
  14.  
  15. sudo dd status=progress bs=4M conv=fsync if=2021-10-30-raspios-bullseye-armhf-lite.img of=/dev/sdb
  16.  
  17. sync
  18.  
  19. rm 2021-10-30-raspios-bullseye-armhf-lite.img
  20.  
  21. lsblk
  22.  
  23. sudo mount /dev/sdb1 /mnt/tmp
  24.  
  25. sudo touch /mnt/ssh
  26.  
  27. sudo umount /mnt
  28.  
  29. sudo mount /dev/sdb2 /mnt
  30.  
  31. sudo nano /mnt/tmp/etc/dhcpcd.conf
  32. "
  33. [..]
  34. interface eth0
  35.  static ip_address=10.0.0.4/24
  36.  static routers=10.0.0.1
  37.  static domain_name=home.dehakkelaar.nl
  38.  static domain_name_servers=10.0.0.1
  39. "
  40.  
  41. sync
  42.  
  43. sudo umount /mnt
  44.  
  45. ping 10.0.0.4
  46.  
  47. ssh pi@10.0.0.4  # pi / raspberry
  48.  
  49. # @Raspberry Pi
  50.  
  51. passwd
  52.  
  53. sudo dpkg-reconfigure tzdata
  54.  
  55. sudo hostnamectl set-hostname ph5b
  56.  
  57. sudo sed -i 's/^127.0.1.1/#127.0.1.1/' /etc/hosts
  58.  
  59. sudo tee -a /etc/hosts <<< "127.0.1.1      $(hostname).home.dehakkelaar.nl  $(hostname)"
  60.  
  61. sudo systemctl disable alsa-restore alsa-state avahi-daemon.service wpa_supplicant
  62.  
  63. sudo systemctl stop alsa-restore alsa-state avahi-daemon.service wpa_supplicant
  64.  
  65. ssh-keygen
  66.  
  67. nano ~/.ssh/authorized_keys2
  68.  
  69. tee ~/.bash_aliases <<< $"alias ll='ls -al --color'"
  70.  
  71. . ~/.bash_aliases
  72.  
  73. sudo apt update && sudo apt upgrade
  74.  
  75. sudo reboot
  76.  
  77. ping 10.0.0.4
  78.  
  79. ssh pi@10.0.0.4
  80.  
  81. timedatectl
  82.  
  83. hostname
  84.  
  85. hostname -f
  86.  
  87. dnsdomainname
  88.  
  89. hostname -i
  90.  
  91. hostname -I
  92.  
  93. sudo apt install apt-file dnsmasq-base mc nmap screen tcpdump tree whois
  94.  
  95. sudo apt-file update
  96.  
  97. curl -sSL https://install.pi-hole.net | bash
  98.  
  99. pihole -a -p
  100.  
  101. sudo tee /etc/dnsmasq.d/10-dhcp-dns.conf <<< $'dhcp-option=option:dns-server,0.0.0.0,0.0.0.0,0.0.0.0'
  102.  
  103. pihole-FTL --test
  104.  
  105. sudo service pihole-FTL reload
  106.  
  107. pihole status
  108.  
  109. host ph5b ph5b
  110.  
  111. host pi.hole $(hostname -i)
  112.  
  113. host pi.hole $(hostname -I)
  114.  
  115. host flurry.com $(hostname -I)
  116.  
  117. host pi-hole.net $(hostname -I)
  118.  
  119. curl -I http://$(hostname -i)/admin/
  120.  
  121. nc localhost 4711 <<< $'>stats >quit'
  122.  
  123. sudo apt install unbound
  124.  
  125. sudo systemctl disable unbound-resolvconf
  126.  
  127. sudo sed -i 's\^unbound_conf=\#unbound_conf=\g' /etc/resolvconf.conf
  128.  
  129. sudo rm /etc/unbound/unbound.conf.d/resolvconf_resolvers.conf
  130.  
  131. sudo service dhcpcd restart
  132.  
  133. sudo nano /etc/unbound/unbound.conf.d/pi-hole.conf
  134. "
  135. server:
  136.    # If no logfile is specified, syslog is used
  137.    # logfile: "/var/log/unbound/unbound.log"
  138.    verbosity: 0
  139.  
  140.    interface: 127.0.0.1
  141.    port: 5335
  142.    do-ip4: yes
  143.    do-udp: yes
  144.    do-tcp: yes
  145.  
  146.    # May be set to yes if you have IPv6 connectivity
  147.    do-ip6: no
  148.  
  149.    # You want to leave this to no unless you have *native* IPv6. With 6to4 and
  150.    # Terredo tunnels your web browser should favor IPv4 for the same reasons
  151.    prefer-ip6: no
  152.  
  153.    # Use this only when you downloaded the list of primary root servers!
  154.    # If you use the default dns-root-data package, unbound will find it automatically
  155.    #root-hints: "/var/lib/unbound/root.hints"
  156.  
  157.    # Trust glue only if it is within the server's authority
  158.    harden-glue: yes
  159.  
  160.    # Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
  161.    harden-dnssec-stripped: yes
  162.  
  163.    # Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes
  164.    # see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
  165.    use-caps-for-id: no
  166.  
  167.    # Reduce EDNS reassembly buffer size.
  168.    # Suggested by the unbound man page to reduce fragmentation reassembly problems
  169.    edns-buffer-size: 1472
  170.  
  171.    # Perform prefetching of close to expired message cache entries
  172.    # This only applies to domains that have been frequently queried
  173.    prefetch: yes
  174.  
  175.    # One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.
  176.    num-threads: 1
  177.  
  178.    # Ensure kernel buffer is large enough to not lose messages in traffic spikes
  179.    so-rcvbuf: 1m
  180.  
  181.    # Ensure privacy of local IP ranges
  182.    private-address: 192.168.0.0/16
  183.    private-address: 169.254.0.0/16
  184.    private-address: 172.16.0.0/12
  185.    private-address: 10.0.0.0/8
  186.    private-address: fd00::/8
  187.    private-address: fe80::/10
  188. "
  189.  
  190. sudo tee /etc/unbound/unbound.conf.d/remote-control.conf <<< $'remote-control:\n    control-enable: yes'
  191.  
  192. sudo service unbound restart
  193.  
  194. sudo reboot
  195.  
  196. cat /etc/resolv.conf
  197.  
  198. dig +short @localhost -p 53 chaos txt version.bind
  199.  
  200. dig +short @localhost -p 53 chaos txt servers.bind
  201.  
  202. dig +short @localhost -p 5335 chaos txt version.bind
  203.  
  204. dig +noall +comments +answer @localhost -p 5335 sigfail.verteiltesysteme.net
  205.  
  206. dig +noall +comments +answer @localhost -p 5335 sigok.verteiltesysteme.net
  207.  
  208. dig +short @localhost -p 5335 in a pi-hole.net
  209.  
  210. sudo unbound-control list_forwards
  211.  
  212. sudo unbound-control lookup pi-hole.net
  213.  
  214. # http://10.0.0.4/admin/settings.php?tab=dns
  215. # Custom 1 (IPv4): 127.0.0.1#5335
  216.  
  217. host pi-hole.net $(hostname -I)
  218.  
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!