Cannot bind sockets manual daemon option

pinkyellowed · September 30, 2024, 2:21am

--VMfusion v13.6.0, Ubuntu server v24.04, Pi-holev5.18.3--
i followed the Pi-hole installation guide and continued to the till the end of the installation process skipping the encountered errors, i tried to looking at other posts and tried running exact same troubleshoots but i do not think its my network as i am able to ping whatever sever you wish and able to run 2 out of the 3 dig cmds the following are the errors i encountered:
Input: $ dig fail01.dnssec.works @127.0.0.1 -p 5335

return
;; communications error to 127.0.0.1#5335: timed out ;; communications error to 127.0.0.1#5335: timed out

so i ran
unbound-checkconf
output
unbound-checkconf: no errors in /etc/unbound/unbound.conf
and also ran:
unbound -d
return:

Sep 30 11:14:31 unbound[17713:0] 
warning: so-rcvbuf 1048576 was not granted. Got 425984. 
To fix: start with root permissions(linux) or sysctl bigger net.core.rmem_max(linux) or kern.ipc.maxsockbuf(bsd) values.
Sep 30 11:14:31 unbound[17713:0] error: can't bind socket: Address already in use for 127.0.0.1 port 5335
Sep 30 11:14:31 unbound[17713:0] fatal error: could not open ports

the so-rcvbuf warning is not a issue as i have already edited /etc/sysctl.conf and placed net.core.rmem_max=1048576
inside the file and had the error gone but its back and i think its because of the maybe the binding of the socket error causing it or the fatal error can't open ports.

inputs: nslookup pi-hole.net
returns:

Server: 9.9.9.9
Address: 9.9.9.9#53

Non-authoritative answer:
Name: pi-hole.net
Address: 3.18.136.52

input: nslookup pi-hole.net 8.8.8.8
returns:

Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
Name:	pi-hole.net
Address: 3.18.136.52

inputs:
nslookup ns-407.awsdns-50.com 8.8.8.8
returns:

Server:		8.8.8.8
Address:	8.8.8.8#53
on-authoritative answer:
Name:	ns-407.awsdns-50.com
Address: 205.251.193.151
Name:	ns-407.awsdns-50.com
Address: 2600:9000:5301:9700::1

inputs:
nslookup ns-407.awsdns-50.com 127.0.0.1
returns:

Server:		127.0.0.1
Address:	127.0.0.1#53

Non-authoritative answer:
Name:	ns-407.awsdns-50.com
Address: 205.251.193.151
Name:	ns-407.awsdns-50.com
Address: 2600:9000:5301:9700::1

inputs:
dnslookup -port=5335 ns-407.awsdns-50.com 127.0.0.1
returns:

Address:	127.0.0.1#5335

Non-authoritative answer:
Name:	ns-407.awsdns-50.com
Address: 205.251.193.151
Name:	ns-407.awsdns-50.com
Address: 2600:9000:5301:9700::1

#---the last one i noticed is only one using port 5335---#
#------------------new-----debug---------#
inputs:
sudo grep -v '#|^$' -R /etc/unbound/unbound.conf*
returns:

/etc/unbound/unbound.conf:server:
/etc/unbound/unbound.conf:   include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"
/etc/unbound/unbound.conf.d/remote-control.conf:remote-control:
/etc/unbound/unbound.conf.d/remote-control.conf:  control-enable: yes
/etc/unbound/unbound.conf.d/remote-control.conf:  control-interface: /run/unbound.ctl
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:server:
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:    auto-trust-anchor-file: "/var/lib/unbound/root.key"
/etc/unbound/unbound.conf.d/pi-hole.conf:server:
/etc/unbound/unbound.conf.d/pi-hole.conf:    logfile: "/var/log/unbound/unbound.log"
/etc/unbound/unbound.conf.d/pi-hole.conf:    log-time-ascii: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    verbosity: 0
/etc/unbound/unbound.conf.d/pi-hole.conf:    interface: 127.0.0.1
/etc/unbound/unbound.conf.d/pi-hole.conf:    port: 5335
/etc/unbound/unbound.conf.d/pi-hole.conf:    access-control: 127.0.0.0/8 allow
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-ip4: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-udp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-tcp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:   
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf:    prefer-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf:    harden-glue: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    harden-dnssec-stripped: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    use-caps-for-id: no
/etc/unbound/unbound.conf.d/pi-hole.conf:    edns-buffer-size: 1232
/etc/unbound/unbound.conf.d/pi-hole.conf:    prefetch: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    num-threads: 2
/etc/unbound/unbound.conf.d/pi-hole.conf:    so-rcvbuf: 1m
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 192.168.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 169.254.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 172.16.0.0/12
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 10.0.0.0/8
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: fd00::/8
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: fe80::/10

inputs:
sudo lsof -i :5335
return:

COMMAND   PID    USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
unbound 14133 unbound    3u  IPv4  61996      0t0  UDP localhost:5335 
unbound 14133 unbound    4u  IPv4  61997      0t0  TCP localhost:5335 (LISTEN)
unbound 14133 unbound    5u  IPv4  61998      0t0  UDP localhost:5335 
unbound 14133 unbound    6u  IPv4  61999      0t0  TCP localhost:5335 (LISTEN)

#---in my debug log i noticed /etc/lighttpd/conf.d does not exist, but was able to diagnose its contents---#
#--ipv6 failed to resolve should be fine, as have not config for ipv6---#
my input:
sudo systemctl status unbound.service
return:

Starting unbound.service - Unbound DNS server...
(unbound)[14133]: unbound.service: Referenced but unbound.service: Referenced but unset environment variable evaluates to an empty string: daemon_opts  
warning: so-rcvbuf 1048576 was not granted. Got 425984. To fix: start with root perm 425984. To fix: start with root permissions(linux) or sysctl bigger net.core
warning: so-rcvbuf 1048576 was not granted. Got 425984. To fix: start with root perm 425984. To fix: start with root permissions(linux) or sysctl bigger net.core

input:
sudo lsof -i :53
return

COMMAND     PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
pihole-FT 10357 pihole    4u  IPv4  30704      0t0  UDP *:domain 
pihole-FT 10357 pihole    5u  IPv4  30705      0t0  TCP *:domain (LISTEN)
pihole-FT 10357 pihole    6u  IPv6  30706      0t0  UDP *:domain 
pihole-FT 10357 pihole    7u  IPv6  30707      0t0  TCP *:domain (LISTEN)

#---should i disable system resolve, i know this should be disable on debian but im on ubuntu, and set my nameservers address to also 127.0.0.1---#

#---my expected outcome was to remove the errors, transition from port 53 to 5335, i also ran sudo ufw allow 5335 after running sudo systemctl status unbound.service.
i also tried systemctl edit unbound and changing the $daemon_opts to 5335
but that caused a exit failure error so i reverted
Pi-hole system does match actual IP time ----#

#----much assistance is appreciated---#
--VMfusion v13.6.0, Ubuntu server v24.04, Pi-holev5.18.3---

Debug Token:

https://tricorder.pi-hole.net/b1GXwND5/

pinkyellowed · September 30, 2024, 5:59pm

edit** i just realized pi-hole and unbound are working properly lol.
pihole on port 53 forwarding to port 5335 and then back to port 53.

so the error is no issue in terms of trying to bind to same port twice.
so i'm checking for duplicate confs
and made subtle changes to /etc/unbound/unbound.conf.d/pi-hole.conf
the change:
num-threads: 2
back to:
num-threads: 1
i just wanted to see if /etc/unbound/unbound.conf.d/*.conf
was getting populated from changes made from: /etc/unbound/unbound.conf.d/pi-hole.conf
it is true.

my updated question: do i ignore the unbound -d errors, i'm still getting the so-rcvbuf warning despite making changes to /etc/sysctl.conf file
i tried rebooting and sudo systcl -p
also the daemon_opts should this be ignored, because i tried overriding it to 5335
via sudo systemctl edit unbound

input:
ExecStart= ExecStart=/usr/sbin/unbound -d -p 5335

expected outcome
daemon_opts error gone

actual outcome
i crashed unbound causing it not to function lol so i reverted

pinkyellowed · September 30, 2024, 6:53pm

fix the warning so-rcvbuf

it was a typo

pinkyellowed · September 30, 2024, 8:58pm

i don't know what, but i been trying to to throw stuff at the wall
ended up looking at /var/lib/unbound/root.key file for anything..
closed it
and tried dig fail01.dnssec.works @127.0.0.1 -p 5335
again and again
(i also previously went into the /etc/systemd/resolved.conf file and uncommented DNSSEC=NO to yes.
sudo systemctl restart systemd-resolved)
return:
SERVFAIL

pinkyellowed · September 30, 2024, 9:58pm

ok im back. is this a issue with my internet connection, because dig fail01.dnssec.works @127.0.0.1 -p 5335
timed out again.
all i did was added more dns servers as back ups.
and then i reverted

pinkyellowed · October 1, 2024, 11:37pm

closing this.
its a unbound issue

pinkyellowed · October 2, 2024, 12:25am

for anyone that runs into this i had a look at nlnetlabs document on time out NLnet Labs Documentation - Unbound - Unbound Timeout Information
and checked the servers
https://dnssec-analyzer.verisignlabs.com/

what i gleaned is that the server may be experience high queries...

so i ran top and i ssh into macos terminal
and ran 2 digs
the ones that work as a barometer to see high much system load is getting chewed, cpu top output was 0.3 was pthe output in digs that work.
and then all of a sudden the dig fail01 - the highly sensitive network test seem it have worked but at a lower load. 0.1

i don't think this a sever getting alot of requests...

so i assume its my unstable internet connection

system · October 23, 2024, 12:26am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.