Cloudflared vs. unbound as upstream DNS? And Unbound installation issues

gil80 · October 18, 2020, 3:01pm

pi@raspberry:/etc/unbound $ stat /etc/unbound/unbound.conf
stat: cannot stat '/etc/unbound/unbound.conf': No such file or directory

ls -la

pi@raspberry:/etc/unbound $ ls -la
total 28
drwxr-xr-x   3 root root 4096 Oct 19 01:57 .
drwxr-xr-x 122 root root 4096 Oct 19 01:17 ..
drwxr-xr-x   2 root root 4096 Oct 19 01:54 unbound.conf.d
-rw-r-----   1 root root 2455 Oct 19 01:16 unbound_control.key
-rw-r-----   1 root root 1342 Oct 19 01:16 unbound_control.pem
-rw-r-----   1 root root 2455 Oct 19 01:16 unbound_server.key
-rw-r-----   1 root root 1334 Oct 19 01:16 unbound_server.pem
pi@raspberry:/etc/unbound $

journalctl -u unbound | tail -30

pi@raspberry:/etc/unbound $ journalctl -u unbound | tail -30
Oct 19 01:54:08 raspberry systemd[1]: Stopped Unbound DNS server.
Oct 19 01:54:08 raspberry systemd[1]: Starting Unbound DNS server...
Oct 19 01:54:08 raspberry package-helper[9261]: [1603032848] unbound-checkconf[9263:0] error: Could not open /etc/unbound/unbound.conf: No such file or directory
Oct 19 01:54:08 raspberry package-helper[9264]: [1603032848] unbound-checkconf[9266:0] error: Could not open /etc/unbound/unbound.conf: No such file or directory
Oct 19 01:54:08 raspberry unbound[9267]: [1603032848] unbound[9267:0] error: Could not open /etc/unbound/unbound.conf: No such file or directory
Oct 19 01:54:08 raspberry unbound[9267]: [1603032848] unbound[9267:0] warning: Continuing with default config settings
Oct 19 01:54:08 raspberry unbound[9267]: [1603032848] unbound[9267:0] error: can't bind socket: Address already in use for ::1 port 53
Oct 19 01:54:08 raspberry unbound[9267]: [1603032848] unbound[9267:0] fatal error: could not open ports
Oct 19 01:54:08 raspberry systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE
Oct 19 01:54:08 raspberry systemd[1]: unbound.service: Failed with result 'exit-code'.
Oct 19 01:54:09 raspberry systemd[1]: Failed to start Unbound DNS server.
Oct 19 01:54:09 raspberry systemd[1]: unbound.service: Service RestartSec=100ms expired, scheduling restart.
Oct 19 01:54:09 raspberry systemd[1]: unbound.service: Scheduled restart job, restart counter is at 9.
Oct 19 01:54:09 raspberry systemd[1]: Stopped Unbound DNS server.
Oct 19 01:54:09 raspberry systemd[1]: Starting Unbound DNS server...
Oct 19 01:54:09 raspberry package-helper[9271]: [1603032849] unbound-checkconf[9273:0] error: Could not open /etc/unbound/unbound.conf: No such file or directory
Oct 19 01:54:09 raspberry package-helper[9274]: [1603032849] unbound-checkconf[9276:0] error: Could not open /etc/unbound/unbound.conf: No such file or directory
Oct 19 01:54:09 raspberry unbound[9277]: [1603032849] unbound[9277:0] error: Could not open /etc/unbound/unbound.conf: No such file or directory
Oct 19 01:54:09 raspberry unbound[9277]: [1603032849] unbound[9277:0] warning: Continuing with default config settings
Oct 19 01:54:09 raspberry unbound[9277]: [1603032849] unbound[9277:0] error: can't bind socket: Address already in use for ::1 port 53
Oct 19 01:54:09 raspberry unbound[9277]: [1603032849] unbound[9277:0] fatal error: could not open ports
Oct 19 01:54:09 raspberry systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE
Oct 19 01:54:09 raspberry systemd[1]: unbound.service: Failed with result 'exit-code'.
Oct 19 01:54:09 raspberry systemd[1]: Failed to start Unbound DNS server.
Oct 19 01:54:09 raspberry systemd[1]: unbound.service: Service RestartSec=100ms expired, scheduling restart.
Oct 19 01:54:09 raspberry systemd[1]: unbound.service: Scheduled restart job, restart counter is at 10.
Oct 19 01:54:09 raspberry systemd[1]: Stopped Unbound DNS server.
Oct 19 01:54:09 raspberry systemd[1]: unbound.service: Start request repeated too quickly.
Oct 19 01:54:09 raspberry systemd[1]: unbound.service: Failed with result 'exit-code'.
Oct 19 01:54:09 raspberry systemd[1]: Failed to start Unbound DNS server.

deHakkelaar · October 18, 2020, 3:06pm

File still missing.
Could purge/uninstall unbound but then have to run the whole guide again.
Try create that file:

sudo nano /etc/unbound/unbound.conf

Paste below into that file, save/exit:

# Unbound configuration file for Debian.
#
# See the unbound.conf(5) man page.
#
# See /usr/share/doc/unbound/examples/unbound.conf for a commented
# reference config file.
#
# The following line includes additional configuration files from the
# /etc/unbound/unbound.conf.d directory.
include: "/etc/unbound/unbound.conf.d/*.conf"

Restart:

sudo service unbound restart

And status journals drill again:

systemctl --no-pager --full status unbound

journalctl --no-pager --full -u unbound

gil80 · October 18, 2020, 3:15pm

● unbound.service - Unbound DNS server
   Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor preset:
enabled)
   Active: active (running) since Mon 2020-10-19 02:12:27 AEDT; 13s ago
     Docs: man:unbound(8)
  Process: 10813 ExecStartPre=/usr/lib/unbound/package-helper chroot_setup (code
=exited, status=0/SUCCESS)
  Process: 10816 ExecStartPre=/usr/lib/unbound/package-helper root_trust_anchor_
update (code=exited, status=0/SUCCESS)
 Main PID: 10821 (unbound)
    Tasks: 1 (limit: 2065)
   CGroup: /system.slice/unbound.service
           └─10821 /usr/sbin/unbound -d

Oct 19 02:12:26 raspberry systemd[1]: Starting Unbound DNS server...
Oct 19 02:12:27 raspberry package-helper[10816]: /var/lib/unbound/root.key has c
ontent
Oct 19 02:12:27 raspberry package-helper[10816]: success: the anchor is ok
Oct 19 02:12:27 raspberry unbound[10821]: [10821:0] info: start of service (unbo
und 1.9.0).
Oct 19 02:12:27 raspberry systemd[1]: Started Unbound DNS server.
pi@raspberry:/etc/unbound $

Oct 19 02:11:07 raspberry unbound[10611]: read /etc/unbound/unbound.conf failed:
 3 errors in configuration file
Oct 19 02:11:07 raspberry unbound[10611]: [1603033867] unbound[10611:0] fatal er
ror: Could not read config file: /etc/unbound/unbound.conf. Maybe try unbound -d
d, it stays on the commandline to see more errors, or unbound-checkconf
Oct 19 02:11:07 raspberry systemd[1]: unbound.service: Main process exited, code
=exited, status=1/FAILURE
Oct 19 02:11:07 raspberry systemd[1]: unbound.service: Failed with result 'exit-
code'.
Oct 19 02:11:07 raspberry systemd[1]: Failed to start Unbound DNS server.
Oct 19 02:11:07 raspberry systemd[1]: unbound.service: Service RestartSec=100ms
expired, scheduling restart.
Oct 19 02:11:07 raspberry systemd[1]: unbound.service: Scheduled restart job, re
start counter is at 5.
Oct 19 02:11:07 raspberry systemd[1]: Stopped Unbound DNS server.
Oct 19 02:11:07 raspberry systemd[1]: unbound.service: Start request repeated to
o quickly.
Oct 19 02:11:07 raspberry systemd[1]: unbound.service: Failed with result 'exit-
code'.
Oct 19 02:11:07 raspberry systemd[1]: Failed to start Unbound DNS server.
Oct 19 02:12:21 raspberry systemd[1]: Starting Unbound DNS server...
Oct 19 02:12:21 raspberry package-helper[10701]: /var/lib/unbound/root.key does
not exist, copying from /usr/share/dns/root.key
Oct 19 02:12:22 raspberry package-helper[10701]: /var/lib/unbound/root.key has c
ontent
Oct 19 02:12:22 raspberry package-helper[10701]: success: the anchor is ok
Oct 19 02:12:22 raspberry unbound[10706]: [10706:0] info: start of service (unbo
und 1.9.0).
Oct 19 02:12:22 raspberry systemd[1]: Started Unbound DNS server.
Oct 19 02:12:26 raspberry unbound[10706]: [10706:0] info: service stopped (unbou
nd 1.9.0).
Oct 19 02:12:26 raspberry systemd[1]: Stopping Unbound DNS server...
Oct 19 02:12:26 raspberry systemd[1]: unbound.service: Succeeded.
Oct 19 02:12:26 raspberry systemd[1]: Stopped Unbound DNS server.
Oct 19 02:12:26 raspberry systemd[1]: Starting Unbound DNS server...
Oct 19 02:12:27 raspberry package-helper[10816]: /var/lib/unbound/root.key has c
ontent
Oct 19 02:12:27 raspberry package-helper[10816]: success: the anchor is ok
Oct 19 02:12:27 raspberry unbound[10821]: [10821:0] info: start of service (unbo
und 1.9.0).
Oct 19 02:12:27 raspberry systemd[1]: Started Unbound DNS server.
pi@raspberry:/etc/unbound $

seems to be working now.
Thanks for the help!!

I now need to continue with Pihole configuration.
Can you please refer me to a guide on how to use Unbound with DoT or DoH?

deHakkelaar · October 18, 2020, 3:17pm

No sorry I cant.
I have no use for DoT or DoH.

Bucking_Horn · October 18, 2020, 3:22pm

Refer to Unbound using TLS - not working as recursive DNS server anymore? for a link to a 3rd party guide as well as related discussion.

Consider opening a new topic if you encounter errors when trying to make DoT and unbound work, or reach out to the guide's author.

gil80 · October 18, 2020, 3:25pm

by the way, running these commands:

dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5335
dig sigok.verteiltesysteme.net @127.0.0.1 -p 5335

returned:

pi@raspberry:/etc/unbound $ dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5335

; <<>> DiG 9.11.5-P4-5.1+deb10u2-Raspbian <<>> sigfail.verteiltesysteme.net @127
.0.0.1 -p 5335
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47534
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;sigfail.verteiltesysteme.net.  IN      A

;; ANSWER SECTION:
sigfail.verteiltesysteme.net. 17 IN     A       134.91.78.139

;; Query time: 0 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1)
;; WHEN: Mon Oct 19 02:18:54 AEDT 2020
;; MSG SIZE  rcvd: 73

pi@raspberry:/etc/unbound $ dig sigok.verteiltesysteme.net @127.0.0.1 -p 5335

; <<>> DiG 9.11.5-P4-5.1+deb10u2-Raspbian <<>> sigok.verteiltesysteme.net @127.0
.0.1 -p 5335
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40678
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;sigok.verteiltesysteme.net.    IN      A

;; ANSWER SECTION:
sigok.verteiltesysteme.net. 60  IN      A       134.91.78.139

;; Query time: 255 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1)
;; WHEN: Mon Oct 19 02:19:06 AEDT 2020
;; MSG SIZE  rcvd: 71

no difference.
DNS settings are:
No check on Use DNSSEC
and using Cloudflare DNS
No custom DNS

deHakkelaar · October 18, 2020, 3:35pm

Ok seems more things are messed up somehow.
Try purge/uninstall unbound including config files:

sudo service unbound stop

sudo apt purge unbound

And run the guide again:

gil80 · October 19, 2020, 2:36am

Seems that a lot of the issues I was experiencing were due to a faulty microSD card.
I replaced the microSD card and installed RPiOS, Pihole and Unbound and it seems to work without an issue now.