Hardware:
Raspberry pi 4
Raspberry OS lite 64
I have a simple pi-hole & unbound combination, But i need to aprimore and implement DoT, How can i do this?
Add these lines to your existing Pi-hole unbound configuration file:
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
forward-zone:
name: "."
forward-tls-upstream: yes
# Quad9
forward-addr: 9.9.9.9@853#dns.quad9.net
forward-addr: 149.112.112.112@853#dns.quad9.net
Then restart unbound.
When i try Restart unbound i got this error:
guardian@networkGuardian:/etc/unbound/unbound.conf.d $ sudo systemctl restart unbound
Job for unbound.service failed because the control process exited with error code.
See "systemctl status unbound.service" and "journalctl -xeu unbound.service" for details.
What did these show?
When i executed systemctl status unbound.service
guardian@networkGuardian:/etc/unbound/unbound.conf.d $ systemctl status unbound.service
× unbound.service - Unbound DNS server
Loaded: loaded (/lib/systemd/system/unbound.service; enabled; preset: enabled)
Active: failed (Result: exit-code) since Sun 2023-12-31 17:18:04 -03; 9s ago
Duration: 3h 8min 9.365s
Docs: man:unbound(8)
Process: 272531 ExecStartPre=/usr/libexec/unbound-helper chroot_setup (code=exited, status=1/FAILURE)
Process: 272533 ExecStartPre=/usr/libexec/unbound-helper root_trust_anchor_update (code=exited, status=1/FAILURE)
Process: 272535 ExecStart=/usr/sbin/unbound -d -p $DAEMON_OPTS (code=exited, status=1/FAILURE)
Process: 272537 ExecStopPost=/usr/libexec/unbound-helper chroot_teardown (code=exited, status=1/FAILURE)
Main PID: 272535 (code=exited, status=1/FAILURE)
CPU: 72ms
Dec 31 17:18:04 networkGuardian systemd[1]: unbound.service: Scheduled restart job, restart counter is at 5.
Dec 31 17:18:04 networkGuardian systemd[1]: Stopped unbound.service - Unbound DNS server.
Dec 31 17:18:04 networkGuardian systemd[1]: unbound.service: Start request repeated too quickly.
Dec 31 17:18:04 networkGuardian systemd[1]: unbound.service: Failed with result 'exit-code'.
Dec 31 17:18:04 networkGuardian systemd[1]: Failed to start unbound.service - Unbound DNS server.
When i executed journalctl -xeu unbound.service
guardian@networkGuardian:/etc/unbound/unbound.conf.d $ journalctl -xeu unbound.service
░░ Subject: Automatic restarting of a unit has been scheduled
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ Automatic restarting of the unit unbound.service has been scheduled, as the result for
░░ the configured Restart= setting for the unit.
Dec 31 17:18:04 networkGuardian systemd[1]: Stopped unbound.service - Unbound DNS server.
░░ Subject: A stop job for unit unbound.service has finished
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A stop job for unit unbound.service has finished.
░░
░░ The job identifier is 26086 and the job result is done.
Dec 31 17:18:04 networkGuardian systemd[1]: unbound.service: Start request repeated too quickly.
Dec 31 17:18:04 networkGuardian systemd[1]: unbound.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit unbound.service has entered the 'failed' state with result 'exit-code'.
Dec 31 17:18:04 networkGuardian systemd[1]: Failed to start unbound.service - Unbound DNS server.
░░ Subject: A start job for unit unbound.service has failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit unbound.service has finished with a failure.
░░
░░ The job identifier is 26086 and the job result is failed.
And i need to comment the DoT setup for public this, because without the comment i cant access internet.
Do you have this file in place? If so, does it have certifcate contents listed?
Here's an example from my Pi:
ls -lha /etc/ssl/certs/ca-certificates.crt
-rw-r--r-- 1 root root 209K Jun 5 2023 /etc/ssl/certs/ca-certificates.crt
No, I have no one certificates, how can i generate one without pay or have a domain?
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.