I have a problem to install unbound. I followed the guide from wiki step by step

Help
1

Please follow the below template, it will help us to help you!

Expected Behaviour:

[I have a problem to install unbound. I followed the guide from wiki step by step Redirecting...]

Actual Behaviour:

journalctl -u unbound
-- Logs begin at Wed 2018-10-31 16:58:48 CST, end at Wed 2018-10-31 17:46:39 CST. --
Oct 31 17:10:02 dns systemd[1]: Starting Unbound DNS server...
Oct 31 17:10:02 dns package-helper[10966]: /var/lib/unbound/root.key does not exist, copying from /usr/share/dns/root.key
Oct 31 17:10:03 dns package-helper[10966]: /var/lib/unbound/root.key has content
Oct 31 17:10:03 dns package-helper[10966]: success: the anchor is ok
Oct 31 17:10:03 dns unbound[10971]: [1540977003] unbound[10971:0] error: can't bind socket: Address already in use for ::1
Oct 31 17:10:03 dns unbound[10971]: [1540977003] unbound[10971:0] fatal error: could not open ports
Oct 31 17:10:03 dns systemd[1]: **unbound.service: Main process exited, code=exited, status=1/FAILURE**
Oct 31 17:10:03 dns systemd[1]: **unbound.service: Failed with result 'exit-code'.**
Oct 31 17:10:03 dns systemd[1]: **Failed to start Unbound DNS server.**
Oct 31 17:10:03 dns systemd[1]: unbound.service: Service hold-off time over, scheduling restart.
Oct 31 17:10:03 dns systemd[1]: unbound.service: Scheduled restart job, restart counter is at 1.
Oct 31 17:10:03 dns systemd[1]: Stopped Unbound DNS server.
Oct 31 17:10:03 dns systemd[1]: Starting Unbound DNS server...
Oct 31 17:10:04 dns package-helper[11049]: /var/lib/unbound/root.key has content
Oct 31 17:10:04 dns package-helper[11049]: success: the anchor is ok
Oct 31 17:10:04 dns unbound[11145]: [1540977004] unbound[11145:0] error: can't bind socket: Address already in use for ::1
Oct 31 17:10:04 dns unbound[11145]: [1540977004] unbound[11145:0] fatal error: could not open ports
Oct 31 17:10:04 dns systemd[1]: **unbound.service: Main process exited, code=exited, status=1/FAILURE**
Oct 31 17:10:04 dns systemd[1]: **unbound.service: Failed with result 'exit-code'.**
Oct 31 17:10:04 dns systemd[1]: **Failed to start Unbound DNS server.**
Oct 31 17:10:05 dns systemd[1]: unbound.service: Service hold-off time over, scheduling restart.
Oct 31 17:10:05 dns systemd[1]: unbound.service: Scheduled restart job, restart counter is at 2.
Oct 31 17:10:05 dns systemd[1]: Stopped Unbound DNS server.
Oct 31 17:10:05 dns systemd[1]: Starting Unbound DNS server...
Oct 31 17:10:05 dns package-helper[11222]: /var/lib/unbound/root.key has content
Oct 31 17:10:05 dns package-helper[11222]: success: the anchor is ok
Oct 31 17:10:05 dns unbound[11267]: [1540977005] unbound[11267:0] error: can't bind socket: Address already in use for ::1
Oct 31 17:10:05 dns unbound[11267]: [1540977005] unbound[11267:0] fatal error: could not open ports
Oct 31 17:10:05 dns systemd[1]: **unbound.service: Main process exited, code=exited, status=1/FAILURE**
Oct 31 17:10:05 dns systemd[1]: **unbound.service: Failed with result 'exit-code'.**
Oct 31 17:10:05 dns systemd[1]: **Failed to start Unbound DNS server.**
Oct 31 17:10:06 dns systemd[1]: unbound.service: Service hold-off time over, scheduling restart.
Oct 31 17:10:06 dns systemd[1]: unbound.service: Scheduled restart job, restart counter is at 3.
Oct 31 17:10:06 dns systemd[1]: Stopped Unbound DNS server.
Oct 31 17:10:06 dns systemd[1]: Starting Unbound DNS server...
Oct 31 17:10:06 dns package-helper[11337]: /var/lib/unbound/root.key has content
Oct 31 17:10:06 dns package-helper[11337]: success: the anchor is ok
Oct 31 17:10:06 dns unbound[11370]: [1540977006] unbound[11370:0] error: can't bind socket: Address already in use for ::1
Oct 31 17:10:06 dns unbound[11370]: [1540977006] unbound[11370:0] fatal error: could not open ports
Oct 31 17:10:06 dns systemd[1]: **unbound.service: Main process exited, code=exited, status=1/FAILURE**
Oct 31 17:10:06 dns systemd[1]: **unbound.service: Failed with result 'exit-code'.**
Oct 31 17:10:06 dns systemd[1]: **Failed to start Unbound DNS server.**
Oct 31 17:10:07 dns systemd[1]: unbound.service: Service hold-off time over, scheduling restart.
Oct 31 17:10:07 dns systemd[1]: unbound.service: Scheduled restart job, restart counter is at 4.
Oct 31 17:10:07 dns systemd[1]: Stopped Unbound DNS server.]_

Debug Token:

[debug token is: b0bnytfzee]

2

What is the output of this command from the Pi-Hole host terminal?

cat /etc/unbound/unbound.conf.d/pi-hole.conf

3

seems that whatever you use for your ubound port, is already taken.

Did you use port 5353 in the configuration of unbound?

5

Please check the information below:

server:
    logfile: "/var/log/unbound/unbound.log"
    verbosity: 0

    port: 5353
    do-ip4: yes
    do-udp: yes
    do-tcp: yes

    # May be set to yes if you have IPv6 connectivity
    do-ip6: no

    # Use this only when you downloaded the list of primary root servers!
    root-hints: "/var/lib/unbound/root.hints"

    # Trust glue only if it is within the servers authority
    harden-glue: yes

    # Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
    harden-dnssec-stripped: yes

    # Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes
    # see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
    use-caps-for-id: no

    # Reduce EDNS reassembly buffer size.
    # Suggested by the unbound man page to reduce fragmentation reassembly problems
    edns-buffer-size: 1472

    # TTL bounds for cache
    cache-min-ttl: 3600
    cache-max-ttl: 86400

    # Perform prefetching of close to expired message cache entries
    # This only applies to domains that have been frequently queried
    prefetch: yes

    # One thread should be sufficient, can be increased on beefy machines
    num-threads: 1

    # Ensure kernel buffer is large enough to not loose messages in traffic spikes
    so-rcvbuf: 1m

    # Ensure privacy of local IP ranges
    private-address: 192.168.0.0/16
    private-address: 169.254.0.0/16
    private-address: 172.16.0.0/12
    private-address: 10.0.0.0/8
    private-address: fd00::/8
    private-address: fe80::/10
6

Please take a look at the contents of the unbound pi-hole.conf that I replied to @jfb. Any problem?

7

By the way, please check it out.when i use unbound -d -v

**pi@dns** : **~** $ unbound -d -v
[1541034848] unbound[8314:0] notice: Start of unbound 1.6.7.
[1541034848] unbound[8314:0] warning: so-rcvbuf 1048576 was not granted. Got 425984. To fix: start with root permissions(linux) or sysctl bigger net.core.rmem_max(linux) or kern.ipc.maxsockbuf(bsd) values.
[1541034848] unbound[8314:0] error: Error for server-cert-file: /etc/unbound/unbound_server.pem
[1541034848] unbound[8314:0] error: Error in SSL_CTX use_certificate_chain_file crypto error:0200100D:system library:fopen:Permission denied
[1541034848] unbound[8314:0] error: and additionally crypto error:20074002:BIO routines:file_ctrl:system lib
[1541034848] unbound[8314:0] error: and additionally crypto error:140DC002:SSL routines:use_certificate_chain_file:system lib
[1541034848] unbound[8314:0] fatal error: could not set up remote-control
8

I don't see a problem. It matches the guide.

9

Yes. The configuration of the guide was copied. But the unbound service just can't start.

11

What is the output of this command:

sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:471 \|:5353'
1 Like
13

please check:

root@dns:/home/pi# sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:471 \|:5353'
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      1177/pihole-FTL     
tcp        0      0 192.168.1.4:53          0.0.0.0:*               LISTEN      1177/pihole-FTL     
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      986/lighttpd        
tcp6       0      0 ::1:53                  :::*                    LISTEN      1177/pihole-FTL     
tcp6       0      0 fe80::20c:29ff:fe33::53 :::*                    LISTEN      1177/pihole-FTL     
tcp6       0      0 :::80                   :::*                    LISTEN      986/lighttpd        
udp    22272      0 127.0.0.1:53            0.0.0.0:*                           1177/pihole-FTL     
udp     8448      0 192.168.1.4:53          0.0.0.0:*                           1177/pihole-FTL     
udp6       0      0 ::1:53                  :::*                                1177/pihole-FTL     
udp6       0      0 fe80::20c:29ff:fe33::53 :::*                                1177/pihole-FTL
14

Try reboot, it get that error sometime too.

15

Thank you. I have been rebooting repeatedly since yesterday, but the problem has not been solved.

19

Reinstall ubuntu, pihole, unbound. Pihole is working fine. The unbound service still fails to start.

20

No way to correct the problem. So I can only give up unbound. Changed to other programs.

22

hmm did your pihole web interface look like this?

%CE%A3%CF%84%CE%B9%CE%B3%CE%BC%CE%B9%CF%8C%CF%84%CF%85%CF%80%CE%BF%20%CE%BF%CE%B8%CF%8C%CE%BD%CE%B7%CF%82_2018-11-03_12-56-42

23

Once again, force the following optional content to be forced once. Some are normal.
Optional: Download the list of primary root servers (serving the domain .). Unbound ships its own list but we can also download the most recent list and update it whenever we think it is a good idea. Note: there is no point in doing It more often then every 6 months.

Wget -O root.hints https://www.internic.net/domain/named.root
Sudo mv root.hints /var/lib/unbound/

24

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.