New unbound installation bound to port 53

microm3gaas · January 25, 2020, 6:16pm

Please follow the below template, it will help us to help you!

Expected Behaviour:

Unbound to be running utilizing pi-hole.conf

Actual Behaviour:

Unbound is bout to port 53 resulting in lost API connection to pihole. Unbound.conf is not created on system,

Debug Token:

vqpmb47vwj

During the installation of unbound, following this guide: Redirecting... I created the pi-hole.conf.

When I start unbound, intially it will not restore so I reboot my pi and then check unbound:

systemctl status unbound:

● unbound.service - Unbound DNS server
   Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2020-01-25 11:56:27 CST; 15min ago
     Docs: man:unbound(8)
  Process: 605 ExecStartPre=/usr/lib/unbound/package-helper root_trust_anchor_update (code=exited, status=1/FAILURE)
  Process: 583 ExecStartPre=/usr/lib/unbound/package-helper chroot_setup (code=exited, status=1/FAILURE)
 Main PID: 616 (unbound)
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/unbound.service
           └─616 /usr/sbin/unbound -d

Jan 25 11:56:27 buzzard systemd[1]: Starting Unbound DNS server...
Jan 25 11:56:27 buzzard package-helper[583]: [1579974987] unbound-checkconf[589:0] error: Could not open /etc/unbound/unbound.conf: No such file or directory
Jan 25 11:56:27 buzzard package-helper[605]: [1579974987] unbound-checkconf[611:0] error: Could not open /etc/unbound/unbound.conf: No such file or directory
Jan 25 11:56:27 buzzard systemd[1]: Started Unbound DNS server.
Jan 25 11:56:28 buzzard unbound[616]: [1579974988] unbound[616:0] error: Could not open /etc/unbound/unbound.conf: No such file or directory
Jan 25 11:56:28 buzzard unbound[616]: [1579974988] unbound[616:0] warning: Continuing with default config settings
Jan 25 11:56:28 buzzard unbound[616]: [616:0] notice: init module 0: validator
Jan 25 11:56:28 buzzard unbound[616]: [616:0] notice: init module 1: iterator
Jan 25 11:56:28 buzzard unbound[616]: [616:0] info: start of service (unbound 1.6.0).

performing: unbound-checkconf results in this, which tells me this does not exist and I should therefore create it?

[1579976024] unbound-checkconf[4278:0] error: Could not open /etc/unbound/unbound.conf: No such file or directory

I seem to be missing that step to create the unbound.conf. Am I missing a step following the guide, or is there another process that should have created that file?

I have searched around, apologize if I have missed a proper thread, but could I have advice on creating that file, or an example to look at. Stil sort of in the toddler steps of this process....

Thank you.

jfb · January 25, 2020, 6:30pm

With the Pi-Hole guide for installing unbound, you create a new file at /etc/unbound/unbound.conf.d/pi-hole.conf

The file /etc/unbound/unbound.conf is simply a pointer to use all the configuration files in the unbound.conf.d directory, and should not be modified by you.

Here's the layout of the /etc/unbound directory:

ls -lha /etc/unbound
total 40K
drwxr-xr-x   3 root root 4.0K Oct 28 07:15 .
drwxr-xr-x 134 root root  12K Jan 25 12:10 ..
-rw-r--r--   1 root root  332 Feb 19  2017 unbound.conf
drwxr-xr-x   2 root root 4.0K Oct 28 07:15 unbound.conf.d
-rw-------   1 root root 2.4K Oct 26  2018 unbound_control.key
-rw-r-----   1 root root 1.3K Oct 26  2018 unbound_control.pem
-rw-------   1 root root 2.5K Oct 26  2018 unbound_server.key
-rw-r-----   1 root root 1.3K Oct 26  2018 unbound_server.pem

cd unbound.conf.d

pi@Pi-3B-DEV:/etc/unbound/unbound.conf.d $ ls -lha

total 20K
drwxr-xr-x 2 root root 4.0K Oct 28 07:15 .
drwxr-xr-x 3 root root 4.0K Oct 28 07:15 ..
-rw-r--r-- 1 root root 2.0K Apr 22 2019 pi-hole.conf
-rw-r--r-- 1 root root 302 Feb 19 2017 qname-minimisation.conf
-rw-r--r-- 1 root root 190 Feb 19 2017 root-auto-trust-anchor-file.conf

cat /etc/unbound/unbound.conf

# Unbound configuration file for Debian.
# See the unbound.conf(5) man page.
#
# See /usr/share/doc/unbound/examples/unbound.conf for a commented
# reference config file.
#
# The following line includes additional configuration files from the
# /etc/unbound/unbound.conf.d directory.
include: "/etc/unbound/unbound.conf.d/*.conf"

The new file you make at /etc/unbound/unbound.conf.d/pi-hole.conf contains the configuration lines from the Pi-Hole setup guide, including the custom port 5353. Once this file is in place, and if the original unbound.conf file shown above is in place, then unbound will read the proper configuration.

microm3gaas · January 25, 2020, 6:49pm

Thank you, so did I need to create that file (which I have just done) or should that have been created during installation of unbound?

That's my confusion, I don't see creating the file referenced in guide or the other references I have searched on.

deHakkelaar · January 25, 2020, 7:00pm

Check if its suppose to be contained in the unbound package:

pi@noads:~ $ dpkg -S /etc/unbound/unbound.conf
unbound: /etc/unbound/unbound.conf

If not, your distro might deviate from the other common distro's like Raspbian, Debian, Ubuntu etc.

lsb_release -a

hostnamectl

sudo grep -v '^\s*#\|^$' -R /etc/apt/sources.list*

If it should be in the unbound package, something might have held back this config file during installation.
Usually purging/uninstalling the package and reinstalling it should fix:

sudo dpkg -P unbound

sudo apt install --reinstall unbound

Ps. this purging will remove the folder /etc/unbound and subfolders/config files contained within.

EDIT: added apt sources to identify distro.

jfb · January 25, 2020, 7:07pm

Which file? You do have to create a new pi-hole.conf file in the correct directory, but the other unbound.conf file should already be there and should be left alone.

microm3gaas · January 25, 2020, 9:35pm

Blockquote Which file? You do have to create a new pi-hole.conf file in the correct directory, but the other unbound.conf file should already be there and should be left alone.

unbound.conf was not in /etc/unbound/

That's what was confusing me if it should have been there without the need to have to be created. Since it should have been there, it makes sense why I don't see a reference in the guide to it.

jfb · January 25, 2020, 9:41pm

You can insert a new file there with the output I posted.

microm3gaas · January 25, 2020, 10:12pm

Oh, I did! I was just answering you.. I appreciate your response!

unbound did then star, however I received an error

fail: the anchor is NOT ok and could not be fixed

I have found a few things related to that I am looking at, but I'll need a little time to explore that error.

I've got to put this to the side for a little bit (workweek starts tomorrow) and come back at it when I have some more free time.

microm3gaas · January 25, 2020, 10:13pm

Thank you I will try these things and see what the result are. I'm using Raspbian on my pi currently.

Deepunder · February 4, 2020, 11:45am

Hi,

I am having the same issue with a brand new install of PiHole and Unbound over ethernet. The Unbound service starts but I am getting the "the anchor is NOT ok and cannot be fixed". DNS resolution is not functioning

I have conducted the following

checked to ensure the unbound.conf exists in /var/lib/unbound
Pi-Hole.conf file created in /etc/unbound/unbound.conf.d
root.hints is in the /var/lib/unbound and contains content
unbound-checkconf has no errors
permissions changed on the root.key file to unbound:unbound
removed the root.key file and had another one generated
executing sudo unbound-anchor -v -a /var/lib/unbound/root.key returns that the file contains content but anchor is NOT ok and could not be fixed
-running systemctl status unbound.service returns

● unbound.service - Unbound DNS server
Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2020-02-04 22:34:48 AEDT; 8min ago
Docs: man:unbound(8)
Process: 1639 ExecStartPre=/usr/lib/unbound/package-helper chroot_setup (code=exited, status=0/SUCCESS)
Process: 1642 ExecStartPre=/usr/lib/unbound/package-helper root_trust_anchor_update (code=exited, status=0/SUCCESS)
Main PID: 1648 (unbound)
Tasks: 4 (limit: 2200)
Memory: 11.5M
CGroup: /system.slice/unbound.service
└─1648 /usr/sbin/unbound -d

Feb 04 22:34:48 raspberrypi systemd[1]: Starting Unbound DNS server...
Feb 04 22:34:48 raspberrypi package-helper[1642]: /var/lib/unbound/root.key has content
Feb 04 22:34:48 raspberrypi package-helper[1642]: fail: the anchor is NOT ok and could not be fixed
Feb 04 22:34:48 raspberrypi systemd[1]: Started Unbound DNS server.
Feb 04 22:34:48 raspberrypi unbound[1648]: [1648:0] info: start of service (unbound 1.9.0).

Time and local has been updated and is correct.

anything else I can do, this is a brand new install of Raspbian Buster lite, Pihole and Unbound.

thanks

Deepunder · February 4, 2020, 12:01pm

Solved it. Found the issue to be the Circle parenting app on router detecting the raspberry pi. Didn’t report any issues in the logs of the app but decided to unmanage the device in the circle app. Restarted the unbound service and bang, anchor is Ok.

Hopefully this provides some info if anyone else has similar issues.

system · February 25, 2020, 12:05pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.