Please follow the below template, it will help us to help you!
Expected Behaviour:
Unbound to be running utilizing pi-hole.conf
Actual Behaviour:
Unbound is bout to port 53 resulting in lost API connection to pihole. Unbound.conf is not created on system,
Debug Token:
vqpmb47vwj
During the installation of unbound, following this guide: Redirecting... I created the pi-hole.conf.
When I start unbound, intially it will not restore so I reboot my pi and then check unbound:
systemctl status unbound:
â—Ź unbound.service - Unbound DNS server
Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2020-01-25 11:56:27 CST; 15min ago
Docs: man:unbound(8)
Process: 605 ExecStartPre=/usr/lib/unbound/package-helper root_trust_anchor_update (code=exited, status=1/FAILURE)
Process: 583 ExecStartPre=/usr/lib/unbound/package-helper chroot_setup (code=exited, status=1/FAILURE)
Main PID: 616 (unbound)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/unbound.service
└─616 /usr/sbin/unbound -d
Jan 25 11:56:27 buzzard systemd[1]: Starting Unbound DNS server...
Jan 25 11:56:27 buzzard package-helper[583]: [1579974987] unbound-checkconf[589:0] error: Could not open /etc/unbound/unbound.conf: No such file or directory
Jan 25 11:56:27 buzzard package-helper[605]: [1579974987] unbound-checkconf[611:0] error: Could not open /etc/unbound/unbound.conf: No such file or directory
Jan 25 11:56:27 buzzard systemd[1]: Started Unbound DNS server.
Jan 25 11:56:28 buzzard unbound[616]: [1579974988] unbound[616:0] error: Could not open /etc/unbound/unbound.conf: No such file or directory
Jan 25 11:56:28 buzzard unbound[616]: [1579974988] unbound[616:0] warning: Continuing with default config settings
Jan 25 11:56:28 buzzard unbound[616]: [616:0] notice: init module 0: validator
Jan 25 11:56:28 buzzard unbound[616]: [616:0] notice: init module 1: iterator
Jan 25 11:56:28 buzzard unbound[616]: [616:0] info: start of service (unbound 1.6.0).
performing: unbound-checkconf results in this, which tells me this does not exist and I should therefore create it?
[1579976024] unbound-checkconf[4278:0] error: Could not open /etc/unbound/unbound.conf: No such file or directory
I seem to be missing that step to create the unbound.conf. Am I missing a step following the guide, or is there another process that should have created that file?
I have searched around, apologize if I have missed a proper thread, but could I have advice on creating that file, or an example to look at. Stil sort of in the toddler steps of this process....
With the Pi-Hole guide for installing unbound, you create a new file at /etc/unbound/unbound.conf.d/pi-hole.conf
The file /etc/unbound/unbound.conf is simply a pointer to use all the configuration files in the unbound.conf.d directory, and should not be modified by you.
Here's the layout of the /etc/unbound directory:
ls -lha /etc/unbound
total 40K
drwxr-xr-x 3 root root 4.0K Oct 28 07:15 .
drwxr-xr-x 134 root root 12K Jan 25 12:10 ..
-rw-r--r-- 1 root root 332 Feb 19 2017 unbound.conf
drwxr-xr-x 2 root root 4.0K Oct 28 07:15 unbound.conf.d
-rw------- 1 root root 2.4K Oct 26 2018 unbound_control.key
-rw-r----- 1 root root 1.3K Oct 26 2018 unbound_control.pem
-rw------- 1 root root 2.5K Oct 26 2018 unbound_server.key
-rw-r----- 1 root root 1.3K Oct 26 2018 unbound_server.pem
cd unbound.conf.d
pi@Pi-3B-DEV:/etc/unbound/unbound.conf.d $ ls -lha
total 20K
drwxr-xr-x 2 root root 4.0K Oct 28 07:15 .
drwxr-xr-x 3 root root 4.0K Oct 28 07:15 ..
-rw-r--r-- 1 root root 2.0K Apr 22 2019 pi-hole.conf
-rw-r--r-- 1 root root 302 Feb 19 2017 qname-minimisation.conf
-rw-r--r-- 1 root root 190 Feb 19 2017 root-auto-trust-anchor-file.conf
cat /etc/unbound/unbound.conf
# Unbound configuration file for Debian.
# See the unbound.conf(5) man page.
#
# See /usr/share/doc/unbound/examples/unbound.conf for a commented
# reference config file.
#
# The following line includes additional configuration files from the
# /etc/unbound/unbound.conf.d directory.
include: "/etc/unbound/unbound.conf.d/*.conf"
The new file you make at /etc/unbound/unbound.conf.d/pi-hole.conf contains the configuration lines from the Pi-Hole setup guide, including the custom port 5353. Once this file is in place, and if the original unbound.conf file shown above is in place, then unbound will read the proper configuration.
If it should be in the unbound package, something might have held back this config file during installation.
Usually purging/uninstalling the package and reinstalling it should fix:
sudo dpkg -P unbound
sudo apt install --reinstall unbound
Ps. this purging will remove the folder /etc/unbound and subfolders/config files contained within.
Which file? You do have to create a new pi-hole.conf file in the correct directory, but the other unbound.conf file should already be there and should be left alone.
Blockquote Which file? You do have to create a new pi-hole.conf file in the correct directory, but the other unbound.conf file should already be there and should be left alone.
unbound.conf was not in /etc/unbound/
That's what was confusing me if it should have been there without the need to have to be created. Since it should have been there, it makes sense why I don't see a reference in the guide to it.
I am having the same issue with a brand new install of PiHole and Unbound over ethernet. The Unbound service starts but I am getting the "the anchor is NOT ok and cannot be fixed". DNS resolution is not functioning
I have conducted the following
checked to ensure the unbound.conf exists in /var/lib/unbound
Pi-Hole.conf file created in /etc/unbound/unbound.conf.d
root.hints is in the /var/lib/unbound and contains content
unbound-checkconf has no errors
permissions changed on the root.key file to unbound:unbound
removed the root.key file and had another one generated
executing sudo unbound-anchor -v -a /var/lib/unbound/root.key returns that the file contains content but anchor is NOT ok and could not be fixed
-running systemctl status unbound.service returns
â—Ź unbound.service - Unbound DNS server
Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2020-02-04 22:34:48 AEDT; 8min ago
Docs: man:unbound(8)
Process: 1639 ExecStartPre=/usr/lib/unbound/package-helper chroot_setup (code=exited, status=0/SUCCESS)
Process: 1642 ExecStartPre=/usr/lib/unbound/package-helper root_trust_anchor_update (code=exited, status=0/SUCCESS)
Main PID: 1648 (unbound)
Tasks: 4 (limit: 2200)
Memory: 11.5M
CGroup: /system.slice/unbound.service
└─1648 /usr/sbin/unbound -d
Feb 04 22:34:48 raspberrypi systemd[1]: Starting Unbound DNS server...
Feb 04 22:34:48 raspberrypi package-helper[1642]: /var/lib/unbound/root.key has content
Feb 04 22:34:48 raspberrypi package-helper[1642]: fail: the anchor is NOT ok and could not be fixed
Feb 04 22:34:48 raspberrypi systemd[1]: Started Unbound DNS server.
Feb 04 22:34:48 raspberrypi unbound[1648]: [1648:0] info: start of service (unbound 1.9.0).
Time and local has been updated and is correct.
anything else I can do, this is a brand new install of Raspbian Buster lite, Pihole and Unbound.
Solved it. Found the issue to be the Circle parenting app on router detecting the raspberry pi. Didn’t report any issues in the logs of the app but decided to unmanage the device in the circle app. Restarted the unbound service and bang, anchor is Ok.
Hopefully this provides some info if anyone else has similar issues.