No internet using unbound

I'm getting the same error!

I have another Pi 4 4GB which I set up some time ago with Unbound without any issue. But my new Pi 4 4GB keeps failing with Unbound exactly with the same error.

FWIW, I tried a number of times clean install of everything - no luck.

pi@ramin:~ $ sudo apt install unbound

Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:  apparmor
The following NEW packages will be installed:  unbound
0 upgraded, 1 newly installed, 0 to remove and 62 not upgraded.
Need to get 669 kB of archives.
After this operation, 3,633 kB of additional disk space will be used.
Get:1 http://raspbian.freemirror.org/raspbian buster/main armhf unbound armhf 1.9.0-2+deb10u1 [669 kB]
Fetched 669 kB in 1s (985 kB/s)
Selecting previously unselected package unbound.
(Reading database ... 41262 files and directories currently installed.)
Preparing to unpack .../unbound_1.9.0-2+deb10u1_armhf.deb ...
Unpacking unbound (1.9.0-2+deb10u1) ...
Setting up unbound (1.9.0-2+deb10u1) ...
Job for unbound.service failed because the control process exited with error code.
See "systemctl status unbound.service" and "journalctl -xe" for details.
Job for unbound.service failed because the control process exited with error code.
See "systemctl status unbound.service" and "journalctl -xe" for details.
invoke-rc.d: initscript unbound, action "restart" failed.
● unbound.service - Unbound DNS server

Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Thu 2019-12-05 22:29:21 EST; 24ms ago
Docs: man:unbound(8)
Process: 7365 ExecStartPre=/usr/lib/unbound/package-helper chroot_setup (code=exited, status=0/SUCCESS)
Process: 7368 ExecStartPre=/usr/lib/unbound/package-helper root_trust_anchor_update (code=exited, status=0/SUCCESS)
Process: 7372 ExecStart=/usr/sbin/unbound -d $DAEMON_OPTS (code=exited, status=1/FAILURE)
Main PID: 7372 (code=exited, status=1/FAILURE)
Processing triggers for man-db (2.8.5-2) ...
Processing triggers for systemd (241-7~deb10u1+rpi1) ...

What were the details?

pi@raspberrypi:~ $ systemctl status unbound.service

● unbound.service - Unbound DNS server
   Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor preset: 
   Active: failed (Result: exit-code) since Fri 2019-12-06 05:47:16 GMT; 3min 27
     Docs: man:unbound(8)
  Process: 9943 ExecStartPre=/usr/lib/unbound/package-helper chroot_setup (code=
  Process: 9946 ExecStartPre=/usr/lib/unbound/package-helper root_trust_anchor_u
  Process: 9950 ExecStart=/usr/sbin/unbound -d $DAEMON_OPTS (code=exited, status
 Main PID: 9950 (code=exited, status=1/FAILURE)

Dec 06 05:47:15 raspberrypi systemd[1]: unbound.service: Service RestartSec=100m
Dec 06 05:47:15 raspberrypi systemd[1]: unbound.service: Scheduled restart job, 
Dec 06 05:47:16 raspberrypi systemd[1]: Stopped Unbound DNS server.
Dec 06 05:47:16 raspberrypi systemd[1]: unbound.service: Start request repeated 
Dec 06 05:47:16 raspberrypi systemd[1]: unbound.service: Failed with result 'exi
Dec 06 05:47:16 raspberrypi systemd[1]: Failed to start Unbound DNS server.
lines 1-15/15 (END)

=======

pi@raspberrypi:~ $

 journalctl -xe

-- Subject: A stop job for unit unbound-resolvconf.service has begun execution

-- Defined-By: systemd

-- Support:

--

-- A stop job for unit unbound-resolvconf.service has begun execution.

--

-- The job identifier is 2224.

Dec 06 05:47:16 raspberrypi systemd[1]: unbound-resolvconf.service: Succeeded.

-- Subject: Unit succeeded

-- Defined-By: systemd

-- Support: https://www.debian.org/support

--

-- The unit unbound-resolvconf.service has successfully entered the 'dead' state.

Dec 06 05:47:16 raspberrypi systemd[1]: Stopped Unbound DNS server via resolvconf.

-- Subject: A stop job for unit unbound-resolvconf.service has finished

-- Defined-By: systemd

-- Support: https://www.debian.org/support

--

-- A stop job for unit unbound-resolvconf.service has finished.

--

-- The job identifier is 2224 and the job result is done.

Dec 06 05:47:16 raspberrypi systemd[1]: Stopped Unbound DNS server.

-- Subject: A stop job for unit unbound.service has finished

-- Defined-By: systemd

-- Support: https://www.debian.org/support

--

-- A stop job for unit unbound.service has finished.

--

-- The job identifier is 2164 and the job result is done.

Dec 06 05:47:16 raspberrypi systemd[1]: unbound.service: Start request repeated too quickly.

Dec 06 05:47:16 raspberrypi systemd[1]: unbound.service: Failed with result 'exit-code'.

-- Subject: Unit failed

-- Defined-By: systemd

-- Support: https://www.debian.org/support

--

-- The unit unbound.service has entered the 'failed' state with result 'exit-code'.

Dec 06 05:47:16 raspberrypi systemd[1]: Failed to start Unbound DNS server.

-- Subject: A start job for unit unbound.service has failed

-- Defined-By: systemd

-- Support: https://www.debian.org/support

--

-- A start job for unit unbound.service has finished with a failure.

--

-- The job identifier is 2164 and the job result is failed.

Dec 06 05:47:16 raspberrypi systemd[1]: unbound-resolvconf.service: Start request repeated too quickly.

Dec 06 05:47:16 raspberrypi systemd[1]: unbound-resolvconf.service: Failed with result 'start-limit-hit'.

-- Subject: Unit failed

-- Defined-By: systemd

-- Support: 

--

-- The unit unbound-resolvconf.service has entered the 'failed' state with result 'start-limit-hit'.

Dec 06 05:47:16 raspberrypi systemd[1]: Failed to start Unbound DNS server via resolvconf.

-- Subject: A start job for unit unbound-resolvconf.service has failed

-- Defined-By: systemd

-- Support: 

--

-- A start job for unit unbound-resolvconf.service has finished with a failure.

--

-- The job identifier is 2224 and the job result is failed.

Dec 06 05:50:01 raspberrypi CRON[10000]: pam_unix(cron:session): session opened for user root by (uid=0)

Dec 06 05:50:01 raspberrypi CRON[10004]: (root) CMD ( PATH="$PATH:/usr/local/bin/" pihole updatechecker local)

Dec 06 05:50:02 raspberrypi CRON[10000]: pam_unix(cron:session): session closed for user root

lines 2744-2805/2805 (END)

Please post the output of the following commands from the Pi terminal. These will check your configuration and show you the non-commented configuration lines:

unbound-checkconf

sudo grep -v '#\|^$' -R /etc/unbound/unbound.conf.d

pi@raspberrypi:~ $ unbound -d -vvv

[1575642929] unbound[10942:0] notice: Start of unbound 1.9.0.

[1575642929] unbound[10942:0] debug: increased limit(open files) from 1024 to 4152

[1575642929] unbound[10942:0] debug: creating udp6 socket ::1 53

[1575642929] unbound[10942:0] error: can't bind socket: Permission denied for ::1 port 53 (len 28)

[1575642929] unbound[10942:0] fatal error: could not open ports

pi@raspberrypi:~ $

pi@raspberrypi:~ $ unbound-checkconf
unbound-checkconf: no errors in /etc/unbound/unbound.conf
pi@raspberrypi:~ $ sudo grep -v '#\|^$' -R /etc/unbound/unbound.conf.d
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:server:
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:    auto-trust-anchor-file: "/var/lib/unbound/root.key"
/etc/unbound/unbound.conf.d/qname-minimisation.conf:server:
/etc/unbound/unbound.conf.d/qname-minimisation.conf:    qname-minimisation: yes

Please note that the install fails to create that "unbound.conf" file!

However, I manually copied the file from my working Pi 4 and then Unbound seems to work on my 2nd Pi 4.

Not sure if that would be my solution though - so I would appreciate some guidance.

The directory structure should look like this:

ls -lh /etc/unbound
total 24K
-rw-r--r-- 1 root root 332 Feb 19 2017 unbound.conf
drwxr-xr-x 2 root root 4.0K Oct 28 07:15 unbound.conf.d
-rw------- 1 root root 2.4K Oct 26 2018 unbound_control.key
-rw-r----- 1 root root 1.3K Oct 26 2018 unbound_control.pem
-rw------- 1 root root 2.5K Oct 26 2018 unbound_server.key
-rw-r----- 1 root root 1.3K Oct 26 2018 unbound_server.pem

In the unbound.conf.d directory, you should have the following files:

ls -lh /etc/unbound/unbound.conf.d
total 12K
-rw-r--r-- 1 root root 2.0K Apr 22  2019 pi-hole.conf
-rw-r--r-- 1 root root  302 Feb 19  2017 qname-minimisation.conf
-rw-r--r-- 1 root root  190 Feb 19  2017 root-auto-trust-anchor-file.conf

The pi-hole.conf file is missing on your Pi. This is the configuration file you have to create manually, and it will set unbound to listen on port 5353, avoiding the conflict with port 53.

The contents of this file are shown in the Pi-Hole setup guide for unbound. Copy that portion of the guide into a new file in the directory, with the correct filename.

https://docs.pi-hole.net/guides/unbound/

Sorry, yes I meant pi-hole.conf is missing!
However, it used to be created automatically - if memory serves me correctly!

Also, if I do it manually per your documentation:

wget -O root.hints https://www.internic.net/domain/named.root

Then, it must be run as sudo due to permission.

This is why I am kind of confused. :slight_smile:

It was never created automatically. There is no install feature that would do this, and the file has always been manually created.

This is a different part of the installation, unrelated to the pihole configuration file, and only half the process of getting this file into the correct location - reference the guide. From the Pi-Hole guide, the first command obtains the file, the second command (with sudo permission) puts the file into the correct folder.

wget -O root.hints https://www.internic.net/domain/named.root

sudo mv root.hints /var/lib/unbound/

Thank You! :slight_smile:

I've set up piehole & unbound a number of times but somehow I got confused thinking pie-hole.conf was supposed to be created automatically!!

Thank you again for your time.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.