I have another Pi 4 4GB which I set up some time ago with Unbound without any issue. But my new Pi 4 4GB keeps failing with Unbound exactly with the same error.
FWIW, I tried a number of times clean install of everything - no luck.
pi@ramin:~ $ sudo apt install unbound
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages: apparmor
The following NEW packages will be installed: unbound
0 upgraded, 1 newly installed, 0 to remove and 62 not upgraded.
Need to get 669 kB of archives.
After this operation, 3,633 kB of additional disk space will be used.
Get:1 http://raspbian.freemirror.org/raspbian buster/main armhf unbound armhf 1.9.0-2+deb10u1 [669 kB]
Fetched 669 kB in 1s (985 kB/s)
Selecting previously unselected package unbound.
(Reading database ... 41262 files and directories currently installed.)
Preparing to unpack .../unbound_1.9.0-2+deb10u1_armhf.deb ...
Unpacking unbound (1.9.0-2+deb10u1) ...
Setting up unbound (1.9.0-2+deb10u1) ...
Job for unbound.service failed because the control process exited with error code.
See "systemctl status unbound.service" and "journalctl -xe" for details.
Job for unbound.service failed because the control process exited with error code.
See "systemctl status unbound.service" and "journalctl -xe" for details.
invoke-rc.d: initscript unbound, action "restart" failed.
● unbound.service - Unbound DNS server
Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Thu 2019-12-05 22:29:21 EST; 24ms ago
Docs: man:unbound(8)
Process: 7365 ExecStartPre=/usr/lib/unbound/package-helper chroot_setup (code=exited, status=0/SUCCESS)
Process: 7368 ExecStartPre=/usr/lib/unbound/package-helper root_trust_anchor_update (code=exited, status=0/SUCCESS)
Process: 7372 ExecStart=/usr/sbin/unbound -d $DAEMON_OPTS (code=exited, status=1/FAILURE)
Main PID: 7372 (code=exited, status=1/FAILURE)
Processing triggers for man-db (2.8.5-2) ...
Processing triggers for systemd (241-7~deb10u1+rpi1) ...
pi@raspberrypi:~ $ systemctl status unbound.service
● unbound.service - Unbound DNS server
Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor preset:
Active: failed (Result: exit-code) since Fri 2019-12-06 05:47:16 GMT; 3min 27
Docs: man:unbound(8)
Process: 9943 ExecStartPre=/usr/lib/unbound/package-helper chroot_setup (code=
Process: 9946 ExecStartPre=/usr/lib/unbound/package-helper root_trust_anchor_u
Process: 9950 ExecStart=/usr/sbin/unbound -d $DAEMON_OPTS (code=exited, status
Main PID: 9950 (code=exited, status=1/FAILURE)
Dec 06 05:47:15 raspberrypi systemd[1]: unbound.service: Service RestartSec=100m
Dec 06 05:47:15 raspberrypi systemd[1]: unbound.service: Scheduled restart job,
Dec 06 05:47:16 raspberrypi systemd[1]: Stopped Unbound DNS server.
Dec 06 05:47:16 raspberrypi systemd[1]: unbound.service: Start request repeated
Dec 06 05:47:16 raspberrypi systemd[1]: unbound.service: Failed with result 'exi
Dec 06 05:47:16 raspberrypi systemd[1]: Failed to start Unbound DNS server.
lines 1-15/15 (END)
=======
pi@raspberrypi:~ $
journalctl -xe
-- Subject: A stop job for unit unbound-resolvconf.service has begun execution
-- Defined-By: systemd
-- Support:
--
-- A stop job for unit unbound-resolvconf.service has begun execution.
--
-- The job identifier is 2224.
Dec 06 05:47:16 raspberrypi systemd[1]: unbound-resolvconf.service: Succeeded.
-- Subject: Unit succeeded
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- The unit unbound-resolvconf.service has successfully entered the 'dead' state.
Dec 06 05:47:16 raspberrypi systemd[1]: Stopped Unbound DNS server via resolvconf.
-- Subject: A stop job for unit unbound-resolvconf.service has finished
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A stop job for unit unbound-resolvconf.service has finished.
--
-- The job identifier is 2224 and the job result is done.
Dec 06 05:47:16 raspberrypi systemd[1]: Stopped Unbound DNS server.
-- Subject: A stop job for unit unbound.service has finished
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A stop job for unit unbound.service has finished.
--
-- The job identifier is 2164 and the job result is done.
Dec 06 05:47:16 raspberrypi systemd[1]: unbound.service: Start request repeated too quickly.
Dec 06 05:47:16 raspberrypi systemd[1]: unbound.service: Failed with result 'exit-code'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- The unit unbound.service has entered the 'failed' state with result 'exit-code'.
Dec 06 05:47:16 raspberrypi systemd[1]: Failed to start Unbound DNS server.
-- Subject: A start job for unit unbound.service has failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A start job for unit unbound.service has finished with a failure.
--
-- The job identifier is 2164 and the job result is failed.
Dec 06 05:47:16 raspberrypi systemd[1]: unbound-resolvconf.service: Start request repeated too quickly.
Dec 06 05:47:16 raspberrypi systemd[1]: unbound-resolvconf.service: Failed with result 'start-limit-hit'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support:
--
-- The unit unbound-resolvconf.service has entered the 'failed' state with result 'start-limit-hit'.
Dec 06 05:47:16 raspberrypi systemd[1]: Failed to start Unbound DNS server via resolvconf.
-- Subject: A start job for unit unbound-resolvconf.service has failed
-- Defined-By: systemd
-- Support:
--
-- A start job for unit unbound-resolvconf.service has finished with a failure.
--
-- The job identifier is 2224 and the job result is failed.
Dec 06 05:50:01 raspberrypi CRON[10000]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec 06 05:50:01 raspberrypi CRON[10004]: (root) CMD ( PATH="$PATH:/usr/local/bin/" pihole updatechecker local)
Dec 06 05:50:02 raspberrypi CRON[10000]: pam_unix(cron:session): session closed for user root
lines 2744-2805/2805 (END)
Please post the output of the following commands from the Pi terminal. These will check your configuration and show you the non-commented configuration lines:
ls -lh /etc/unbound
total 24K
-rw-r--r-- 1 root root 332 Feb 19 2017 unbound.conf
drwxr-xr-x 2 root root 4.0K Oct 28 07:15 unbound.conf.d
-rw------- 1 root root 2.4K Oct 26 2018 unbound_control.key
-rw-r----- 1 root root 1.3K Oct 26 2018 unbound_control.pem
-rw------- 1 root root 2.5K Oct 26 2018 unbound_server.key
-rw-r----- 1 root root 1.3K Oct 26 2018 unbound_server.pem
In the unbound.conf.d directory, you should have the following files:
ls -lh /etc/unbound/unbound.conf.d
total 12K
-rw-r--r-- 1 root root 2.0K Apr 22 2019 pi-hole.conf
-rw-r--r-- 1 root root 302 Feb 19 2017 qname-minimisation.conf
-rw-r--r-- 1 root root 190 Feb 19 2017 root-auto-trust-anchor-file.conf
The pi-hole.conf file is missing on your Pi. This is the configuration file you have to create manually, and it will set unbound to listen on port 5353, avoiding the conflict with port 53.
The contents of this file are shown in the Pi-Hole setup guide for unbound. Copy that portion of the guide into a new file in the directory, with the correct filename.
It was never created automatically. There is no install feature that would do this, and the file has always been manually created.
This is a different part of the installation, unrelated to the pihole configuration file, and only half the process of getting this file into the correct location - reference the guide. From the Pi-Hole guide, the first command obtains the file, the second command (with sudo permission) puts the file into the correct folder.