Holy moly that are a lot fixes. Great work by both teams.
This release won’t work with Pihole on Raspbian Stretch though, right?
On what do you base that?
Anyone here pls tell me how to update this Unbound to latest version 1.9.6. According to the guide from Unbound installation it sits still at 1.9.0
So is there a simple guide to update or do a fresh installation ? i tried doing it manually but didnt succeed.
Any help is highly appreciated. Thanks
What did you try? Before there are any official builds, you should be able to compile directly from the source code.
git clone https://github.com/NLnetLabs/unbound.git cd unbound git checkout release-1.9.6 ./configure && make && sudo make install
should be all you need following https://github.com/NLnetLabs/unbound#compiling
Depending on what is already on your system, you may need to install some building dependencies like
sudo apt install build-essential libssl-dev libexpat1-dev
(this is just an assumption, you may need further packages).
should now show the 1.9.6 release. After confirming this, run
sudo service unbound restart
to replace the old running
unbound by the newer one. You may want to uninstall
apt remove now to avoid your locally compiled variant to be overwritten by updates. If this removes the
unbound binary, simply run the
sudo make install step from above another time.
I tried to follow your howto to update unbound on my raspberry.
Installation seams ok, but unbound is unable to start
unbound -v -v -v -v -v -v
 unbound[1413:0] notice: Start of unbound 1.9.6.
 unbound[1413:0] debug: creating udp6 socket ::1 53
 unbound[1413:0] debug: creating tcp6 socket ::1 53
 unbound[1413:0] error: can’t bind socket: Address already in use for ::1 port 53 (len 28)
 unbound[1413:0] fatal error: could not open ports
How does your configuration look like? The description I gave is only expected to work when
unbound already worked before.
Unbound used to work perfectly in version 1.9.0.
config: would say standard, port: 5335
setting IPv6 off does not help.
GNU nano 3.2 /etc/unbound/unbound.conf.d/pi-hole.conf server: # If no logfile is specified, syslog is used # logfile: "/var/log/unbound/unbound.log" verbosity: 1 do-ip4: yes do-udp: yes do-tcp: yes # May be set to yes if you have IPv6 connectivity do-ip6: yes # Use this only when you downloaded the list of primary root serv$ root-hints: "/var/lib/unbound/root.hints" # Trust glue only if it is within the servers authority harden-glue: yes # Require DNSSEC data for trust-anchored zones, if such data is a$ harden-dnssec-stripped: yes # Don't use Capitalization randomization as it known to cause DNS$ # see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-$ use-caps-for-id: no # Reduce EDNS reassembly buffer size. # Suggested by the unbound man page to reduce fragmentation reass$ edns-buffer-size: 1472 # TTL bounds for cache cache-min-ttl: 3600 cache-max-ttl: 86400 # Perform prefetching of close to expired message cache entries # This only applies to domains that have been frequently queried prefetch: yes # One thread should be sufficient, can be increased on beefy mach$ num-threads: 1 # Ensure kernel buffer is large enough to not lose messages in tr$ so-rcvbuf: 1m # Ensure privacy of local IP ranges private-address: 192.168.0.0/16 private-address: 169.254.0.0/16 private-address: 172.16.0.0/12 private-address: 10.0.0.0/8 private-address: fd00::/8 private-address: fe80::/10 interface: 0.0.0.0@5335 interface: ::0@5335
Where did you get these configuration lines?
this was a try an error from my side and recommended in a german forum.
the same error is still here, even if i use the „standard“ config,
GNU nano 3.2 /etc/unbound/unbound.conf.d/pi-hole.conf server: # If no logfile is specified, syslog is used # logfile: "/var/log/unbound/unbound.log" verbosity: 0 port: 5335 do-ip4: yes do-udp: yes do-tcp: yes # May be set to yes if you have IPv6 connectivity do-ip6: no without interface lines
Are there any other files in
Do you have a
Check them as well.
Here we go…
GNU nano 3.2 /etc/unbound/unbound.conf # Unbound configuration file for Debian. # # See the unbound.conf(5) man page. # # See /usr/share/doc/unbound/examples/unbound.conf for a commented # reference config file. # # The following line includes additional configuration files from the # /etc/unbound/unbound.conf.d directory. include: "/etc/unbound/unbound.conf.d/*.conf" ```
root@raspberrypi:~# ls /etc/unbound/unbound.conf.d
What is in the other config files? Something seems to overwrite your
/etc/unbound/unbound.conf.d/qname-minimisation.conf server: # Send minimum amount of information to upstream servers to enhan$ # privacy. Only sends minimum required labels of the QNAME and se$ # QTYPE to NS when possible. # See RFC 7816 "DNS Query Name Minimisation to Improve Privacy" f$ # details. qname-minimisation: yes ```
# The following line will configure unbound to perform cryptograp$
# DNSSEC validation using the root trust anchor.
do you think setting up the whole raspberry, pihole and unbound could solve my issue?
is any other user able to run unbound 1.9.6 on a raspberry successfully?
anything else i can try, bevor starting allover with new setup?
Thank you very much supporting me!
Yes, at least I am able to do this but on another Pi on the other end of the country which I cannot access right now.
How do you try to start
unbound? I hope you’re using
sudo service unbound restart
and do not try to start it directly as
root. This will not work as it doesn’t know which config files to read if you start it manually.
Are you sure there is no
port: setting hidden somewhere ?
sudo grep 'port:' -R /etc/unbound/unbound.conf*
Last login: Sat Jan 18 16:01:57 2020 from 192.168.178.25 ben2@raspberrypi:~ $ sudo service unbound restart[sudo] password for ben2: Job for unbound.service failed because the control process exited with error code. See "systemctl status unbound.service" and "journalctl -xe" for details. ben2@raspberrypi:~ $ systemctl status unbound.service ● unbound.service - Unbound DNS server Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendo Active: failed (Result: exit-code) since Sat 2020-01-18 16:30:10 GM Docs: man:unbound(8) Process: 2503 ExecStartPre=/usr/lib/unbound/package-helper chroot_se Process: 2513 ExecStartPre=/usr/lib/unbound/package-helper root_trus Process: 2517 ExecStart=/usr/sbin/unbound -d $DAEMON_OPTS (code=exit Main PID: 2517 (code=exited, status=1/FAILURE) ben2@raspberrypi:~ $ sudo grep 'port:' -R /etc/unbound/unbound.conf*/etc/unbound/unbound.conf.d/pi-hole.conf: port: 5335 ben2@raspberrypi:~ $