Expected Behaviour:
I am using a Raspberry Pi 5 with 4 GB of RAM. I want to start unbound, but an error message appears.
Actual Behaviour:
Error message: Job for unbound.service failed because the control process exited with error code.
See "systemctl status unbound.service" and "journalctl -xeu unbound.service" for details.
unbound-checkconf
[1740495870] unbound-checkconf[1235:0] error: trust anchor presented twice
[1740495870] unbound-checkconf[1235:0] error: could not parse auto-trust-anchor-file /var/lib/unbound/root.key line 2
[1740495870] unbound-checkconf[1235:0] error: error reading auto-trust-anchor-file: /var/lib/unbound/root.key
[1740495870] unbound-checkconf[1235:0] error: validator: error in trustanchors config
[1740495870] unbound-checkconf[1235:0] error: validator: could not apply configuration settings.
[1740495870] unbound-checkconf[1235:0] fatal error: bad config for validator module
When I run sudo rm /var/lib/unbound/root.key and then wget https://www.internic.net/domain/named.root -qO- | sudo tee /var/lib/unbound/root.hints, it works strangely, but I have to repeat it every time I stop or restart unbound.
Debug Token:
https://tricorder.pi-hole.net/17zHwSAr/
My Configuration:
/etc/unbound/unbound.conf:include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:server:
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf: auto-trust-anchor-file: "/var/lib/unbound/root.key"
/etc/unbound/unbound.conf.d/remote-control.conf:remote-control:
/etc/unbound/unbound.conf.d/remote-control.conf: control-enable: yes
/etc/unbound/unbound.conf.d/remote-control.conf: control-interface: /run/unbound.ctl
/etc/unbound/unbound.conf.d/pi-hole.conf:server:
/etc/unbound/unbound.conf.d/pi-hole.conf: verbosity: 1
/etc/unbound/unbound.conf.d/pi-hole.conf: logfile: "/var/log/unbound.log"
/etc/unbound/unbound.conf.d/pi-hole.conf: interface: 127.0.0.1
/etc/unbound/unbound.conf.d/pi-hole.conf: port: 5335
/etc/unbound/unbound.conf.d/pi-hole.conf: do-ip4: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf: do-udp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-tcp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: hide-identity: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: hide-version: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-glue: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-dnssec-stripped: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-below-nxdomain: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-referral-path: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: auto-trust-anchor-file: "/var/lib/unbound/root.key"
/etc/unbound/unbound.conf.d/pi-hole.conf: val-log-level: 2
/etc/unbound/unbound.conf.d/pi-hole.conf: qname-minimisation: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: qname-minimisation-strict: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: aggressive-nsec: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: cache-min-ttl: 3600
/etc/unbound/unbound.conf.d/pi-hole.conf: cache-max-ttl: 86400
/etc/unbound/unbound.conf.d/pi-hole.conf: rrset-cache-size: 256m
/etc/unbound/unbound.conf.d/pi-hole.conf: msg-cache-size: 128m
/etc/unbound/unbound.conf.d/pi-hole.conf: msg-cache-slabs: 8
/etc/unbound/unbound.conf.d/pi-hole.conf: rrset-cache-slabs: 8
/etc/unbound/unbound.conf.d/pi-hole.conf: infra-cache-numhosts: 50000
/etc/unbound/unbound.conf.d/pi-hole.conf: key-cache-size: 128m
/etc/unbound/unbound.conf.d/pi-hole.conf: neg-cache-size: 64m
/etc/unbound/unbound.conf.d/pi-hole.conf: serve-expired: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: num-threads: 4
/etc/unbound/unbound.conf.d/pi-hole.conf: so-rcvbuf: 4m
/etc/unbound/unbound.conf.d/pi-hole.conf: so-sndbuf: 4m
/etc/unbound/unbound.conf.d/pi-hole.conf: unwanted-reply-threshold: 100000
/etc/unbound/unbound.conf.d/pi-hole.conf: ratelimit: 1000
/etc/unbound/unbound.conf.d/pi-hole.conf: do-not-query-localhost: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: root-hints: "/var/lib/unbound/root.hints"
/etc/unbound/unbound.conf.d/pi-hole.conf: tls-cert-bundle: "/etc/ssl/certs/ca-certificates.crt"
/etc/unbound/unbound.conf.d/pi-hole.conf: use-caps-for-id: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-algo-downgrade: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 192.168.1.0/24
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 192.168.2.0/24
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 192.168.3.0/24
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 192.168.4.0/24
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 172.17.42.0/26
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 192.168.0.0/24
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 192.168.99.0/30
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 192.168.37.0/25
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 192.168.59.0/30
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 192.168.187.0/30
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 10.0.0.0/8
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 172.16.0.0/12
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: fd00::/8
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: fe80::/10
/etc/unbound/unbound.conf.d/pi-hole.conf:forward-zone:
/etc/unbound/unbound.conf.d/pi-hole.conf: name: "."
/etc/unbound/unbound.conf.d/pi-hole.conf: forward-tls-upstream: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: forward-addr: 9.9.9.9@853
/etc/unbound/unbound.conf.d/pi-hole.conf: forward-addr: 149.112.112.112@853