I have installed Unbound by following the official guide but every time I try to start it I get this result
pi@raspberrypi:~ $ systemctl status unbound
ā unbound.service - Unbound DNS server
Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sat 2020-08-22 07:59:46 CDT; 7s ago
Docs: man:unbound(8)
Process: 6731 ExecStartPre=/usr/lib/unbound/package-helper chroot_setup (code=exited, status=1/FAILURE)
Process: 6734 ExecStartPre=/usr/lib/unbound/package-helper root_trust_anchor_update (code=exited, status=1/FAILURE)
Process: 6737 ExecStart=/usr/sbin/unbound -d $DAEMON_OPTS (code=exited, status=1/FAILURE)
Main PID: 6737 (code=exited, status=1/FAILURE)
Aug 22 07:59:46 raspberrypi systemd[1]: unbound.service: Service RestartSec=100ms expired, scheduling restart.
Aug 22 07:59:46 raspberrypi systemd[1]: unbound.service: Scheduled restart job, restart counter is at 5.
Aug 22 07:59:46 raspberrypi systemd[1]: Stopped Unbound DNS server.
Aug 22 07:59:46 raspberrypi systemd[1]: unbound.service: Start request repeated too quickly.
Aug 22 07:59:46 raspberrypi systemd[1]: unbound.service: Failed with result 'exit-code'.
Aug 22 07:59:46 raspberrypi systemd[1]: Failed to start Unbound DNS server.
I have uninstalled and reinstalled unbound but I cannot seem to get it to work. Any help would be appreciated.
jfb
August 22, 2020, 1:48pm
2
Please post the complete output of this command from the Pi terminal - you can format the text as "pre-formatted text" using the </>
sudo grep -v '#\|^$' -R /etc/unbound/unbound.conf*
/etc/unbound/unbound.conf.d/pi-hole.conf:server:
/etc/unbound/unbound.conf.d/pi-hole.conf: verbosity: 0
/etc/unbound/unbound.conf.d/pi-hole.conf: interface: 127.0.0.1
/etc/unbound/unbound.conf.d/pi-hole.conf: port: 5335
/etc/unbound/unbound.conf.d/pi-hole.conf: do-ip4: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-udp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-tcp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-ip6: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: prefer-ip6: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: root-hints: "/var/lib/unbound/root.hints"
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-glue: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-dnssec-stripped: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: use-caps-for-id: no
/etc/unbound/unbound.conf.d/pi-hole.conf: edns-buffer-size: 1472
/etc/unbound/unbound.conf.d/pi-hole.conf: prefetch: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: num-threads: 1
/etc/unbound/unbound.conf.d/pi-hole.conf: so-rcvbuf: 1m
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 192.168.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 169.254.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 172.16.0.0/12
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 10.0.0.0/8
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: fd00::/8
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: fe80::/10
jfb
August 22, 2020, 2:25pm
4
Looks like you are missing some configuration files. From a working unbound install, these additional lines appear in that output:
sudo grep -v '#\|^$' -R /etc/unbound/unbound.conf*
/etc/unbound/unbound.conf:include: "/etc/unbound/unbound.conf.d/*.conf"
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:server:
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf: auto-trust-anchor-file: "/var/lib/unbound/root.key"
....
This configuration file contains the pointer to use the new configuration file you installed per the Pi-hole guid:
cat /etc/unbound/unbound.conf
# Unbound configuration file for Debian.
#
# See the unbound.conf(5) man page.
#
# See /usr/share/doc/unbound/examples/unbound.conf for a commented
# reference config file.
#
# The following line includes additional configuration files from the
# /etc/unbound/unbound.conf.d directory.
include: "/etc/unbound/unbound.conf.d/*.conf"
This file defines where your anchor file is located:
cat /etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf
server:
# The following line will configure unbound to perform cryptographic
# DNSSEC validation using the root trust anchor.
auto-trust-anchor-file: "/var/lib/unbound/root.key"
pi@raspberrypi:~ $ sudo grep -v '#\|^$' -R /etc/unbound/unbound.conf*
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:cat /etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf server:
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf: auto-trust-anchor-file: "/var/lib/unbound/root.key"
/etc/unbound/unbound.conf.d/pi-hole.conf:server:
/etc/unbound/unbound.conf.d/pi-hole.conf: verbosity: 0
/etc/unbound/unbound.conf.d/pi-hole.conf: interface: 127.0.0.1
/etc/unbound/unbound.conf.d/pi-hole.conf: port: 5335
/etc/unbound/unbound.conf.d/pi-hole.conf: do-ip4: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-udp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-tcp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-ip6: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: prefer-ip6: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: root-hints: "/var/lib/unbound/root.hints"
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-glue: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-dnssec-stripped: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: use-caps-for-id: no
/etc/unbound/unbound.conf.d/pi-hole.conf: edns-buffer-size: 1472
/etc/unbound/unbound.conf.d/pi-hole.conf: prefetch: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: num-threads: 1
/etc/unbound/unbound.conf.d/pi-hole.conf: so-rcvbuf: 1m
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 192.168.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 169.254.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 172.16.0.0/12
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 10.0.0.0/8
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: fd00::/8
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: fe80::/10
jfb
August 22, 2020, 5:03pm
6
Looks like you are still missing this file.
/etc/unbound/unbound.conf:server:
/etc/unbound/unbound.conf: verbosity: 0
/etc/unbound/unbound.conf: interface: 127.0.0.1
/etc/unbound/unbound.conf: port: 5335
/etc/unbound/unbound.conf: do-ip4: yes
/etc/unbound/unbound.conf: do-udp: yes
/etc/unbound/unbound.conf: do-tcp: yes
/etc/unbound/unbound.conf: do-ip6: no
/etc/unbound/unbound.conf: prefer-ip6: no
/etc/unbound/unbound.conf: root-hints: "/var/lib/unbound/root.hints"
/etc/unbound/unbound.conf: harden-glue: yes
/etc/unbound/unbound.conf: harden-dnssec-stripped: yes
/etc/unbound/unbound.conf: use-caps-for-id: no
/etc/unbound/unbound.conf: edns-buffer-size: 1472
/etc/unbound/unbound.conf: prefetch: yes
/etc/unbound/unbound.conf: num-threads: 1
/etc/unbound/unbound.conf: so-rcvbuf: 1m
/etc/unbound/unbound.conf: private-address: 192.168.0.0/16
/etc/unbound/unbound.conf: private-address: 169.254.0.0/16
/etc/unbound/unbound.conf: private-address: 172.16.0.0/12
/etc/unbound/unbound.conf: private-address: 10.0.0.0/8
/etc/unbound/unbound.conf: private-address: fd00::/8
/etc/unbound/unbound.conf: private-address: fe80::/10
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:server:
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf: auto-trust-anchor-file: "/var/lib/unbound/root.key"
I don't know what I'm missing. I added the unbound.conf file
okay so I got it running now but when I do the test I only get no error for both
dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5335
dig sigok.verteiltesysteme.net @127.0.0.1 -p 5335
I do not get servfail
deleted because I posted my IP
jfb
August 22, 2020, 7:57pm
11
You have the incorrect contents in that file - you have duplicated your pi-hole.conf file.
In /etc/unbound/unbound.conf
include: "/etc/unbound/unbound.conf.d/*.conf"
jfb
August 22, 2020, 7:58pm
12
Run this command to check unbound configuration:
unbound-checkconf
success now. No errors in the unbound.conf file and I have the proper SERVFAIL and NOERROR according to the guide.
Thank you so much for your help and patience.
1 Like
system
September 12, 2020, 8:16pm
14
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.