Unbound won't start after disabling resolvconf_resolvers.conf

Help Community Help
1

The issue I am facing:
I'm setting up PiHole + Unbound on a new RP4 and running into a problem after following the "Required for Bullseye+" steps at the bottom of the unbound - Pi-hole documentation tutorial. All the steps proceed normally without error until the final step of restarting unbound, which returns an error:

> WaynePi2@pihole2:~ $ sudo service unbound restart
> Job for unbound.service failed because the control process exited with error code.
> See "systemctl status unbound.service" and "journalctl -xe" for details.

Output of both of those commands:

systemctl status unbound.service 
WaynePi2@pihole2:~ $ systemctl status unbound.service
● unbound.service - Unbound DNS server
     Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Sat 2023-08-05 00:29:50 EDT; 7s ago
       Docs: man:unbound(8)
    Process: 1201 ExecStartPre=/usr/lib/unbound/package-helper chroot_setup (code=exited, status=0/SUCCESS)
    Process: 1204 ExecStartPre=/usr/lib/unbound/package-helper root_trust_anchor_update (code=exited, status=0/SUCCESS)
    Process: 1207 ExecStart=/usr/sbin/unbound -d -p $DAEMON_OPTS (code=exited, status=1/FAILURE)
    Process: 1208 ExecStopPost=/usr/lib/unbound/package-helper chroot_teardown (code=exited, status=0/SUCCESS)
   Main PID: 1207 (code=exited, status=1/FAILURE)
        CPU: 68ms

Aug 05 00:29:50 pihole2 systemd[1]: unbound.service: Scheduled restart job, restart counter is at 5.
Aug 05 00:29:50 pihole2 systemd[1]: Stopped Unbound DNS server.
Aug 05 00:29:50 pihole2 systemd[1]: unbound.service: Start request repeated too quickly.
Aug 05 00:29:50 pihole2 systemd[1]: unbound.service: Failed with result 'exit-code'.
Aug 05 00:29:50 pihole2 systemd[1]: Failed to start Unbound DNS server.
Journalctl -xe 
░░ Support: www.debian.org/support
░░
░░ A start job for unit unbound.service has finished with a failure.
░░
░░ The job identifier is 1827 and the job result is failed.
Aug 05 00:14:44 pihole2 systemd[1]: unbound.service: Scheduled restart job, restart counter is at 5.
░░ Subject: Automatic restarting of a unit has been scheduled
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ Automatic restarting of the unit unbound.service has been scheduled, as the result for
░░ the configured Restart= setting for the unit.
Aug 05 00:14:44 pihole2 systemd[1]: Stopped Unbound DNS server.
░░ Subject: A stop job for unit unbound.service has finished
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ A stop job for unit unbound.service has finished.
░░
░░ The job identifier is 1893 and the job result is done.
Aug 05 00:14:44 pihole2 systemd[1]: unbound.service: Start request repeated too quickly.
Aug 05 00:14:44 pihole2 systemd[1]: unbound.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ The unit unbound.service has entered the 'failed' state with result 'exit-code'.
Aug 05 00:14:44 pihole2 systemd[1]: Failed to start Unbound DNS server.
░░ Subject: A start job for unit unbound.service has failed
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ A start job for unit unbound.service has finished with a failure.
░░
░░ The job identifier is 1893 and the job result is failed.
Aug 05 00:17:01 pihole2 CRON[1074]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0)
Aug 05 00:17:01 pihole2 CRON[1075]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
Aug 05 00:17:01 pihole2 CRON[1074]: pam_unix(cron:session): session closed for user root
Aug 05 00:17:11 pihole2 systemd-timesyncd[311]: Timed out waiting for reply from 152.67.232.7:123 (2.debian.pool.ntp.org).
Aug 05 00:17:11 pihole2 systemd-timesyncd[311]: Initial synchronization to time server 162.159.200.123:123 (2.debian.pool.ntp.org).
Aug 05 00:22:37 pihole2 systemd[1]: Starting Cleanup of Temporary Directories...
░░ Subject: A start job for unit systemd-tmpfiles-clean.service has begun execution
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ A start job for unit systemd-tmpfiles-clean.service has begun execution.
░░
░░ The job identifier is 1959.
Aug 05 00:22:37 pihole2 systemd[1]: systemd-tmpfiles-clean.service: Succeeded.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ The unit systemd-tmpfiles-clean.service has successfully entered the 'dead' state.
Aug 05 00:22:37 pihole2 systemd[1]: Finished Cleanup of Temporary Directories.
░░ Subject: A start job for unit systemd-tmpfiles-clean.service has finished successfully
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ A start job for unit systemd-tmpfiles-clean.service has finished successfully.
░░
░░ The job identifier is 1959.
...skipping...
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ An ExecStart= process belonging to unit unbound.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
Aug 05 00:14:44 pihole2 systemd[1]: unbound.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ The unit unbound.service has entered the 'failed' state with result 'exit-code'.
Aug 05 00:14:44 pihole2 systemd[1]: Failed to start Unbound DNS server.
░░ Subject: A start job for unit unbound.service has failed
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ A start job for unit unbound.service has finished with a failure.
░░
░░ The job identifier is 1827 and the job result is failed.
Aug 05 00:14:44 pihole2 systemd[1]: unbound.service: Scheduled restart job, restart counter is at 5.
░░ Subject: Automatic restarting of a unit has been scheduled
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ Automatic restarting of the unit unbound.service has been scheduled, as the result for
░░ the configured Restart= setting for the unit.
Aug 05 00:14:44 pihole2 systemd[1]: Stopped Unbound DNS server.
░░ Subject: A stop job for unit unbound.service has finished
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ A stop job for unit unbound.service has finished.
░░
░░ The job identifier is 1893 and the job result is done.
Aug 05 00:14:44 pihole2 systemd[1]: unbound.service: Start request repeated too quickly.
Aug 05 00:14:44 pihole2 systemd[1]: unbound.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ The unit unbound.service has entered the 'failed' state with result 'exit-code'.
Aug 05 00:14:44 pihole2 systemd[1]: Failed to start Unbound DNS server.
░░ Subject: A start job for unit unbound.service has failed
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ A start job for unit unbound.service has finished with a failure.
░░
░░ The job identifier is 1893 and the job result is failed.
Aug 05 00:17:01 pihole2 CRON[1074]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0)
Aug 05 00:17:01 pihole2 CRON[1075]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
Aug 05 00:17:01 pihole2 CRON[1074]: pam_unix(cron:session): session closed for user root
Aug 05 00:17:11 pihole2 systemd-timesyncd[311]: Timed out waiting for reply from 152.67.232.7:123 (2.debian.pool.ntp.org).
Aug 05 00:17:11 pihole2 systemd-timesyncd[311]: Initial synchronization to time server 162.159.200.123:123 (2.debian.pool.ntp.org).
Aug 05 00:22:37 pihole2 systemd[1]: Starting Cleanup of Temporary Directories...
░░ Subject: A start job for unit systemd-tmpfiles-clean.service has begun execution
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ A start job for unit systemd-tmpfiles-clean.service has begun execution.
░░
░░ The job identifier is 1959.
Aug 05 00:22:37 pihole2 systemd[1]: systemd-tmpfiles-clean.service: Succeeded.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ The unit systemd-tmpfiles-clean.service has successfully entered the 'dead' state.
Aug 05 00:22:37 pihole2 systemd[1]: Finished Cleanup of Temporary Directories.
░░ Subject: A start job for unit systemd-tmpfiles-clean.service has finished successfully
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ A start job for unit systemd-tmpfiles-clean.service has finished successfully.
░░
░░ The job identifier is 1959.
...skipping...
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ An ExecStart= process belonging to unit unbound.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
Aug 05 00:14:44 pihole2 systemd[1]: unbound.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ The unit unbound.service has entered the 'failed' state with result 'exit-code'.
Aug 05 00:14:44 pihole2 systemd[1]: Failed to start Unbound DNS server.
░░ Subject: A start job for unit unbound.service has failed
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ A start job for unit unbound.service has finished with a failure.
░░
░░ The job identifier is 1827 and the job result is failed.
Aug 05 00:14:44 pihole2 systemd[1]: unbound.service: Scheduled restart job, restart counter is at 5.
░░ Subject: Automatic restarting of a unit has been scheduled
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ Automatic restarting of the unit unbound.service has been scheduled, as the result for
░░ the configured Restart= setting for the unit.
Aug 05 00:14:44 pihole2 systemd[1]: Stopped Unbound DNS server.
░░ Subject: A stop job for unit unbound.service has finished
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ A stop job for unit unbound.service has finished.
░░
░░ The job identifier is 1893 and the job result is done.
Aug 05 00:14:44 pihole2 systemd[1]: unbound.service: Start request repeated too quickly.
Aug 05 00:14:44 pihole2 systemd[1]: unbound.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ The unit unbound.service has entered the 'failed' state with result 'exit-code'.
Aug 05 00:14:44 pihole2 systemd[1]: Failed to start Unbound DNS server.
░░ Subject: A start job for unit unbound.service has failed
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ A start job for unit unbound.service has finished with a failure.
░░
░░ The job identifier is 1893 and the job result is failed.
Aug 05 00:17:01 pihole2 CRON[1074]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0)
Aug 05 00:17:01 pihole2 CRON[1075]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
Aug 05 00:17:01 pihole2 CRON[1074]: pam_unix(cron:session): session closed for user root
Aug 05 00:17:11 pihole2 systemd-timesyncd[311]: Timed out waiting for reply from 152.67.232.7:123 (2.debian.pool.ntp.org).
Aug 05 00:17:11 pihole2 systemd-timesyncd[311]: Initial synchronization to time server 162.159.200.123:123 (2.debian.pool.ntp.org).
Aug 05 00:22:37 pihole2 systemd[1]: Starting Cleanup of Temporary Directories...
░░ Subject: A start job for unit systemd-tmpfiles-clean.service has begun execution
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ A start job for unit systemd-tmpfiles-clean.service has begun execution.
░░
░░ The job identifier is 1959.
Aug 05 00:22:37 pihole2 systemd[1]: systemd-tmpfiles-clean.service: Succeeded.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ The unit systemd-tmpfiles-clean.service has successfully entered the 'dead' state.
Aug 05 00:22:37 pihole2 systemd[1]: Finished Cleanup of Temporary Directories.
░░ Subject: A start job for unit systemd-tmpfiles-clean.service has finished successfully
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ A start job for unit systemd-tmpfiles-clean.service has finished successfully.
░░
░░ The job identifier is 1959.
...skipping...
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ An ExecStart= process belonging to unit unbound.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
Aug 05 00:14:44 pihole2 systemd[1]: unbound.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ The unit unbound.service has entered the 'failed' state with result 'exit-code'.
Aug 05 00:14:44 pihole2 systemd[1]: Failed to start Unbound DNS server.
░░ Subject: A start job for unit unbound.service has failed
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ A start job for unit unbound.service has finished with a failure.
░░
░░ The job identifier is 1827 and the job result is failed.
Aug 05 00:14:44 pihole2 systemd[1]: unbound.service: Scheduled restart job, restart counter is at 5.
░░ Subject: Automatic restarting of a unit has been scheduled
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ Automatic restarting of the unit unbound.service has been scheduled, as the result for
░░ the configured Restart= setting for the unit.
Aug 05 00:14:44 pihole2 systemd[1]: Stopped Unbound DNS server.
░░ Subject: A stop job for unit unbound.service has finished
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ A stop job for unit unbound.service has finished.
░░
░░ The job identifier is 1893 and the job result is done.
Aug 05 00:14:44 pihole2 systemd[1]: unbound.service: Start request repeated too quickly.
Aug 05 00:14:44 pihole2 systemd[1]: unbound.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ The unit unbound.service has entered the 'failed' state with result 'exit-code'.
Aug 05 00:14:44 pihole2 systemd[1]: Failed to start Unbound DNS server.
░░ Subject: A start job for unit unbound.service has failed
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ A start job for unit unbound.service has finished with a failure.
░░
░░ The job identifier is 1893 and the job result is failed.
Aug 05 00:17:01 pihole2 CRON[1074]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0)
Aug 05 00:17:01 pihole2 CRON[1075]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
Aug 05 00:17:01 pihole2 CRON[1074]: pam_unix(cron:session): session closed for user root
Aug 05 00:17:11 pihole2 systemd-timesyncd[311]: Timed out waiting for reply from 152.67.232.7:123 (2.debian.pool.ntp.org).
Aug 05 00:17:11 pihole2 systemd-timesyncd[311]: Initial synchronization to time server 162.159.200.123:123 (2.debian.pool.ntp.org).
Aug 05 00:22:37 pihole2 systemd[1]: Starting Cleanup of Temporary Directories...
░░ Subject: A start job for unit systemd-tmpfiles-clean.service has begun execution
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ A start job for unit systemd-tmpfiles-clean.service has begun execution.
░░
░░ The job identifier is 1959.
Aug 05 00:22:37 pihole2 systemd[1]: systemd-tmpfiles-clean.service: Succeeded.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ The unit systemd-tmpfiles-clean.service has successfully entered the 'dead' state.
Aug 05 00:22:37 pihole2 systemd[1]: Finished Cleanup of Temporary Directories.
░░ Subject: A start job for unit systemd-tmpfiles-clean.service has finished successfully
░░ Defined-By: systemd
░░ Support: www.debian.org/support
░░
░░ A start job for unit systemd-tmpfiles-clean.service has finished successfully.
░░
░░ The job identifier is 1959.
WaynePi2@pihole2:~ $

Here's the weirdest part: from all of my research (including this very similar thread from a year ago: Failed to start unbound) the "solution" to my problem is the very same set of Bullseye-required steps that broke my unbound!

Can anyone make heads or tails out of this?? Thanks!

Details about my system:
Brand new RP4 running Raspberry Pi OS Lite 64bit (Debian Bullseye 2023-05-03)
Fully updated at the start of this process
No other software installed beyond PiHole and Unbound (this is my initial configuration)

2

The command

unbound-checkconf

may give additional clues if there is a typo or something wrong in your config file.

1 Like
3

Maybe? Here's the output:

WaynePi2@pihole2:~ $ unbound-checkconf
[1691212985] unbound-checkconf[1753:0] fatal error: interface: 127.0.0.1 present twice, cannot bind same ports twice.

However, when I run
sudo grep -v ‘#\|^$’ -R /etc/unbound/unbound.conf*
to try to find it I can only find the 127.0.0.1 present a single time:

output 
WaynePi2@pihole2:~ $ sudo grep -v ‘#\|^$’ -R /etc/unbound/unbound.conf*
/etc/unbound/unbound.conf:# Unbound configuration file for Debian.
/etc/unbound/unbound.conf:#
/etc/unbound/unbound.conf:# See the unbound.conf(5) man page.
/etc/unbound/unbound.conf:#
/etc/unbound/unbound.conf:# See /usr/share/doc/unbound/examples/unbound.conf for a commented
/etc/unbound/unbound.conf:# reference config file.
/etc/unbound/unbound.conf:#
/etc/unbound/unbound.conf:# The following line includes additional configuration files from the
/etc/unbound/unbound.conf:# /etc/unbound/unbound.conf.d directory.
/etc/unbound/unbound.conf:include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"
/etc/unbound/unbound.conf:include: "/etc/unbound/unbound.conf.d/*conf"
/etc/unbound/unbound.conf.d/pi-hole.conf:server:
/etc/unbound/unbound.conf.d/pi-hole.conf:    # If no logfile is specified, syslog is used
/etc/unbound/unbound.conf.d/pi-hole.conf:    # logfile: "/var/log/unbound/unbound.log"
/etc/unbound/unbound.conf.d/pi-hole.conf:    verbosity: 0
/etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf:    interface: 127.0.0.1
/etc/unbound/unbound.conf.d/pi-hole.conf:    port: 5335
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-ip4: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-udp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-tcp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf:    # May be set to yes if you have IPv6 connectivity
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf:    # You want to leave this to no unless you have *native* IPv6. With 6to4 and
/etc/unbound/unbound.conf.d/pi-hole.conf:    # Terredo tunnels your web browser should favor IPv4 for the same reasons
/etc/unbound/unbound.conf.d/pi-hole.conf:    prefer-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf:    # Use this only when you downloaded the list of primary root servers!
/etc/unbound/unbound.conf.d/pi-hole.conf:    # If you use the default dns-root-data package, unbound will find it automatically
/etc/unbound/unbound.conf.d/pi-hole.conf:    #root-hints: "/var/lib/unbound/root.hints"
/etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf:    # Trust glue only if it is within the server's authority
/etc/unbound/unbound.conf.d/pi-hole.conf:    harden-glue: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf:    # Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
/etc/unbound/unbound.conf.d/pi-hole.conf:    harden-dnssec-stripped: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf:    # Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes
/etc/unbound/unbound.conf.d/pi-hole.conf:    # see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
/etc/unbound/unbound.conf.d/pi-hole.conf:    use-caps-for-id: no
/etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf:    # Reduce EDNS reassembly buffer size.
/etc/unbound/unbound.conf.d/pi-hole.conf:    # IP fragmentation is unreliable on the Internet today, and can cause
/etc/unbound/unbound.conf.d/pi-hole.conf:    # transmission failures when large DNS messages are sent via UDP. Even
/etc/unbound/unbound.conf.d/pi-hole.conf:    # when fragmentation does work, it may not be secure; it is theoretically
/etc/unbound/unbound.conf.d/pi-hole.conf:    # possible to spoof parts of a fragmented DNS message, without easy
/etc/unbound/unbound.conf.d/pi-hole.conf:    # detection at the receiving end. Recently, there was an excellent study
/etc/unbound/unbound.conf.d/pi-hole.conf:    # >>> Defragmenting DNS - Determining the optimal maximum UDP response size for DNS <<<
/etc/unbound/unbound.conf.d/pi-hole.conf:    # by Axel Koolhaas, and Tjeerd Slokker (https://indico.dns-oarc.net/event/36/contributions/776/)
/etc/unbound/unbound.conf.d/pi-hole.conf:    # in collaboration with NLnet Labs explored DNS using real world data from the
/etc/unbound/unbound.conf.d/pi-hole.conf:    # the RIPE Atlas probes and the researchers suggested different values for
/etc/unbound/unbound.conf.d/pi-hole.conf:    # IPv4 and IPv6 and in different scenarios. They advise that servers should
/etc/unbound/unbound.conf.d/pi-hole.conf:    # be configured to limit DNS messages sent over UDP to a size that will not
/etc/unbound/unbound.conf.d/pi-hole.conf:    # trigger fragmentation on typical network links. DNS servers can switch
/etc/unbound/unbound.conf.d/pi-hole.conf:    # from UDP to TCP when a DNS response is too big to fit in this limited
/etc/unbound/unbound.conf.d/pi-hole.conf:    # buffer size. This value has also been suggested in DNS Flag Day 2020.
/etc/unbound/unbound.conf.d/pi-hole.conf:    edns-buffer-size: 1232
/etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf:    # Perform prefetching of close to expired message cache entries
/etc/unbound/unbound.conf.d/pi-hole.conf:    # This only applies to domains that have been frequently queried
/etc/unbound/unbound.conf.d/pi-hole.conf:    prefetch: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf:    # One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.
/etc/unbound/unbound.conf.d/pi-hole.conf:    num-threads: 1
/etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf:    # Ensure kernel buffer is large enough to not lose messages in traffic spikes
/etc/unbound/unbound.conf.d/pi-hole.conf:    so-rcvbuf: 1m
/etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf:    # Ensure privacy of local IP ranges
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 192.168.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 169.254.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 172.16.0.0/12
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 10.0.0.0/8
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: fd00::/8
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: fe80::/10
/etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf:auto-trust-anchor-file: "/var/lib/unbound/root.key"
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:server:
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:    # The following line will configure unbound to perform cryptographic
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:    # DNSSEC validation using the root trust anchor.
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:    auto-trust-anchor-file: "/var/lib/unbound/root.key"

I'm a total amateur at this, so it's entirely possible I'm looking in the wrong place! What's weird is that it seemed to be working just fine before I did those final Bullseye+ steps in the tutorial and none of them would have added or changed anything about interface binding?

4

I'm not sure if this links to your problem but I think you have an extra line right at the end of your pi-hole.conf file which isn't in the config on the docs site (or in my own install of it here). You can see it in the 5th line up from the end of your paste:

/etc/unbound/unbound.conf.d/pi-hole.conf:auto-trust-anchor-file: "/var/lib/unbound/root.key"

That line belongs in the root-auto-trust-anchor-file.conf file, and is indeed in that file as you can see right at the end of your paste.

/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:    auto-trust-anchor-file: "/var/lib/unbound/root.key"

Check if that line really is there by opening the file in nano (or your favourite editor):

sudo nano /etc/unbound/unbound.conf.d/pi-hole.conf

Go to the very end and after the IP ranges at the end do you have this extra line present?

auto-trust-anchor-file: "/var/lib/unbound/root.key"

If so, that shouldn't be there so delete it and save the config.

Then do a reboot to see how services are starting and sorting themselves out from a clean start. It will also confirm that Unbound is only trying to start one instance.

sudo reboot

Once it's back up, ssh back in and try the test validation steps again to see if it's working.

5

One of above two lines doesnt belong there causing unbound to load config files twice.

Below is for Buster:

pi@ph5a:~ $ lsb_release -d
Description:    Raspbian GNU/Linux 10 (buster)

pi@ph5a:~ $ sudo rgrep -v '^ *#\|^$' /etc/unbound/unbound.conf*
/etc/unbound/unbound.conf:include: "/etc/unbound/unbound.conf.d/*.conf"

And below for Bullseye:

pi@ph5b:~ $ lsb_release -d
Description:    Raspbian GNU/Linux 11 (bullseye)

pi@ph5b:~ $ sudo rgrep -v '^ *#\|^$' /etc/unbound/unbound.conf*
/etc/unbound/unbound.conf:include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"

Depending major Debian release, remove the other line so you have only one include line.

1 Like
6

Sorry didnt see that at first, remove the include: "/etc/unbound/unbound.conf.d/*.conf line.
Mine looks like below for Bullseye:

pi@ph5b:~ $ sudo rgrep -v '^ *#\|^$' /etc/unbound/unbound.conf*
/etc/unbound/unbound.conf:include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:server:
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:    auto-trust-anchor-file: "/var/lib/unbound/root.key"
/etc/unbound/unbound.conf.d/pi-hole.conf:server:
/etc/unbound/unbound.conf.d/pi-hole.conf:    verbosity: 0
/etc/unbound/unbound.conf.d/pi-hole.conf:    interface: 127.0.0.1
/etc/unbound/unbound.conf.d/pi-hole.conf:    port: 5335
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-ip4: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-udp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-tcp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf:    prefer-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf:    harden-glue: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    harden-dnssec-stripped: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    use-caps-for-id: no
/etc/unbound/unbound.conf.d/pi-hole.conf:    edns-buffer-size: 1232
/etc/unbound/unbound.conf.d/pi-hole.conf:    prefetch: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    num-threads: 1
/etc/unbound/unbound.conf.d/pi-hole.conf:    so-rcvbuf: 1m
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 192.168.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 169.254.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 172.16.0.0/12
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 10.0.0.0/8
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: fd00::/8
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: fe80::/10
7

10 posts were split to a new topic: Unbound seems to only be partially working

8

I've split your posts into a separate topic, as it would seem that your original issue of unbound not starting has been successfully addressed. :wink:

Please consider to mark an appropriate post as solution.

9

Thanks for the help Bucking_Horn. In order to mark a solution, I'll just copy paste this section from one of the posts that was moved in the split:

Removing the additional "include" line didn't fix unbound, so I eventually decided to start from scratch and do a complete reinstall of my RP4 (including reinstalling pihole + a teleporter settings restore) and strictly followed the official unbound tutorial steps.

1 Like
10

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.