Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unbound not logging queries

    Scheduled Pinned Locked Moved Plus 23.01 Development Snapshots (Retired)
    17 Posts 2 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jimpJ
      jimp Rebel Alliance Developer Netgate
      last edited by

      Do you have any specific interfaces selected in the Unbound config, such as for Network Interfaces or Outgoing Network Interfaces?

      Do you mind posting your /var/unbound/unbound.conf file? You can mask any private info such as subnets, so long as it's replaced by an equivalent dummy value (e.g. replace 10.1.2.3/24 with x.x.x.3/24 and soon).

      Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      M 1 Reply Last reply Reply Quote 0
      • M
        maverick_slo
        last edited by

        Sure, here it is:

        ##########################
        # Unbound Configuration
        ##########################
        
        ##
        # Server configuration
        ##
        server:
        
        chroot: /var/unbound
        username: "unbound"
        directory: "/var/unbound"
        pidfile: "/var/run/unbound.pid"
        use-syslog: yes
        port: 53
        verbosity: 0
        hide-identity: yes
        hide-version: yes
        harden-glue: yes
        do-ip4: yes
        do-ip6: yes
        do-udp: yes
        do-tcp: yes
        do-daemonize: yes
        module-config: "validator iterator"
        unwanted-reply-threshold: 0
        num-queries-per-thread: 512
        jostle-timeout: 200
        infra-keep-probing: yes
        infra-host-ttl: 900
        infra-cache-numhosts: 10000
        outgoing-num-tcp: 10
        incoming-num-tcp: 10
        edns-buffer-size: 1432
        cache-max-ttl: 86400
        cache-min-ttl: 0
        harden-dnssec-stripped: no
        msg-cache-size: 10m
        rrset-cache-size: 20m
        
        num-threads: 3
        msg-cache-slabs: 2
        rrset-cache-slabs: 2
        infra-cache-slabs: 2
        key-cache-slabs: 2
        outgoing-range: 4096
        #so-rcvbuf: 4m
        auto-trust-anchor-file: /var/unbound/root.key
        prefetch: yes
        prefetch-key: yes
        use-caps-for-id: no
        serve-expired: no
        aggressive-nsec: no
        # Statistics
        # Unbound Statistics
        statistics-interval: 0
        extended-statistics: yes
        statistics-cumulative: yes
        
        # TLS Configuration
        tls-cert-bundle: "/etc/ssl/cert.pem"
        
        # Interface IP addresses to bind to
        interface: 10.10.0.1
        interface: 2001:XXX:XXXX::1
        interface: 172.16.16.1
        interface: 2001:XXX:XXXX:1::1
        interface: 192.168.100.1
        interface: 2001:XXX:XXXX:2::1
        interface: 192.168.200.1
        interface: 127.0.0.1
        interface: ::1
        
        
        # DNS Rebinding
        
        
        
        
        # Access lists
        include: /var/unbound/access_lists.conf
        
        # Static host entries
        include: /var/unbound/host_entries.conf
        
        # dhcp lease entries
        include: /var/unbound/dhcpleases_entries.conf
        
        # OpenVPN client entries
        include: /var/unbound/openvpn.*.conf
        
        # Domain overrides
        include: /var/unbound/domainoverrides.conf
        
        
        # Unbound custom options
        server:
        log-queries: yes
        domain-insecure:localdomain.local
        
        
        
        ###
        # Remote Control Config
        ###
        include: /var/unbound/remotecontrol.conf
        
        1 Reply Last reply Reply Quote 0
        • M
          maverick_slo @jimp
          last edited by

          @jimp
          As for interfaces, outgoing: ALL
          Listening on:
          afb093e2-283e-4a95-af31-a441ffd4fc04-image.png

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            As a test can you try to see if it happens if you have nothing selected in either interface box? Having 'all' selected should be equivalent, but it's still better to test with everything unset.

            Also, are all of the selected interfaces static (IPv4 and IPV6)?

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            M 1 Reply Last reply Reply Quote 0
            • M
              maverick_slo @jimp
              last edited by

              @jimp The following input errors were detected:

              One or more Network Interfaces must be selected for binding.
              One or more Outgoing Network Interfaces must be selected.
              

              All interfaces are static

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                OK, so pick 'All' there, that must have been fixed up at some point. In some of those controls in other parts of the GUI, selecting nothing is the same as selecting "All".

                Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                M 1 Reply Last reply Reply Quote 0
                • M
                  maverick_slo @jimp
                  last edited by

                  Did it:

                  ##########################
                  # Unbound Configuration
                  ##########################
                  
                  ##
                  # Server configuration
                  ##
                  server:
                  
                  chroot: /var/unbound
                  username: "unbound"
                  directory: "/var/unbound"
                  pidfile: "/var/run/unbound.pid"
                  use-syslog: yes
                  port: 53
                  verbosity: 0
                  hide-identity: yes
                  hide-version: yes
                  harden-glue: yes
                  do-ip4: yes
                  do-ip6: yes
                  do-udp: yes
                  do-tcp: yes
                  do-daemonize: yes
                  module-config: "validator iterator"
                  unwanted-reply-threshold: 0
                  num-queries-per-thread: 512
                  jostle-timeout: 200
                  infra-keep-probing: yes
                  infra-host-ttl: 900
                  infra-cache-numhosts: 10000
                  outgoing-num-tcp: 10
                  incoming-num-tcp: 10
                  edns-buffer-size: 1232
                  cache-max-ttl: 86400
                  cache-min-ttl: 0
                  harden-dnssec-stripped: no
                  msg-cache-size: 10m
                  rrset-cache-size: 20m
                  
                  num-threads: 3
                  msg-cache-slabs: 2
                  rrset-cache-slabs: 2
                  infra-cache-slabs: 2
                  key-cache-slabs: 2
                  outgoing-range: 4096
                  #so-rcvbuf: 4m
                  auto-trust-anchor-file: /var/unbound/root.key
                  prefetch: yes
                  prefetch-key: yes
                  use-caps-for-id: no
                  serve-expired: no
                  aggressive-nsec: no
                  # Statistics
                  # Unbound Statistics
                  statistics-interval: 0
                  extended-statistics: yes
                  statistics-cumulative: yes
                  
                  # TLS Configuration
                  tls-cert-bundle: "/etc/ssl/cert.pem"
                  
                  # Interface IP addresses to bind to
                  interface-automatic: yes
                  
                  
                  # DNS Rebinding
                  
                  
                  
                  
                  # Access lists
                  include: /var/unbound/access_lists.conf
                  
                  # Static host entries
                  include: /var/unbound/host_entries.conf
                  
                  # dhcp lease entries
                  include: /var/unbound/dhcpleases_entries.conf
                  
                  # OpenVPN client entries
                  include: /var/unbound/openvpn.*.conf
                  
                  # Domain overrides
                  include: /var/unbound/domainoverrides.conf
                  
                  
                  # Unbound custom options
                  server:
                  log-queries: yes
                  domain-insecure:localdomain.local
                  
                  
                  
                  ###
                  # Remote Control Config
                  ###
                  include: /var/unbound/remotecontrol.conf
                  

                  Same result..

                  1 Reply Last reply Reply Quote 0
                  • jimpJ
                    jimp Rebel Alliance Developer Netgate
                    last edited by

                    OK, I wanted to rule out some changes I made that would only trigger in certain cases when specific interfaces were selected. If it's the same with/without then you can put it back the way it was for now.

                    Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    M 1 Reply Last reply Reply Quote 0
                    • M
                      maverick_slo @jimp
                      last edited by

                      I noticed that last lines in resolver logs are always
                      3ee120c7-55eb-4ab3-aa0c-e4d1e8e186bf-image.png

                      Maybe race condition?

                      1 Reply Last reply Reply Quote 0
                      • jimpJ
                        jimp Rebel Alliance Developer Netgate
                        last edited by

                        Wouldn't be related, filterdns isn't tied into unbound except that it would run queries against it (if the system is set to do so).

                        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        M 1 Reply Last reply Reply Quote 1
                        • M
                          maverick_slo @jimp
                          last edited by

                          Hmm maybe just delay unbound start, move it down the list?

                          1 Reply Last reply Reply Quote 0
                          • jimpJ
                            jimp Rebel Alliance Developer Netgate
                            last edited by

                            There are a lot of catch-22/chicken-egg scenarios there because a lot of things need DNS so Unbound has to be up early.

                            It's not clear why it isn't logging for you when it is for others (including me).

                            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                            Need help fast? Netgate Global Support!

                            Do not Chat/PM for help!

                            M 1 Reply Last reply Reply Quote 0
                            • M
                              maverick_slo @jimp
                              last edited by

                              From what I see, it respects the logging level set to "0" in advanced config.
                              If I select query level log there it will log... But it will also send huge amount of data to my siem which I dont want it to... I just want to log queries and no more... It seems like its not respecting custom options at boot time...

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.