Can't enable unbound-control
-
Hi,
since I didn't find a specific option in the unbound configuration, I added this under custom options:
remote-control: control-enable: yes control-interface: 127.0.0.1 control-interface: ::1 control-port: 8953However, after restarting the service it still says that
control-enableis'no':[2.7.2-RELEASE][admin@fw-ecuador-00.siu.edu.ar]/root: unbound-control stats_noreset [1740747194] unbound-control[5960:0] warning: control-enable is 'no' in the config file. [1740747194] unbound-control[5960:0] error: connect: Connection refused for 127.0.0.1 port 8953What am I doing wrong?
-
Well... the resolver wasn't actually running because of a misconfiguration (though I couldn't see that in the GUI logs, I found out checking
/var/log/system.log:Feb 28 10:45:20 fw-ecuador-00 php-fpm[8951]: /services_unbound.php: The command '/usr/local/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '[1740750320] unbound[68385:0] error: can't bind socket: Address already in use for 127.0.0.1 port 953 [1740750320] unbound[68385:0] error: cannot open control interface 127.0.0.1 953 [1740750320] unbound[68385:0] fatal error: could not open ports'Now... why would it try to open port
953when I configured8953?: -
@el_baby said in Can't enable unbound-control:
What am I doing wrong?
This :
@el_baby said in Can't enable unbound-control:
[2.7.2-RELEASE][admin@fw-ecuador-00.siu.edu.ar]/root: unbound-control stats_noreset
is not enough.
unbound-control with instructions, looks for the unbound control file here /usr/local/etc/unbound/unbound.conf
(go have a look - it isn't there, and if it does exists, that isn't the file actually used).The unbound.conf file used by pfSense is here /var/unbound/unbound.conf
Ask pfSense ^^ :[25.03-BETA][root@pfSense.bhf.tld]/root: ps aux | grep unbound unbound 10684 0.8 4.9 223092 197948 - Ss Wed15 47:05.20 /usr/local/sbin/unbound -c /var/unbound/unbound.conf ......also, is unbound listening on 8953 by default on local host ?
[25.03-BETA][root@pfSense.bhf.tld]/root: sockstat -4 | grep 'unbound' unbound unbound 10684 5 udp4 *:53 *:* unbound unbound 10684 6 tcp4 *:53 *:* unbound unbound 10684 7 tcp4 127.0.0.1:953 *:* ....so it's port 953 (in my case).
Double check :
Cat /var/unbound/unbound.conf :
which tells you to look in /var/unbound/remotecontrol.conf
and there :[25.03-BETA][root@pfSense.bhf.tld]/root: cat /var/unbound/remotecontrol.conf remote-control: control-enable: yes control-interface: 127.0.0.1 control-port: 953 server-key-file: "/var/unbound/unbound_server.key" server-cert-file: "/var/unbound/unbound_server.pem" control-key-file: "/var/unbound/unbound_control.key" control-cert-file: "/var/unbound/unbound_control.pem"Btw : Don't change these files yourself with a text editor. The pfSense recreates these files constantly, your edit will be gone in no time.
So, out of the box, this works :
unbound-control -c /var/unbound/unbound.conf stats_nores -
Thanx a lot @Gertjan
That was it. It was listening on port 953.
Since I had not seen any configuration option in the UI I thought it was disabled.