Unbound won't start with "Enable Forwarding Mode" checked – 2.2-RELEASE
-
Just what the title says - nothing (and I mean literally nothing) in the logs. Anyone else seeing this? FWIW I was using Unbound in 2.1.5 before the upgrade, but IIRC there was no forwarding mode option.
Thanks,
Matt -
Likely somehow related to the package having been on there, though we fixed every issue we'd heard of there.
There should be something in the system or resolver log where unbound fails to start. Or if nothing else, go to a command prompt and run 'unbound -c /var/unbound/unbound.conf' and it'll spit out why it won't start.
-
Thanks –
Here's what I get:
/var/unbound/unbound.conf:95: error: syntax error read /var/unbound/unbound.conf failed: 1 errors in configuration file [1422088877] unbound[93245:0] fatal error: Could not read config file: /var/unbound/unbound.conf
I renamed /var/unbound/unbound.conf and let the GUI create a new one. Same error. Here's the config file:
########################## # Unbound Configuration ########################## ## # Server configuration ## server: chroot: /var/unbound username: "unbound" directory: "/var/unbound" pidfile: "/var/run/unbound.pid" use-syslog: yes port: 53 verbosity: 1 hide-identity: no hide-version: no harden-referral-path: no harden-glue: yes do-ip4: yes do-ip6: yes do-udp: yes do-tcp: yes do-daemonize: yes module-config: "iterator" unwanted-reply-threshold: 0 num-queries-per-thread: 512 jostle-timeout: 200 infra-host-ttl: 900 infra-cache-numhosts: 50000 outgoing-num-tcp: 10 incoming-num-tcp: 10 edns-buffer-size: 4096 cache-max-ttl: 86400 cache-min-ttl: 0 harden-dnssec-stripped: no msg-cache-size: 100m num-threads: 1 msg-cache-slabs: 4 rrset-cache-slabs: 4 infra-cache-slabs: 4 key-cache-slabs: 4 rrset-cache-size: 8m outgoing-range: 4096 #so-rcvbuf: 4m prefetch: yes prefetch-key: yes # Statistics # Unbound Statistics statistics-interval: 0 extended-statistics: yes statistics-cumulative: yes # Interface IP(s) to bind to interface: 0.0.0.0 interface: ::0 interface-automatic: yes # DNS Rebinding # For DNS Rebinding prevention private-address: 10.0.0.0/8 private-address: 172.16.0.0/12 private-address: 169.254.0.0/16 private-address: 192.168.0.0/16 private-address: fd00::/8 private-address: fe80::/10 # Set private domains in case authoritative name server returns a Private IP address # Access lists include: /var/unbound/access_lists.conf # Static host entries include: /var/unbound/host_entries.conf # dhcp lease entries include: /var/unbound/dhcpleases_entries.conf # Domain overrides include: /var/unbound/domainoverrides.conf # Forwarding forward-zone: name: "." forward-addr: 127.0.0.1 forward-addr: 198.188.2.69 forward-addr: 8.8.4.4 forward-addr: 8.8.8.8 # Unbound custom options statistics-interval: 300 statistics-cumulative: no extended-statistics: no ### # Remote Control Config ### include: /var/unbound/remotecontrol.conf
I commented out the three custom options at lines 95-97, and now it starts fine.
M
-
Edit-
I apologize, i have misread the title. After the update my unbound would not start at all! The fix for me is as i describe it below.However i now have the same problem as "whosmatt"! If i enable the forwarding mode, i lose dns!
~~Hi, i just finished troubleshooting this error after upgrading an hour ago.
My Solution:
Click on –-> Services: DNS Resolver---->click(untick~~ -
I followed "cmb" advice and this is what i get back. What does it mean?
$ unbound -c /var/unbound/unbound.conf [1422117824] unbound[69703:0] debug: creating udp6 socket :: 53 [1422117824] unbound[69703:0] error: bind: address already in use [1422117824] unbound[69703:0] fatal error: could not open ports
It was working fine before the upgrade!
Any advice? -
Seems like dnsmasq (services > dnsforwarder) is still running and shouldn't be.
Something is holding port 53 hostage.
-
I followed "cmb" advice and this is what i get back. What does it mean?
$ unbound -c /var/unbound/unbound.conf [1422117824] unbound[69703:0] debug: creating udp6 socket :: 53 [1422117824] unbound[69703:0] error: bind: address already in use [1422117824] unbound[69703:0] fatal error: could not open ports
It was working fine before the upgrade!
Any advice?The culprit was "Harden DNSSEC data" was checked on.
I am using alternate dns servers to the one my ISP is providing. Apparently they do not honor this feature! I knew this in advance as i had noticed the logs in the previous version of pfsense but Unbound would continue to serve requests. After the upgrade this behavior changed into dropping requests if "Harden DNSSEC data" was checked on.
8.8.8.8(google) honors this feature but i do not use google for my dns requests.
So unchecking this feature solved the problem for me.@kejianshi
Thank you for trying to help me out. I appreciate it. -
I doubt that was the problem - what would that have to do with something else running on the port
[1422117824] unbound[69703:0] debug: creating udp6 socket :: 53
[1422117824] unbound[69703:0] error: bind: address already in use
[1422117824] unbound[69703:0] fatal error: could not open portsFrom how I read the is something was already listening on udp6 port 53.. That has nothing to do with if unbound is set to "Harden DNSSEC data" or not..