Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unbound DNS Resolver not starting

    Scheduled Pinned Locked Moved DHCP and DNS
    24 Posts 4 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • GertjanG
      Gertjan @KKIT
      last edited by Gertjan

      @KKIT said in Unbound DNS Resolver not starting:

      I am pretty sure it has something to do with pfBLockerNG messing up my config file.

      Easy to test.
      Remove pfBlockerng from your pfSEnse, and get a copy from the unbound config file.
      /var/unbound/unbound.conf

      Install pfBlockerng, activate it, give it some DNSBL feeds and get a copy again from the unbound config file.

      Compare the two copies.

      You'll find a single difference, at the end :
      If you use Python mode :

      # Python Module
python:
python-script: pfb_unbound.py

      IMHO : this small python script file is very well tested by now.

      Not python mode :
      It "includes" a (one) 'master DNSBL' file ... forget about that file, as I switched to python mode (after years asking for it).

      So, no, sorry, dead end.

      pfBlockerng can restart unbound ones in a while (you decide how often).
      But pfBlockerng isn't the only one doing so, other, network events for example, can also restart many services.

      Edit :

      Your unbound. conf file is rather big = 4k.
      Mine is just over 2k.
      Can you show it ?

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      K 1 Reply Last reply Reply Quote 0
      • K
        KKIT @Gertjan
        last edited by KKIT

        @Gertjan

        Sure

        ##########################

        Unbound Configuration

        ##########################

        Server configuration

        server:

        chroot: /var/unbound
        username: "unbound"
        directory: "/var/unbound"
        pidfile: "/var/run/unbound.pid"
        use-syslog: yes
        port: 53
        verbosity: 1
        hide-identity: yes
        hide-version: yes
        harden-glue: yes
        do-ip4: yes
        do-ip6: yes
        do-udp: yes
        do-tcp: yes
        do-daemonize: yes
        module-config: "iterator"
        unwanted-reply-threshold: 0
        num-queries-per-thread: 512
        jostle-timeout: 200
        infra-keep-probing: yes
        infra-host-ttl: 900
        infra-cache-numhosts: 10000
        outgoing-num-tcp: 10
        incoming-num-tcp: 10
        edns-buffer-size: 1432
        cache-max-ttl: 86400
        cache-min-ttl: 0
        harden-dnssec-stripped: no
        msg-cache-size: 4m
        rrset-cache-size: 8m

        num-threads: 4
        msg-cache-slabs: 4
        rrset-cache-slabs: 4
        infra-cache-slabs: 4
        key-cache-slabs: 4
        outgoing-range: 4096
        #so-rcvbuf: 4m

        prefetch: yes
        prefetch-key: yes
        use-caps-for-id: no
        serve-expired: no
        sock-queue-timeout: 0
        aggressive-nsec: no

        Statistics

        Unbound Statistics

        statistics-interval: 0
        extended-statistics: yes
        statistics-cumulative: yes

        TLS Configuration

        tls-cert-bundle: "/etc/ssl/cert.pem"

        Interface IP addresses to bind to

        interface: WAN NODE B
        interface: 172.16.71.2
        interface: 2001:0db8:85a3:0000:0000:8a2e:0370:7334
        interface: 172.16.1.2
        interface: 10.0.20.2
        interface: 10.0.30.2
        interface: 10.0.90.2
        interface: 10.0.91.2
        interface: 10.0.31.2
        interface: 172.16.71.1
        interface: WAN NODE A
        interface: 10.0.20.1
        interface: 10.0.30.1
        interface: 10.0.90.1
        interface: 10.172.17.1
        interface: 10.0.91.1
        interface: NETWORK A
        interface: NETWORK B
        interface: NETWORK C
        interface: 10.0.40.1
        interface: NETWORK D
        interface: NETWORK E
        interface: 10.0.31.1
        interface: NETWORK F
        interface: 127.0.0.1
        interface: ::1

        Outgoing interfaces to be used

        outgoing-interface: WAN NODE B
        outgoing-interface: 172.16.71.2
        outgoing-interface: xxx
        outgoing-interface: 172.16.1.2
        outgoing-interface: 10.0.20.2
        outgoing-interface: 10.0.30.2
        outgoing-interface: 10.0.90.2
        outgoing-interface: 10.0.91.2
        outgoing-interface: 10.0.31.2
        outgoing-interface: 172.16.71.1
        outgoing-interface: WAN NODE A
        outgoing-interface: 10.0.20.1
        outgoing-interface: 10.0.30.1
        outgoing-interface: 10.0.90.1
        outgoing-interface: 10.172.17.1
        outgoing-interface: 10.0.91.1
        outgoing-interface: NETWORK A
        outgoing-interface: NETWORK B
        outgoing-interface: NETWORK C
        outgoing-interface: 10.0.40.1
        outgoing-interface: NETWORK D
        outgoing-interface: NETWORK E
        outgoing-interface: 10.0.31.1
        outgoing-interface: NETWORK F
        outgoing-interface: 127.0.0.1
        outgoing-interface: ::1

        DNS Rebinding

        For DNS Rebinding prevention

        private-address: 127.0.0.0/8
        private-address: 10.0.0.0/8
        private-address: ::ffff:a00:0/104
        private-address: 172.16.0.0/12
        private-address: ::ffff:ac10:0/108
        private-address: 169.254.0.0/16
        private-address: ::ffff:a9fe:0/112
        private-address: 192.168.0.0/16
        private-address: ::ffff:c0a8:0/112
        private-address: fd00::/8
        private-address: fe80::/10

        Access lists

        include: /var/unbound/access_lists.conf

        Static host entries

        include: /var/unbound/host_entries.conf

        dhcp lease entries

        include: /var/unbound/dhcpleases_entries.conf

        Domain overrides

        include: /var/unbound/domainoverrides.conf

        Forwarding

        forward-zone:
        name: "."
        forward-tls-upstream: yes
        forward-addr: ::1@853
        forward-addr: 1.1.1.1@853#one.one.one.one
        forward-addr: 1.0.0.1@853#one.one.one.one
        forward-addr: 8.8.8.8@853#dns.google
        forward-addr: 8.8.4.4@853#dns.google

        Remote Control Config

        include: /var/unbound/remotecontrol.conf

        GertjanG 1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan @KKIT
          last edited by

          @KKIT

          Worth trying for a while : instead of detailing all interface roles, go for the simple :

          c11c6bf4-02d0-492b-83ad-75b36a60fe8e-image.png

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          K 1 Reply Last reply Reply Quote 0
          • K
            KKIT @Gertjan
            last edited by

            @Gertjan

            Unbelievable, it worked. I can't wrap my head around why that would be the case though. Thank you so much for taking the time man

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.