Unbound won't start with "Enable Forwarding Mode" checked – 2.2-RELEASE



  • Just what the title says - nothing (and I mean literally nothing) in the logs.  Anyone else seeing this?  FWIW I was using Unbound in 2.1.5 before the upgrade, but IIRC there was no forwarding mode option.

    Thanks,
    Matt



  • Likely somehow related to the package having been on there, though we fixed every issue we'd heard of there.

    There should be something in the system or resolver log where unbound fails to start. Or if nothing else, go to a command prompt and run 'unbound -c /var/unbound/unbound.conf' and it'll spit out why it won't start.



  • Thanks –

    Here's what I get:

    /var/unbound/unbound.conf:95: error: syntax error
    read /var/unbound/unbound.conf failed: 1 errors in configuration file
    [1422088877] unbound[93245:0] fatal error: Could not read config file: /var/unbound/unbound.conf
    

    I renamed /var/unbound/unbound.conf and let the GUI create a new one.  Same error.  Here's the config file:

    ##########################
    # Unbound Configuration
    ##########################
    
    ##
    # Server configuration
    ##
    server:
    
    chroot: /var/unbound
    username: "unbound"
    directory: "/var/unbound"
    pidfile: "/var/run/unbound.pid"
    use-syslog: yes
    port: 53
    verbosity: 1
    hide-identity: no
    hide-version: no
    harden-referral-path: no
    harden-glue: yes
    do-ip4: yes
    do-ip6: yes
    do-udp: yes
    do-tcp: yes
    do-daemonize: yes
    module-config: "iterator"
    unwanted-reply-threshold: 0
    num-queries-per-thread: 512
    jostle-timeout: 200
    infra-host-ttl: 900
    infra-cache-numhosts: 50000
    outgoing-num-tcp: 10
    incoming-num-tcp: 10
    edns-buffer-size: 4096
    cache-max-ttl: 86400
    cache-min-ttl: 0
    harden-dnssec-stripped: no
    msg-cache-size: 100m
    num-threads: 1
    msg-cache-slabs: 4
    rrset-cache-slabs: 4
    infra-cache-slabs: 4
    key-cache-slabs: 4
    rrset-cache-size: 8m
    outgoing-range: 4096
    #so-rcvbuf: 4m
    
    prefetch: yes
    prefetch-key: yes
    # Statistics
    # Unbound Statistics
    statistics-interval: 0
    extended-statistics: yes
    statistics-cumulative: yes
    
    # Interface IP(s) to bind to
    interface: 0.0.0.0
    interface: ::0
    interface-automatic: yes
    
    # DNS Rebinding
    # For DNS Rebinding prevention
    private-address: 10.0.0.0/8
    private-address: 172.16.0.0/12
    private-address: 169.254.0.0/16
    private-address: 192.168.0.0/16
    private-address: fd00::/8
    private-address: fe80::/10
    # Set private domains in case authoritative name server returns a Private IP address
    
    # Access lists
    include: /var/unbound/access_lists.conf
    
    # Static host entries
    include: /var/unbound/host_entries.conf
    
    # dhcp lease entries
    include: /var/unbound/dhcpleases_entries.conf
    
    # Domain overrides
    include: /var/unbound/domainoverrides.conf
    # Forwarding
    forward-zone:
    	name: "."
    	forward-addr: 127.0.0.1
    	forward-addr: 198.188.2.69
    	forward-addr: 8.8.4.4
    	forward-addr: 8.8.8.8
    
    # Unbound custom options
    statistics-interval: 300
    statistics-cumulative: no
    extended-statistics: no
    
    ###
    # Remote Control Config
    ###
    include: /var/unbound/remotecontrol.conf
    

    I commented out the three custom options at lines 95-97, and now it starts fine.

    M



  • Edit-
    I apologize, i have misread the title. After the update my unbound would not start at all! The fix for me is as i describe it below.

    However i now have the same problem as "whosmatt"! If i enable the forwarding mode, i lose dns!

    ~~Hi, i just finished troubleshooting this error after upgrading an hour ago.

    My Solution:
    Click on –->  Services: DNS Resolver---->click(untick~~



  • I followed "cmb" advice and this is what i get back. What does it mean?

    $ unbound -c /var/unbound/unbound.conf
    [1422117824] unbound[69703:0] debug: creating udp6 socket :: 53
    [1422117824] unbound[69703:0] error: bind: address already in use
    [1422117824] unbound[69703:0] fatal error: could not open ports
    
    

    It was working fine before the upgrade!
    Any advice?



  • Seems like dnsmasq (services > dnsforwarder) is still running and shouldn't be.

    Something is holding port 53 hostage.



  • @Talos:

    I followed "cmb" advice and this is what i get back. What does it mean?

    $ unbound -c /var/unbound/unbound.conf
    [1422117824] unbound[69703:0] debug: creating udp6 socket :: 53
    [1422117824] unbound[69703:0] error: bind: address already in use
    [1422117824] unbound[69703:0] fatal error: could not open ports
     
    

    It was working fine before the upgrade!
    Any advice?

    The culprit was "Harden DNSSEC data" was checked on.
    I am using alternate dns servers to the one my ISP is providing. Apparently they do not honor this feature! I knew this in advance as i had noticed the logs in the previous version of pfsense but Unbound would continue to serve requests. After the upgrade this behavior changed into dropping requests if "Harden DNSSEC data" was checked on.
    8.8.8.8(google) honors this feature but i do not use google for my dns requests.
    So unchecking this feature solved the problem for me.

    @kejianshi
    Thank you for trying to help me out. I appreciate it.


  • LAYER 8 Global Moderator

    I doubt that was the problem - what would that have to do with something else running on the port

    [1422117824] unbound[69703:0] debug: creating udp6 socket :: 53
    [1422117824] unbound[69703:0] error: bind: address already in use
    [1422117824] unbound[69703:0] fatal error: could not open ports

    From how I read the is something was already listening on udp6 port 53..  That has nothing to do with if unbound is set to "Harden DNSSEC data" or not..


Log in to reply