Unbound - Configfile not used?!

Creating a bug report/issue

I have searched the existing open and closed issues

Required Information

• DietPi version | 9.15.2
• Distro version | Bookworm0
• Kernel version | Linux DietPi 6.12.34+rpt-rpi-v8 #1 SMP PREEMPT Debian 1:6.12.34-1+rpt1~bookworm (2025-06-26) aarch64 GNU/Linux
• Architecture | arm64
• SBC model | RPi 4 Model B (aarch64)
• Power supply used | Raspberry Pi, 5,1 V, 3,0 A, USB Type-C
• SD card used | SanDisk ultra

Steps to reproduce

Installed and setup Pi-hole, Unbound and Fail2Ban on DietPi.

Expected behaviour

DNS requests will be done by Unbound.

Actual behaviour

Unbound is not working.
“:~# unbound -checkconf
[1755862090] unbound[1292:0] error: Could not open heckconf: No such file or directory
[1755862090] unbound[1292:0] warning: Continuing with default config settings
[1755862090] unbound[1292:0] error: can’t bind socket: Address already in use for ::1 port 53
[1755862090] unbound[1292:0] fatal error: could not open ports”
Also did reinstall of unbound. Checked config.
In the “/etc/unbound/unbound.conf” is the link to “/etc/unbound/unbound.conf.d/dietpi.conf” where the port is set to 5335.
But it seems not being used like it´s trying to use port 53, right?
What can is do?

Hello, there is no such parameter -checkconf for unbound.

With unbound -c “path_to_a_config” you can start unbound and let is use a specific confg file.
But you tried -checkconf and unbound see the parameter -cand thinks the string follwoing should be the path to to file, which is apparently not a valid path. Thus it will use the defaults, which includes port 53.

What you probably wanna use is unbound-checkconf, which is a different command.
But there is no reason to do any of this, dont’ start it manually, it will start on boot by default and will use port 5335. I never touched to config and it’s working:

root@RPi4:~# sudo ss -tulpn |grep unbound 
udp   UNCONN 0      0            127.0.0.1:5335       0.0.0.0:*    users:(("unbound",pid=517,fd=3)) 
tcp   LISTEN 0      256          127.0.0.1:5335       0.0.0.0:*    users:(("unbound",pid=517,fd=4)) 

You would need to check service log. Why do you think Unbound is not working?

I’m starting to think that Unbound isn’t working correctly, mainly because of the errors I posted from unbound-checkconf.

I was checking this because, I’m seeing errors like this in Pi-hole:

CONNECTION_ERROR Connection error (127.0.0.1#5335): TCP connection failed while receiving payload length from upstream (Connection prematurely closed by remote server)

However, when I check https://dnscheck.tools, everything seems to be working as expected.

Still, the errors like “No such file or directory” and “fatal error: could not open ports,” combined with the Pi-hole connection error, make me doubt the setup.

You would need to check service log as follows

journalctl -u unbound.service

Or use dig command to verify Unbound working

There is still a misundertstanding here. You did not use unbound-checkconf, you had a typo and did unbound -checkconf.
From the unbound manpage:

-c cfgfile

Set the config file with settings for unbound to read instead of reading the file at the default location, /etc/unbound/unbound.conf. The syntax is described in unbound.conf(5).

So you see errors because you used a wrong command. Try these commands:

unbound-checkconf /etc/unbound/unbound.conf
unbound-checkconf /etc/unbound/unbound.conf.d/dietpi.conf

You can also check on which port unbound is listening with:
sudo ss -tulpn | grep unbound