Unbound error prefetch

Hello Community. I have installed Dietpi with Adgauard Home and Unbound and get the following error message ( systemctl status unbound.service ).
What could be the reason please?

Welcome to our community.

A couple of thinks

  1. We are an international community. It would be good if you could speak English. It’s not a problem if you use tools like DeepL. For now, I have translated your contribution.

  2. It is not necessary if you take screenshots. It should be possible to copy/paste the messages directly from the SSH terminal without any problems.

  3. Unbound itself works or do you currently have problems with DNS resolution? Or is it just about the warnings?

  4. Can you please share some more information about your system?

Required infomration

  • DietPi version | cat /boot/dietpi/.version
  • Distro version | echo $G_DISTRO_NAME $G_RASPBIAN
  • Kernel version | uname -a
  • Architecture | dpkg --print-architecture
  • SBC model | echo $G_HW_MODEL_NAME or (EG: RPi3)

This is expexted behavoiur, it’s just a warning which tells you that the option serve-expired is not applied to subnet cache and prefetch by design. This is intended behaviour. (I have same warnings in log)

I was just wondering. I installed Dietpi 8.20 on a Raspberry pi 4 with AdGuard Home and unbound via the software console in one go and this message irritated me after I ran systemctl status unbound.service.

Hello :wink:

unbound works and it is only about the warning.

Dietpi 8.20
Raspberry Pi 4B
AdGuard Home+unbound installed via Dietpi software console .

you missed to share your Debian version. It’s Bookworm right?

Sorry…:wink: yes Bookworm.

This Image https://dietpi.com/downloads/images/DietPi_RPi-ARMv8-Bookworm.7z

To get rid of these warnings you need to remove these modules from your module config, if you don’t need them.
edit: I had a look into my config file and there are no modules enabled at all :thinking:

edit 2:
From the docs

   EDNS Client Subnet Module Options
   The ECS module must be configured in  the  module-config:  "subnetcache
   validator iterator" directive and be compiled into the daemon to be en-
   abled.  These settings go in the server: section.

   If the destination address is allowed in the configuration Unbound will
   add  the  EDNS0 option to the query containing the relevant part of the
   client's address.  When an answer contains the ECS option the  response
   and  the option are placed in a specialized cache. If the authority in-
   dicated no support, the response is stored in the regular cache.

   Additionally, when a client includes the option in its queries, Unbound
   will  forward  the  option when sending the query to addresses that are
   explicitly allowed in the configuration using  send-client-subnet.  The
   option  will  always be forwarded, regardless the allowed addresses, if
   client-subnet-always-forward is set to yes. In this case the lookup  in
   the regular cache is skipped.

So this means this module is precompiled and can not be deactivated easily? Maybe @trendy knows what is going on here?

I made some progress, when you set

serve-expired: no
prefetch: no

the warnings disappear.

Explanation what they do:

prefetch:
If yes, message cache elements are prefetched before they expire to keep
the cache up to date. Default is no. Turning it on gives about 10
percent more traffic and load on the machine, but popular items do not
expire from the cache.

serve-expired:
If enabled, Unbound attempts to serve old responses from cache with a TTL
of serve expired-reply-ttl in the response without waiting for the
actual resolution to finish. The actual resolution answer ends up in the
cache later on. Default is “no”.

I guess these warnings are fine. We explicitly set the values as they are now. Similar is done on PiHole / Unbound guide. At least for prefetch: yes

https://docs.pi-hole.net/guides/dns/unbound/

I have now simply done the work and created the latest bullseye image
https://dietpi.com/downloads/images/DietPi_RPi-ARMv8-Bullseye.7z
and set up AdGuard Home + unbound again.
No error message after > systemctl status unbound.service. Everything is fine. However, a different unbound version is also installed under Bullseye. Maybe it’s the unbound version?

I would not recommend using Bullseye as this is the old Debian version. Way better to use Bookworm. The messages shown by Unbound are no error messages. They are expected due to our configuration.

Yes, these are warnings, not errors and should not have any impact on normal use.

1 Like