can anyone help me here?
best wishes!
can anyone help me here?
best wishes!
Hi,
what is the ip address of your device?
192.168.2.14
how did you install unbound? did you use apt install or dietpi-software. Are you using PiHole?
using this guide:
https://docs.pi-hole.net/guides/unbound/
sudo apt install unbound
yes, pihole is in use.
You might want to use dietpi-software, as it has automatic integration with Pi-hole and a configuration file with increased privacy and speed settings (though a few limitations that will be fixed in 6.35). Regardless, what is the output of journalctl -u unbound?
journalctl -u unbound
-- Logs begin at Sat 2020-12-19 18:20:01 GMT, end at Mon 2021-01-11 23:20:01 GMT
. --
Jan 11 22:31:36 DietPi systemd[1]: Starting Unbound DNS server...
Jan 11 22:31:36 DietPi package-helper[10573]: /var/lib/unbound/root.key does not exist, copying from /usr/share/dns/root.key
Jan 11 22:31:36 DietPi package-helper[10573]: /var/lib/unbound/root.key has content
Jan 11 22:31:36 DietPi package-helper[10573]: success: the anchor is ok
Jan 11 22:31:36 DietPi unbound[10578]: [1610404296] unbound[10578:0] error: can't bind socket: Address already in use for ::1 port 53
Jan 11 22:31:36 DietPi unbound[10578]: [1610404296] unbound[10578:0] fatal error: could not open ports
Jan 11 22:31:36 DietPi systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE
Jan 11 22:31:36 DietPi systemd[1]: unbound.service: Failed with result 'exit-code'.
Jan 11 22:31:36 DietPi systemd[1]: Failed to start Unbound DNS server.
Jan 11 22:31:36 DietPi systemd[1]: unbound.service: Service RestartSec=100ms expired, scheduling restart.
Jan 11 22:31:36 DietPi systemd[1]: unbound.service: Scheduled restart job, restart counter is at 1.
Jan 11 22:31:36 DietPi systemd[1]: Stopped Unbound DNS server.
ok don’t do it this way. Unbound is available via dietpi-software. Try to remove unbound
apt purge unbound
reboot
dietpi-software install 182
reboot
- Command: systemctl restart unbound │
│ - Exit code: 1 │
│ - DietPi version: v6.34.3 (MichaIng/master) | HW_MODEL: 2 | HW_ARCH: 2 | DISTRO: 5 │
│ - Image creator: DietPi Core Team │
│ - Pre-image: Raspberry Pi OS (32-bit) Lite │
│ - Error log: │
│ Job for unbound.service failed because the control process exited with error code. │
│ See "systemctl status unbound.service" and "journalctl -xe" for details. │
│ │
│ Retry : Re-run the last command that failed │
│ DietPi-Config : Edit network, APT/NTP mirror settings etc │
│ Open subshell : Open a subshell to investigate or solve the issue │
│ Send report : Uploads bugreport containing system info to DietPi │
│ ●─ Devs only ──────────────────────────────────────● │
│ Change command : Adjust and rerun the command
can you post journalctl -u unbound again
Logs begin at Mon 2021-01-11 23:26:05 GMT, end at Mon 2021-01-11 23:36:01 GMT
. --
Jan 11 23:32:38 DietPi systemd[1]: Starting Unbound DNS server...
Jan 11 23:32:38 DietPi package-helper[1458]: /var/lib/unbound/root.key does notexist, copying from /usr/share/dns/root.key
Jan 11 23:32:38 DietPi package-helper[1458]: /var/lib/unbound/root.key has content
Jan 11 23:32:38 DietPi package-helper[1458]: success: the anchor is ok
Jan 11 23:32:38 DietPi unbound[1463]: [1610407958] unbound[1463:0] error: can'tbind socket: Address already in use for ::1 port 53
Jan 11 23:32:38 DietPi unbound[1463]: [1610407958] unbound[1463:0] fatal error:could not open ports
Jan 11 23:32:38 DietPi systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE
Jan 11 23:32:38 DietPi systemd[1]: unbound.service: Failed with result 'exit-code'.
Jan 11 23:32:38 DietPi systemd[1]: Failed to start Unbound DNS server.
Jan 11 23:32:38 DietPi systemd[1]: unbound.service: Service RestartSec=100ms expired, scheduling restart.
Jan 11 23:32:38 DietPi systemd[1]: unbound.service: Scheduled restart job, restart counter is at 1.
Jan 11 23:32:38 DietPi systemd[1]: Stopped Unbound DNS server.
--More--
unbound still trying to use the same port as Pihole leading to a port conflict. Usually configuration should be overwritten by dietpi-software
can you post following
ls -la /etc/unbound/unbound.conf.d/
cat /etc/unbound/unbound.conf
root@DietPi:~# ls -la /etc/unbound/unbound.conf.d/
total 24
drwxr-xr-x 2 root root 4096 Jan 11 23:32 .
drwxr-xr-x 3 root root 4096 Jan 11 23:32 ..
-rw-r--r-- 1 root root 32 Jan 11 23:32 dietpi-pihole.conf
-rw-r--r-- 1 root root 1274 Jan 11 23:32 dietpi.conf
-rw-r--r-- 1 root root 302 May 25 2020 qname-minimisation.conf
-rw-r--r-- 1 root root 190 May 25 2020 root-auto-trust-anchor-file.conf
root@DietPi:~# cat /etc/unbound/unbound.conf root@DietPi:~# ls -la /etc/unbound/unbound.conf.d/
cat: invalid option -- 'l'
Try 'cat --help' for more information.
root@DietPi:~# total 24
-bash: total: command not found
root@DietPi:~# drwxr-xr-x 2 root root 4096 Jan 11 23:32 .
-bash: drwxr-xr-x: command not found
root@DietPi:~# drwxr-xr-x 3 root root 4096 Jan 11 23:32 ..
-bash: drwxr-xr-x: command not found
root@DietPi:~# -rw-r--r-- 1 root root 32 Jan 11 23:32 dietpi-pihole.conf
-bash: -rw-r--r--: command not found
root@DietPi:~# -rw-r--r-- 1 root root 1274 Jan 11 23:32 dietpi.conf
-bash: -rw-r--r--: command not found
root@DietPi:~# -rw-r--r-- 1 root root 302 May 25 2020 qname-minimisation.conf
-bash: -rw-r--r--: command not found
root@DietPi:~# -rw-r--r-- 1 root root 190 May 25 2020 root-auto-trust-anchor-file.conf
-bash: -rw-r--r--: command not found
root@DietPi:~# root@DietPi:~# cat /etc/unbound/unbound.conf
-bash: root@DietPi:~#: command not found
looks like some copy past error on the last command and you invoke some more statements
cat /etc/unbound/unbound.conf
cat /etc/unbound/unbound.conf.d/dietpi.conf
cat /etc/unbound/unbound.conf.d/dietpi-pihole.conf
root@DietPi:~# ls -la /etc/unbound/unbound.conf.d/
total 24
drwxr-xr-x 2 root root 4096 Jan 11 23:32 .
drwxr-xr-x 3 root root 4096 Jan 11 23:32 ..
-rw-r--r-- 1 root root 32 Jan 11 23:32 dietpi-pihole.conf
-rw-r--r-- 1 root root 1274 Jan 11 23:32 dietpi.conf
-rw-r--r-- 1 root root 302 May 25 2020 qname-minimisation.conf
-rw-r--r-- 1 root root 190 May 25 2020 root-auto-trust-anchor-file.conf
root@DietPi:~# cat /etc/unbound/unbound.conf
# Unbound configuration file for Debian.
#
# See the unbound.conf(5) man page.
#
# See /usr/share/doc/unbound/examples/unbound.conf for a commented
# reference config file.
#
# The following line includes additional configuration files from the
# /etc/unbound/unbound.conf.d directory.
include: "/etc/unbound/unbound.conf.d/*.conf"
pls post content of the other 2 files as well
cat /etc/unbound/unbound.conf.d/dietpi.conf
cat /etc/unbound/unbound.conf.d/dietpi-pihole.conf
root@DietPi:~# cat /etc/unbound/unbound.conf.d/dietpi.conf
server:
verbosity: 0
interface: 0.0.0.0
port: 53
do-ip4: yes
do-udp: yes
do-tcp: yes
do-ip6: yes
prefer-ip6: no
root-hints: "/var/lib/unbound/root.hints"
harden-glue: yes
harden-large-queries: yes
harden-dnssec-stripped: yes
use-caps-for-id: yes
edns-buffer-size: 1472
rrset-roundrobin: yes
cache-min-ttl: 300
cache-max-ttl: 86400
serve-expired: yes
harden-algo-downgrade: yes
harden-short-bufsize: yes
hide-identity: yes
identity: "Server"
hide-version: yes
do-daemonize: no
neg-cache-size: 4M
qname-minimisation: yes
minimal-responses: yes
prefetch: yes
prefetch-key: yes
num-threads: 1
msg-cache-size: 50m
rrset-cache-size: 100m
so-reuseport: yes
so-rcvbuf: 4m
so-sndbuf: 4m
unwanted-reply-threshold: 10000
ratelimit: 1000
log-queries: no
log-replies: no
logfile: ''
access-control: 0.0.0.0/0 refuse
access-control: 127.0.0.1 allow
access-control: 192.168.2.0/24 allow
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
private-address: 172.16.0.0/12
private-address: 10.0.0.0/8
private-address: fd00::/8
private-address: fe80::/10
root@DietPi:~#
root@DietPi:~# cat /etc/unbound/unbound.conf.d/dietpi-pihole.conf
port: 5353
interface: 127.0.0.1
root@DietPi:~#
ok pls do following
dietpi-software install 182
once you hit by the error, you have the possibility to Open subshell from the error handle. On the subshell do following
rm -vf /etc/unbound/unbound.conf.d/{dietpi-pihole,pi-hole}.conf
G_CONFIG_INJECT 'port:[[:blank:]]' ' port: 5353' /etc/unbound/unbound.conf.d/dietpi.conf
G_CONFIG_INJECT 'interface:[[:blank:]]' ' interface: 127.0.0.1' /etc/unbound/unbound.conf.d/dietpi.conf
G_CONFIG_INJECT 'verbosity:[[:blank:]]' ' verbosity: 3' /etc/unbound/unbound.conf.d/dietpi.conf
G_CONFIG_INJECT 'log-queries:[[:blank:]]' ' log-queries: yes' /etc/unbound/unbound.conf.d/dietpi.conf
exit the subshell and hit Retry on the error handle
no error shown. should I continue with the pihole unbound guide now?
usually there is no need to follow any guide. dietpi-software should have set everything correctly. Probably the only thing needed to simply save DNS settings again inside PiHole.
Still i recommend following if not done already
rm -vf /etc/unbound/unbound.conf.d/{dietpi-pihole,pi-hole}.conf
G_CONFIG_INJECT 'port:[[:blank:]]' ' port: 5353' /etc/unbound/unbound.conf.d/dietpi.conf
G_CONFIG_INJECT 'interface:[[:blank:]]' ' interface: 127.0.0.1' /etc/unbound/unbound.conf.d/dietpi.conf
G_CONFIG_INJECT 'verbosity:[[:blank:]]' ' verbosity: 3' /etc/unbound/unbound.conf.d/dietpi.conf
G_CONFIG_INJECT 'log-queries:[[:blank:]]' ' log-queries: yes' /etc/unbound/unbound.conf.d/dietpi.conf
BTW: on upcoming release DietPi 6.35, we will adjust unbound configuration to use port 5335 instead 5353. The new config file will be this once released. https://github.com/MichaIng/DietPi/blob/dev/.conf/dps_182/unbound.conf