Unbound log show failure "DietPi package-helper[526]: fail: the anchor is NOT ok and could not be fixed" Topic is solved

Have some feedback, questions, suggestions, or just fancy a chat? Pop it in here.
Post Reply
mail2rst
Posts: 83
Joined: Fri Apr 13, 2018 4:53 pm

Unbound log show failure "DietPi package-helper[526]: fail: the anchor is NOT ok and could not be fixed"

Post by mail2rst »

I have default dietpi installation for pihole & unbound. when i check unbound log with "journalctl -u unbound" it show me the failure of "DietPi package-helper[526]: fail: the anchor is NOT ok and could not be fixed" any body having any idea about this error & what is the solution for this & what is the bad effect of this.

``
root@DietPi:~# journalctl -u unbound
-- Logs begin at Wed 2021-01-13 11:56:30 MST, end at Sun 2021-01-17 14:31:45 MST. --
Jan 13 11:56:31 DietPi systemd[1]: Starting Unbound DNS server...
Jan 13 11:56:31 DietPi package-helper[526]: /var/lib/unbound/root.key has content
Jan 13 11:56:31 DietPi package-helper[526]: fail: the anchor is NOT ok and could not be fixed
Jan 13 11:56:31 DietPi unbound[547]: [1610564191] unbound[547:0] info: start of service (unbound 1.9.0).
Jan 13 11:56:31 DietPi systemd[1]: Started Unbound DNS server
``

also i have plex installed on same device. i want to add {private-domain: "plex.direct" } in "/etc/unbound/unbound.conf.d/pi-hole.conf" is it allowed in dietpi default installation to edit this file or not? as in past in Ubantu installation i have added this line in unbound configuration. is this thing required in dietpi installation or Not?
User avatar
Joulinar
Posts: 4203
Joined: Sat Nov 16, 2019 12:49 am

Re: Unbound log show failure "DietPi package-helper[526]: fail: the anchor is NOT ok and could not be fixed"

Post by Joulinar »

Hi,

many thanks for your message. I searched the web and found something fitting your issue. https://www.mail-archive.com/unbound-us ... 00442.html

Can you check if restarting the service will remove the anchor error message.

Code: Select all

systemctl restart unbound
systemctl status unbound
Btw can you post cat /etc/resolv.conf
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
mail2rst
Posts: 83
Joined: Fri Apr 13, 2018 4:53 pm

Re: Unbound log show failure "DietPi package-helper[526]: fail: the anchor is NOT ok and could not be fixed"

Post by mail2rst »

Thanks Joulinar,
After restarting a unbound that error gone & i got correct log
``
Jan 17 15:10:22 DietPi package-helper[11221]: /var/lib/unbound/root.key has content
Jan 17 15:10:22 DietPi package-helper[11221]: success: the anchor is ok
``

the result of your recommended command is
``
root@DietPi:~# cat /etc/resolv.conf
nameserver 1.1.1.1
nameserver 1.0.0.1

``
I think this dns server come from dietpi-config. i am using cloudflare for this(as mentioned in guideline to put external ip there).
please tell me in my dietpi-config i have to use my gateway/router ip (192.168.1.254) or cloudflare ip address. this time pihole machine(192.168.1.90) not using itself for dns resolve. in dietpi query pihole machine only resolve PTR queries for itself. in my router where is dns server address written i have option to add secondary dns also ( this time in router it is written primary 192.68.1.90 & secondary 1.1.1.1). what you suggest in dietpi-config i have to write existing DNS (1.1.1.1 & 1.0.0.1) or (only 192.168.1.254) . with second approach pi hole try to resolve dns from gateway/router & router forward to pi-hole. in event of failure of pi hole router start using secondary dns 1.1.1.1 automatically as primary dns server fail
User avatar
Joulinar
Posts: 4203
Joined: Sat Nov 16, 2019 12:49 am

Re: Unbound log show failure "DietPi package-helper[526]: fail: the anchor is NOT ok and could not be fixed"

Post by Joulinar »

ok resolv.conf is fine. Nothing to change on this. Looks like unbound is starting to early. That's why anchor is not able to complete during boot but is running successful on manual restart. Let's try following

Code: Select all

nano /lib/systemd/system/unbound.service
now add dietpi-boot.service to the line After=network.target. It should looks like this now

Code: Select all

After=network.target dietpi-boot.service
save the file and do

Code: Select all

systemctl daemon-reload
reboot
once system is back, check status of the service

Code: Select all

systemctl status unbound
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
mail2rst
Posts: 83
Joined: Fri Apr 13, 2018 4:53 pm

Re: Unbound log show failure "DietPi package-helper[526]: fail: the anchor is NOT ok and could not be fixed"

Post by mail2rst »

Thanks Joulinar,
i implement your guidelines & restart the system & after that unbound failure gone, everything normal now.

what you suggest about plex.direct queries to unbound by localhost with plex installation
{private-domain: "plex.direct" } in "/etc/unbound/unbound.conf.d/pi-hole.conf"

as my nuc machine not resolving dns for itself so even if we write "private-domain: "plex.direct" in "/etc/unbound/unbound.conf.d/pi-hole.conf" it will not useful as localhost not using it. so it means for plex local files try to resolve it ip through cloudflare service. any thing i can do to eliminate this and facilitate local machine to resolve local data by itself.
User avatar
Joulinar
Posts: 4203
Joined: Sat Nov 16, 2019 12:49 am

Re: Unbound log show failure "DietPi package-helper[526]: fail: the anchor is NOT ok and could not be fixed"

Post by Joulinar »

better to create your own plex.conf inside /etc/unbound/unbound.conf.d. This way you can avoid your config get overwritten if pi-hole.conf will be removed/updated or what ever :) Because on next DietPi version 6.35, pi-hole.conf is gone, at least on new installations. There we will have dietpi.conf only
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
mail2rst
Posts: 83
Joined: Fri Apr 13, 2018 4:53 pm

Re: Unbound log show failure "DietPi package-helper[526]: fail: the anchor is NOT ok and could not be fixed"

Post by mail2rst »

So i have to open this folder. which having these files present time

============================
root@DietPi:/etc/unbound/unbound.conf.d# dir
dietpi.conf qname-minimisation.conf
dietpi-pihole.conf root-auto-trust-anchor-file.conf
=============================

in this folder i have to create new file "sudo nano plex.conf" & write these two lines & save it

"
server:
private-domain: "plex.direct"
"
and reboot system
any other thing you recommend to do from my end?
User avatar
Joulinar
Posts: 4203
Joined: Sat Nov 16, 2019 12:49 am

Re: Unbound log show failure "DietPi package-helper[526]: fail: the anchor is NOT ok and could not be fixed"

Post by Joulinar »

don't think server is needed. Just add the private-domain and give it a try. Service restart should be fine but server reboot is ok as well
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
mail2rst
Posts: 83
Joined: Fri Apr 13, 2018 4:53 pm

Re: Unbound log show failure "DietPi package-helper[526]: fail: the anchor is NOT ok and could not be fixed"

Post by mail2rst »

Thanks Joulinar, everything solved please closed this thread. i try to do from my end but not able to see any option to close thread from user side.
User avatar
Joulinar
Posts: 4203
Joined: Sat Nov 16, 2019 12:49 am

Re: Unbound log show failure "DietPi package-helper[526]: fail: the anchor is NOT ok and could not be fixed"

Post by Joulinar »

can you share your final solution for Plex pls. Might be other user are interested as well
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Post Reply