• problem with unbound dns resolver


    Hi, I’m trying to setup dnscrpyt-proxy with unbound, but unbound fails to start, here are my various outputs and configs
    unbound -d -v output:

    /usr/bin/unbound -d -v
    [1430244233] unbound[12146:0] notice: Start of unbound 1.5.3.
    [1430244233] unbound[12146:0] warning: setrlimit: Operation not permitted
    [1430244233] unbound[12146:0] warning: cannot increase max open fds from 1024 to 4140
    [1430244233] unbound[12146:0] warning: continuing with less udp ports: 984
    [1430244233] unbound[12146:0] warning: increase ulimit or decrease threads, ports in config to remove this warning
    [1430244233] unbound[12146:0] error: can't bind socket: Permission denied for 127.0.0.1
    [1430244233] unbound[12146:0] fatal error: could not open ports
    

    I bet its something with the localhost but I’m to noob to figure it out :smirk:

    my systemctl status -l unbound.service output:

    unbound.service - Unbound DNS Resolver
       Loaded: loaded (/usr/lib/systemd/system/unbound.service; enabled; vendor preset: disabled)
       Active: failed (Result: start-limit) since mar 2015-04-28 11:28:56 CEST; 9h ago
      Process: 397 ExecStart=/usr/bin/unbound -d (code=exited, status=1/FAILURE)
      Process: 395 ExecStartPre=/bin/cp -f /etc/trusted-key.key /etc/unbound/ (code=exited, status=0/SUCCESS)
     Main PID: 397 (code=exited, status=1/FAILURE)
    
    apr 28 11:28:56 firebox systemd[1]: Unit unbound.service entered failed state.
    apr 28 11:28:56 firebox systemd[1]: unbound.service failed.
    apr 28 11:28:56 firebox systemd[1]: unbound.service holdoff time over, scheduling restart.
    apr 28 11:28:56 firebox systemd[1]: start request repeated too quickly for unbound.service
    apr 28 11:28:56 firebox systemd[1]: Failed to start Unbound DNS Resolver.
    apr 28 11:28:56 firebox systemd[1]: Unit unbound.service entered failed state.
    apr 28 11:28:56 firebox systemd[1]: unbound.service failed.
    

    my unbound.conf:

      server:
    
      verbosity: 1
      num-threads: 1
      interface: 127.0.0.1
      port: 53
      cache-min-ttl:60
      do-ip4: yes
      do-ip6: no
      do-udp: yes
      do-tcp: yes
      chroot: ""
      logfile: "/etc/unbound/unbound.log"
      root-hints: "/etc/unbound/root.hints"
      hide-identity: yes
      hide-version: yes
      harden-short-bufsize: yes
      harden-large-queries: yes
      harden-glue: yes
      harden-dnssec-stripped: yes
      use-caps-for-id: yes
      unwanted-reply-threshold: 10000000
      do-not-query-localhost: no
      prefetch: yes
      prefetch-key: yes
      rrset-roundrobin: yes
      minimal-responses: no 
      module-config: "validator iterator"
      auto-trust-anchor-file: "/etc/unbound/keys/dnssec-root-anchor.key"
    
      #trust-anchor: "nlnetlabs.nl. DNSKEY 257 3 5 AQPzzTWMz8qSWIQlfRnPckx2BiVmkVN6LPupO3mbz7FhLSnm26n6iG9N Lby97Ji453aWZY3M5/xJBSOS2vWtco2t8C0+xeO1bc/d6ZTy32DHchpW 			6rDH1vp86Ll+ha0tmwyy9QP7y2bVw5zSbFCrefk8qCUBgfHm9bHzMG1U BYtEIQ=="
    # trust-anchor: "jelte.nlnetlabs.nl. DS 42860 5 1 14D739EB566D2B1A5E216A0BA4D17FA9B038BE4A"
    
    #trust-anchor: ". DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5"
    
     val-log-level: 2
    
     key-cache-size: 4m
     neg-cache-size: 1m
     python:
     remote-control:
     control-enable: yes
     control-interface: 0.0.0.0
     control-port: 8953
     server-key-file: "/etc/unbound/unbound_server.key"
     server-cert-file: "/etc/unbound/unbound_server.pem"
     control-key-file: "/etc/unbound/unbound_control.key"
     control-cert-file: "/etc/unbound/unbound_control.pem"
    
     forward-zone:
     name: "."
     forward-addr: [email protected]
    

    my dnscrypt-proxy config file:

    DNSCRYPT_LOCALIP=127.0.0.1
    DNSCRYPT_LOCALPORT=53
    DNSCRYPT_USER=nobody
    DNSCRYPT_PROVIDER_NAME=2.dnscrypt-cert.opendns.com
    DNSCRYPT_PROVIDER_KEY=B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79
    DNSCRYPT_RESOLVERIP=208.67.220.220
    DNSCRYPT_RESOLVERPORT=443
    

    and my resolv.conf:

    nameserver 127.0.0.1
    options edns0
    

    i was under the impression that DNSCRYPT_LOCALPORT=53 and forward-addr: [email protected] should be different than 53, i tried 40 but dnscrypt does not resolve even with unbound not being able to start

    thanks to all

  • OK, so i got unbound to start, don’t know why and what changed other than updating dnssec-anchor, but still, unbound does not resolve

    this thing is driving me nuts

Posts 2Views 2064
Log in to reply