• problem with unbound dns resolver


    Hi, I’m trying to setup dnscrpyt-proxy with unbound, but unbound fails to start, here are my various outputs and configs
    unbound -d -v output:

    /usr/bin/unbound -d -v
    [1430244233] unbound[12146:0] notice: Start of unbound 1.5.3.
    [1430244233] unbound[12146:0] warning: setrlimit: Operation not permitted
    [1430244233] unbound[12146:0] warning: cannot increase max open fds from 1024 to 4140
    [1430244233] unbound[12146:0] warning: continuing with less udp ports: 984
    [1430244233] unbound[12146:0] warning: increase ulimit or decrease threads, ports in config to remove this warning
    [1430244233] unbound[12146:0] error: can't bind socket: Permission denied for 127.0.0.1
    [1430244233] unbound[12146:0] fatal error: could not open ports
    

    I bet its something with the localhost but I’m to noob to figure it out 😏

    my systemctl status -l unbound.service output:

    unbound.service - Unbound DNS Resolver
       Loaded: loaded (/usr/lib/systemd/system/unbound.service; enabled; vendor preset: disabled)
       Active: failed (Result: start-limit) since mar 2015-04-28 11:28:56 CEST; 9h ago
      Process: 397 ExecStart=/usr/bin/unbound -d (code=exited, status=1/FAILURE)
      Process: 395 ExecStartPre=/bin/cp -f /etc/trusted-key.key /etc/unbound/ (code=exited, status=0/SUCCESS)
     Main PID: 397 (code=exited, status=1/FAILURE)
    
    apr 28 11:28:56 firebox systemd[1]: Unit unbound.service entered failed state.
    apr 28 11:28:56 firebox systemd[1]: unbound.service failed.
    apr 28 11:28:56 firebox systemd[1]: unbound.service holdoff time over, scheduling restart.
    apr 28 11:28:56 firebox systemd[1]: start request repeated too quickly for unbound.service
    apr 28 11:28:56 firebox systemd[1]: Failed to start Unbound DNS Resolver.
    apr 28 11:28:56 firebox systemd[1]: Unit unbound.service entered failed state.
    apr 28 11:28:56 firebox systemd[1]: unbound.service failed.
    

    my unbound.conf:

      server:
    
      verbosity: 1
      num-threads: 1
      interface: 127.0.0.1
      port: 53
      cache-min-ttl:60
      do-ip4: yes
      do-ip6: no
      do-udp: yes
      do-tcp: yes
      chroot: ""
      logfile: "/etc/unbound/unbound.log"
      root-hints: "/etc/unbound/root.hints"
      hide-identity: yes
      hide-version: yes
      harden-short-bufsize: yes
      harden-large-queries: yes
      harden-glue: yes
      harden-dnssec-stripped: yes
      use-caps-for-id: yes
      unwanted-reply-threshold: 10000000
      do-not-query-localhost: no
      prefetch: yes
      prefetch-key: yes
      rrset-roundrobin: yes
      minimal-responses: no 
      module-config: "validator iterator"
      auto-trust-anchor-file: "/etc/unbound/keys/dnssec-root-anchor.key"
    
      #trust-anchor: "nlnetlabs.nl. DNSKEY 257 3 5 AQPzzTWMz8qSWIQlfRnPckx2BiVmkVN6LPupO3mbz7FhLSnm26n6iG9N Lby97Ji453aWZY3M5/xJBSOS2vWtco2t8C0+xeO1bc/d6ZTy32DHchpW 			6rDH1vp86Ll+ha0tmwyy9QP7y2bVw5zSbFCrefk8qCUBgfHm9bHzMG1U BYtEIQ=="
    # trust-anchor: "jelte.nlnetlabs.nl. DS 42860 5 1 14D739EB566D2B1A5E216A0BA4D17FA9B038BE4A"
    
    #trust-anchor: ". DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5"
    
     val-log-level: 2
    
     key-cache-size: 4m
     neg-cache-size: 1m
     python:
     remote-control:
     control-enable: yes
     control-interface: 0.0.0.0
     control-port: 8953
     server-key-file: "/etc/unbound/unbound_server.key"
     server-cert-file: "/etc/unbound/unbound_server.pem"
     control-key-file: "/etc/unbound/unbound_control.key"
     control-cert-file: "/etc/unbound/unbound_control.pem"
    
     forward-zone:
     name: "."
     forward-addr: [email protected]
    

    my dnscrypt-proxy config file:

    DNSCRYPT_LOCALIP=127.0.0.1
    DNSCRYPT_LOCALPORT=53
    DNSCRYPT_USER=nobody
    DNSCRYPT_PROVIDER_NAME=2.dnscrypt-cert.opendns.com
    DNSCRYPT_PROVIDER_KEY=B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79
    DNSCRYPT_RESOLVERIP=208.67.220.220
    DNSCRYPT_RESOLVERPORT=443
    

    and my resolv.conf:

    nameserver 127.0.0.1
    options edns0
    

    i was under the impression that DNSCRYPT_LOCALPORT=53 and forward-addr: [email protected] should be different than 53, i tried 40 but dnscrypt does not resolve even with unbound not being able to start

    thanks to all

  • OK, so i got unbound to start, don’t know why and what changed other than updating dnssec-anchor, but still, unbound does not resolve

    this thing is driving me nuts

Posts 2Views 2702
Log in to reply
Bloom Email Optin Plugin

Looks like your connection to Antergos Community Forum was lost, please wait while we try to reconnect.