2

after installing Unbound

apt-get -y install unbound dnsutils

su -c "unbound-anchor -a /var/lib/unbound/root.key" - unbound
systemctl reload unbound

apt-get -y install resolvconf
echo "nameserver 127.0.0.1" >> /etc/resolvconf/resolv.conf.d/head

I'm not able to start it properply:

root@xyz:~/asdf# service unbound status
● unbound.service - Unbound DNS server
   Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor preset: enabled)
   Active: activating (auto-restart) (Result: exit-code) since Fri 2017-12-29 13:59:49 CET; 81ms ago
     Docs: man:unbound(8)
  Process: 1676 ExecStart=/usr/sbin/unbound -d $DAEMON_OPTS (code=exited, status=1/FAILURE)
  Process: 1670 ExecStartPre=/usr/lib/unbound/package-helper root_trust_anchor_update (code=exited, status=0/SUCCESS)
  Process: 1665 ExecStartPre=/usr/lib/unbound/package-helper chroot_setup (code=exited, status=0/SUCCESS)
 Main PID: 1676 (code=exited, status=1/FAILURE)

Dec 29 13:59:49 mail systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE
Dec 29 13:59:49 mail systemd[1]: unbound.service: Unit entered failed state.
Dec 29 13:59:49 mail systemd[1]: unbound.service: Failed with result 'exit-code'.

Hosts file content:

127.0.0.1   localhost
127.0.1.1   mail.xyz.de  mail

::1         localhost ip6-localhost ip6-loopback
ff02::1     ip6-allnodes
ff02::2     ip6-allrouters

I'm really confused about that error.

Edit: journalctl -xe output (shortened):

Dec 29 16:01:04 mail systemd[1]: unbound-resolvconf.service: Unit entered failed state.
Dec 29 16:01:04 mail systemd[1]: unbound-resolvconf.service: Failed with result 'start-limit-hit'.
Dec 29 16:01:04 mail unbound[59226]: [1514559664] unbound[59226:0] error: can't bind socket: Cannot assign requested address for ::1
Dec 29 16:01:04 mail unbound[59226]: [1514559664] unbound[59226:0] fatal error: could not open ports
Dec 29 16:01:04 mail systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE
Dec 29 16:01:04 mail systemd[1]: unbound.service: Unit entered failed state.
Dec 29 16:01:04 mail systemd[1]: unbound.service: Failed with result 'exit-code'.
Dec 29 16:01:04 mail systemd[1]: unbound-resolvconf.service: Start request repeated too quickly.
Dec 29 16:01:04 mail systemd[1]: Failed to start Unbound DNS server via resolvconf.
-- Subject: Unit unbound-resolvconf.service has failed

Edit 2: Arno Ip tables is also installed on the system!

Edit 3: Ipv6 is disabled, if this is related to the error.

net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 net.ipv6.conf.ens3.disable_ipv6 = 1

Edit 4: This is my /etc/unbound/unbound.conf after installing it via apt-get

# Unbound configuration file for Debian.
#
# See the unbound.conf(5) man page.
#
# See /usr/share/doc/unbound/examples/unbound.conf for a commented
# reference config file.
#
# The following line includes additional configuration files from the
# /etc/unbound/unbound.conf.d directory.
include: "/etc/unbound/unbound.conf.d/*.conf"

I changed it to:

server:
        interface: 127.0.0.1

include: "/etc/unbound/unbound.conf.d/*.conf"

But it doesnt work either :/

Aeris
  • 23
  • 1
  • 1
  • 6
  • 1
    In `/var/log` you should be able to find a logfile with more information about why it failed. `ls -lart /var/log` will help you find recent log entries. – kasperd Dec 29 '17 at 13:39
  • Edit 2/3 added, if they are related to the error – Aeris Dec 29 '17 at 15:47
  • Did you try searching for the actual error provided ? – user9517 Dec 29 '17 at 16:09
  • What does the unbound configuration look like? It seems very likely that your unbound configuration combined with you disabling ipv6 is causing the error (the error being it failing to bind to ::1, the ipv6 loopback) – Håkan Lindqvist Dec 29 '17 at 16:36

1 Answers1

2

The error messages show that having disabled IPv6 caused the problem.

Dec 29 16:01:04 mail unbound[59226]: [1514559664] unbound[59226:0] error: can't bind socket: Cannot assign requested address for ::1
Dec 29 16:01:04 mail unbound[59226]: [1514559664] unbound[59226:0] fatal error: could not open ports

IPv6 really isn't optional anymore. It hasn't been for a while. The best thing to do, of course, is to not disable IPv6 on the system.

If you can't do that for some reason, then check your unbound.conf for interface and control-interface directives that specify IPv6 addresses and remove them. Note that the default for control-interface is to listen on both 127.0.0.1 and ::1, so you'll have to specify it explicitly if you don't want ::1.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
  • Ah thanks! Copying the example file from /usr/share/doc/unbound/examples/unbound.conf + your changes made it! Thanks for your effort :) – Aeris Dec 29 '17 at 17:34