Strange log lines in new installation

dstiles · May 14, 2026, 1:54pm

I have been running unbound successfully on a mail server for several years. A few weeks ago I set up unbound on my local network of 4 desktop computers, using an adaptaion of the mail server’s config script. The new installation works well but I have had problems setting up a suitable format for the log. I would appreciate any help offered.

The mail server is running on Debian GNU/Linux 12 (bookworm) server.
The local network unbound is running on Debian GNU/Linux 12 (bookworm) desktop.

The format I’m familiar with on the mail server is, for example…
May 14 13:06:01 unbound[772:0] info: query response was ANSWER

The new installation shows a similar line as…
2026-05-14T13:02:02.860660+01:00 LinkcheckU1 unbound[34150]: May 14 13:02:02 unbound[34150:0] info: query response was ANSWER

I have been trying to remove the section…
2026-05-14T13:02:02.860660+01:00 LinkcheckU1 unbound[34150]:

…from the new log but am unable to do so.

I also would like the log to show computer names instead of IPs…
2026-05-14T13:13:08.361364+01:00 LinkcheckU1 unbound[34150]: May 14 13:13:08 unbound[34150:0] info: . transparent 10.0.0.90@33161 web-cdn.api.bbci.co.uk. AAAA IN

LinkcheckU1 is the unbound host, 10.0.0.90 is one of the local computers.

I have tried several ways of specifying the local computers and ended up, for the above line, with a local-zone/local-data/local-data-ptr block.

One of the failed attempts was to use…
log-destaddr: yes
… but this is failed by unbound-check as being an unrecognised keyword.

On unbound restart I get the folling two log lines…

2026-05-13T15:47:26.583907+01:00 LinkcheckU1 unbound[34150]: May 13 15:47:26 unbound[34150:0] warning: control-interface 127.0.0.1 is not using TLS, but plain transfer, because first control-interface in config file is a local socket (starts with a /).

2026-05-13T15:47:26.646552+01:00 LinkcheckU1 unbound[34150]: May 13 15:47:26 unbound[34150:0] error: Could not open logfile /var/log/unbound/unbound.log: Permission denied

Some assistance in removing those errors would also be appreciated.

The local network unbound config is…

server:
directory: "/etc/unbound"72.60.112.0/20
username: unbound
tls-cert-bundle: “/etc/ssl/certs/ca-certificates.crt”

chroot: “”
access-control: 10.0.0.0/24 allow

root-hints: “/etc/unbound/root.hints”

use-syslog: no
verbosity: 2

statistics-interval: 300

logfile: “/var/log/unbound/unbound.log”
val-log-level: 2
log-time-ascii: yes
log-queries: no
log-replies: no
#log-destaddr: yes
log-local-actions: yes

identity: “DNS”
version: “”
hide-identity: yes
hide-version: yes

num-threads: 1
interface: 0.0.0.0
port: 53
outgoing-range: 4096
num-queries-per-thread: 1024
msg-cache-size: 16m
rrset-cache-size: 32m
msg-cache-slabs: 4
rrset-cache-slabs: 4
cache-min-ttl: 3600
cache-max-ttl: 86400
prefetch: yes
minimal-responses: yes
qname-minimisation: yes
rrset-roundrobin: yes

infra-host-ttl: 120
infra-cache-numhosts: 10k
private-address: 192.168.0.0/16
private-address: 172.16.0.0/12
private-address: 169.254.0.0/16
private-address: 10.0.0.0/8
private-address: fd00::/8
private-address: fe80::/10
private-address: ::ffff:0:0/96

do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes

harden-glue: yes
harden-dnssec-stripped: yes
use-caps-for-id: yes # maybe comment out?
unwanted-reply-threshold: 10000

val-clean-additional: yes
do-not-query-address: 127.0.0.1/8
do-not-query-localhost: yes
module-config: “validator iterator”

local-zone: “localhost.” static
local-data: “localhost. 10800 IN NS localhost.”
local-data: “localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800”
local-data: “localhost. 10800 IN A 127.0.0.1”

local-zone: “127.in-addr.arpa.” static
local-data: “127.in-addr.arpa. 10800 IN NS localhost.”
local-data: “127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800”
local-data: “1.0.0.127.in-addr.arpa. 10800 IN PTR localhost.”

local-zone: “local.” static
local-data: “local. 10800 IN NS local.”
local-data: “local. 10800 IN SOA local. nobody.invalid. 1 3600 1200 604800 10800”
local-data: “local. 10800 IN A 127.0.0.1”

local-data: “127.in-addr.arpa. 10800 IN NS local.”
local-data: “127.in-addr.arpa. 10800 IN SOA local. nobody.invalid. 2 3600 1200 604800 10800”
local-data: “1.0.0.127.in-addr.arpa. 10800 IN PTR local.”

local-zone: “10.in-addr.arpa.” inform
local-data: “10.in-addr.arpa. 10800 IN NS localhost.”
local-data: “10.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800”
local-data: “LinkcheckU1. IN A 10.0.0.92”
local-data: “LinkcheckU. IN A 10.0.0.90”
local-data: “Cronus. IN A 10.0.0.91”
local-data: “LinkcheckU4. IN A 10.0.0.61”
local-data-ptr: “10.0.0.92 LinkcheckU1.”
local-data-ptr: “10.0.0.90 LinkcheckU.”
local-data-ptr: “10.0.0.91 Cronus.”
local-data-ptr: “10.0.0.61 LinkcheckU4.”

remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-port: 953
server-key-file: “/etc/unbound/unbound_server.key”
server-cert-file: “/etc/unbound/unbound_server.pem”
control-key-file: “/etc/unbound/unbound_control.key”
control-cert-file: “/etc/unbound/unbound_control.pem”

====================

dstiles · May 16, 2026, 9:02am

Can I assume no one has any suggestions, then?

Yorgos · May 16, 2026, 8:58pm

2026-05-13T15:47:26.583907+01:00 LinkcheckU1 unbound[34150]: May 13 15:47:26 unbound[34150:0] warning: control-interface 127.0.0.1 is not using TLS, but plain transfer, because first control-interface in config file is a local socket (starts with a /).

This complains about a configuration line that I don’t see in the configuration you posted.
Is this the Debian provided Unbound? If it is, it probably has a lot of plumping around the service and maybe that is what prints the extra information at the start; Unbound does not print that information. I don’t have experience with Debian but you should check the /etc/unbound directory to see what configuration files are there; I expect more than one and a main one that includes the others.

2026-05-13T15:47:26.646552+01:00 LinkcheckU1 unbound[34150]: May 13 15:47:26 unbound[34150:0] error: Could not open logfile /var/log/unbound/unbound.log: Permission denied

I guess /var/log/unbound/unbound.log/ is owned by root and a restarted Unbound (running as user unbound) cannot access the file no more. Check the main Unbound configuration, should be /etc/unbound/unbound.conf and see what settings are there. Most of them are required to stay like that (username, directories, etc) for the service file to work I assume. Then for extra options, there should be something like /etc/unbound/unbound.conf.d that extra configuration files can be included from the main configuration.

dstiles · May 17, 2026, 1:13pm

Thank you for your reply, Yorgos!

configuration line that I don’t see in the configuration

Is there anything in unbound that could contribute that line?

The mail server’s startup log line is only…
May 17 10:32:42 unbound[762:0] info: start of service (unbound 1.17.1).

The puzzling thing is that both machines are Bookworm and both running unbound 1.17.1 - yes, old but that’s the debian version.

I am puzzled by the difference in the log contents but: the mail server’s unbound was installed when the server was set up some time ago but the other debian was running for a year or so before installing unbound. Could that, I wonder, be the reason? I checked the executables in sbin for each computer and they are the same size and date and the configs are similar, so I doubt that’s it. And there were no unexpected files in /etc/unbound[/unbound.conf.d]

I have changed the unbound log folder and logfile ownership to unbound:unbound and restarted unbound but still the eame logfile line.

Thanks again for your suggestions Yorgos, but it’ll have to do for now. At least it’s working.