Unboudn v13 - error: udp connect failed

Gil_Levy · January 29, 2021, 4:11am

Hi.
I’m getting udp connection failed and I’m not sure if this is normal or not.
I pasted below a link to the entire output of the ‘status’ command.

#: sudo systemctl status unbound
https://pastebin.com/5p9PvJj4

Example: Jan 29 15:02:47 raspberrypi unbound-anchor[451]: [1611892967] libunbound[451:0] error: udp connect failed: Network is unreachable for 198.41.0.4 port 53

Thanks!

Jaap · January 29, 2021, 10:40am

Gil Levy via Unbound-users writes:

> --000000000000c2171105ba023657
> Content-Type: text/plain; charset="UTF-8"
>
> Hi.
> I'm getting udp connection failed and I'm not sure if this is normal or not.
> I pasted below a link to the entire output of the 'status' command.
>
> #: sudo systemctl status unbound
> https://pastebin.com/5p9PvJj4
>
> *Example: *Jan 29 15:02:47 raspberrypi unbound-anchor[451]: [1611892967]
> libunbound[451:0] error: udp connect failed: Network is unreachable for
> 198.41.0.4 port 53
>

4.0.41.198.in-addr.arpa. 835 IN PTR a.root-servers.net.

The IP numbers are from root-servers and unbound (-anchor) is trying
to get the root hints and fails.

My guss is that a firwall is blocking access to those or somethings
else is running on this port.

Regards,

jaap

Gil_Levy · February 4, 2021, 4:47am

Doing a bit more digging on why I’m getting libunbound[451:0] error: udp connect failed: Network is unreachable for 198.41.0.4 port 53

I found this link: https://lists.nlnetlabs.nl/pipermail/unbound-users/2020-December/007128.html which described exactly what I’m experiencing.

However, I couldn’t find where in my unbound.conf file I can use this unbound-anchor -a -4 “root.key” without having errors when running unbount-checkconf
This is what I tried doing:

    chroot: "/etc/unbound"
    username: "unbound"
    directory: "/etc/unbound"
    logfile: "/etc/unbound/unbound.log"
    root-hints: "root.hints"
    pidfile: "unbound.pid"
    #auto-trust-anchor-file: "/etc/unbound/root.key"
    unbound-anchor -a -4 "root.key"

Can someone please inform me how can I incorporate unbound-anchor -a -4 in my unbound.conf file so I won’t get these errors?
I’m running on RaspberryOS and I’m not using any firewall. No ufw, no iptables and no firewalld. I don’t think I’m blocking port 53, so I’m assuming I’m experiencing the same issue Herbert experienced.

On a side note, wouldn’t it be better if we have a subreddit r/UnboundDNS to use for support issues instead email chains? Just a suggestion.

Thanks,
Gil

theorize · February 4, 2021, 4:55am

Hi Gil,

unbound-anchor -a -4 “root.key” is not a configuration setting, it is a terminal command.
https://www.nlnetlabs.nl/documentation/unbound/unbound-anchor/