unbound fail after upgrade Ubuntu from 17.10 to 18.04

Unbound
1

Hi,
I have an issue with Unbound after upgrading Ubuntu from 17.10 to 18.4.
Currently Unbound doesn’t work and I receive message:

ela@akacja:~$ sudo systemctl status unbound
● unbound.service - Unbound DNS server
Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sun 2018-04-29 20:33:50 CEST; 23s ago
Docs: man:unbound(8)
Process: 14880 ExecStart=/usr/sbin/unbound -d $DAEMON_OPTS (code=exited, status=1/FAILURE)
Process: 14856 ExecStartPre=/usr/lib/unbound/package-helper root_trust_anchor_update (code=exited,
Process: 14846 ExecStartPre=/usr/lib/unbound/package-helper chroot_setup (code=exited, status=0/SU
Main PID: 14880 (code=exited, status=1/FAILURE)

Apr 29 20:33:50 akacja systemd[1]: unbound.service: Service hold-off time over, scheduling restart.
Apr 29 20:33:50 akacja systemd[1]: unbound.service: Scheduled restart job, restart counter is at 5.
Apr 29 20:33:50 akacja systemd[1]: Stopped Unbound DNS server.
Apr 29 20:33:50 akacja systemd[1]: unbound.service: Start request repeated too quickly.
Apr 29 20:33:50 akacja systemd[1]: unbound.service: Failed with result ‘exit-code’.
Apr 29 20:33:50 akacja systemd[1]: Failed to start Unbound DNS server.

Please advice what to do.
TIA

my unbound.conf:
server:

Common Server Options

chroot: “”
directory: “/etc/unbound”

username: “nobody”

port: 53
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
so-reuseport: yes
do-not-query-localhost: yes

System Tuning

include: “/etc/unbound/tuning.conf”

Logging Options

verbosity: 1
use-syslog: yes
log-time-ascii: yes
log-queries: no

Unbound Statistics

statistics-interval: 0
statistics-cumulative: yes
extended-statistics: yes

Prefetching

prefetch: yes
prefetch-key: yes

Randomise any cached responses

rrset-roundrobin: yes

Privacy Options

hide-identity: yes
hide-version: yes
qname-minimisation: yes
minimal-responses: yes

DNSSEC

auto-trust-anchor-file: “/var/lib/unbound/root.key”
val-permissive-mode: no
val-clean-additional: yes
val-log-level: 1

Hardening Options

harden-glue: yes
harden-short-bufsize: no
harden-large-queries: yes
harden-dnssec-stripped: yes
harden-below-nxdomain: yes
harden-referral-path: yes
harden-algo-downgrade: no
use-caps-for-id: no

Listen on all interfaces

interface-automatic: yes
interface: 0.0.0.0

Allow access from everywhere

access-control: 0.0.0.0/0 allow

Bootstrap root servers

root-hints: “/usr/share/dns/root.hints”

Include DHCP leases

#include: “/etc/unbound/dhcp-leases.conf”

Include any forward zones

#include: “/etc/unbound/forward.conf”

remote-control:
control-enable: yes
control-use-cert: yes
control-interface: 127.0.0.1
server-key-file: “/etc/unbound/unbound_server.key”
server-cert-file: “/etc/unbound/unbound_server.pem”
control-key-file: “/etc/unbound/unbound_control.key”
control-cert-file: “/etc/unbound/unbound_control.pem”

Import any local configurations

#include: “/etc/unbound/local.d/*.conf”

and /etc/unbound/tuning.conf:

num-threads: 1
so-reuseport: yes
infra-cache-slabs: 1
key-cache-slabs: 1
msg-cache-slabs: 1
rrset-cache-slabs: 1
rrset-cache-size: 64m
msg-cache-size: 32m
key-cache-size: 32m
outgoing-range: 8192
num-queries-per-thread: 4096
so-sndbuf: 4m
so-rcvbuf: 4m

2

I have an issue with Unbound after upgrading Ubuntu from 17.10 to 18.4.

My commiserations. I just got through getting Unbound working on a
clean 18.04 install.

Currently Unbound doesn’t work and I receive message:

ela@akacja:~$ sudo systemctl status unbound

Please advice what to do.

1. Run: journalctl -u unbound
   See what appears in Unbound's logs, fix it
2. Run: unbound -d
   See where it fails.

If you need to restart and a simple restart doesn't help, then don't
forget to clear systemd's failed state tracking.

  systemctl reset-failed unbound
  systemctl restart unbound

If the problem is that the address is already in use, then you're
hitting systemd's built-in resolver, systemd-resolved.

First, see if systemd-resolved will meet your needs. If you try
fighting systemd, then you'll need to set yourself up to _keep_
fighting. It's like a politician trying to get bad legislation through:
it'll keep trying, pushing, applying pressure, wearing you down. Just
surrender if you can, it's likely not worth your energy to fight it.

If you're prepared to see what's going to need to be repaired on each
and every future OS upgrade, now that systemd demands that it controls
DNS, and if you need it, then here's what I did. (For me: I have stuff
running in EC2, the upstream resolvers break DNSSEC, I have Unbound
configured to point "internal." and "amazonaws.com." at those resolvers,
but handle all other domains itself, bypassing the DNSSEC-breaking EC2
resolver service).

The NetworkManager config is _probably_ unneeded, because NM isn't
AFAICT running on a server install. I put it in as a defensive measure.
I'm blinking a bit at being able to get away with manually creating
/etc/resolv.conf and not having "something" in a Linux system decide it
has the right to blow it away, but ... so far, it's working.

--------------------------8< "setup-script >8---------------------------
# Not sure if this is used even
cat > /etc/NetworkManager/NetworkManager.conf <<'EONM'
[main]
dns=unbound
EONM

systemctl enable unbound
systemctl start unbound
systemctl stop systemd-resolved
systemctl disable systemd-resolved

cat > /etc/resolv.conf <<'EORESOLV'
nameserver 127.0.0.1
EORESOLV

systemctl enable unbound-resolvconf
--------------------------8< "setup-script >8---------------------------

And on that note, I hope to spend a while not touching this nonsense and
sticking to my nice cooperative FreeBSD systems.

3

Thank you Phil,

1. Run: journalctl -u unbound
See what appears in Unbound's logs, fix it

See output below:

Apr 30 15:07:18 akacja systemd[1]: Starting Unbound DNS server...
Apr 30 15:07:18 akacja package-helper[28544]: /var/lib/unbound/root.key has content
Apr 30 15:07:18 akacja package-helper[28544]: success: the anchor is ok
Apr 30 15:07:18 akacja unbound[28555]: Apr 30 15:07:18 unbound[28555:0] warning: so-rcvbuf 4194304 was not granted. Got 425984. To fix: start with root permissions(linux) or sysctl bigger net.core.rmem_max(linux) or kern.ipc.maxsockbuf(b
Apr 30 15:07:18 akacja unbound[28555]: Apr 30 15:07:18 unbound[28555:0] warning: so-sndbuf 4194304 was not granted. Got 425984. To fix: start with root permissions(linux) or sysctl bigger net.core.wmem_max(linux) or kern.ipc.maxsockbuf(b
Apr 30 15:07:18 akacja unbound[28555]: Apr 30 15:07:18 unbound[28555:0] error: can't bind socket: Address already in use for 0.0.0.0
Apr 30 15:07:18 akacja unbound[28555]: Apr 30 15:07:18 unbound[28555:0] fatal error: could not open ports
Apr 30 15:07:18 akacja systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE
Apr 30 15:07:18 akacja systemd[1]: unbound.service: Failed with result 'exit-code'.
Apr 30 15:07:18 akacja systemd[1]: Failed to start Unbound DNS server.
Apr 30 15:07:18 akacja systemd[1]: unbound.service: Service hold-off time over, scheduling restart.
Apr 30 15:07:18 akacja systemd[1]: unbound.service: Scheduled restart job, restart counter is at 1.
Apr 30 15:07:18 akacja systemd[1]: Stopped Unbound DNS server.
Apr 30 15:07:18 akacja systemd[1]: Starting Unbound DNS server...
Apr 30 15:07:18 akacja package-helper[28579]: /var/lib/unbound/root.key has content
Apr 30 15:07:18 akacja package-helper[28579]: success: the anchor is ok
Apr 30 15:07:18 akacja unbound[28592]: Apr 30 15:07:18 unbound[28592:0] warning: so-rcvbuf 4194304 was not granted. Got 425984. To fix: start with root permissions(linux) or sysctl bigger net.core.rmem_max(linux) or kern.ipc.maxsockbuf(b
Apr 30 15:07:18 akacja unbound[28592]: Apr 30 15:07:18 unbound[28592:0] warning: so-sndbuf 4194304 was not granted. Got 425984. To fix: start with root permissions(linux) or sysctl bigger net.core.wmem_max(linux) or kern.ipc.maxsockbuf(b
Apr 30 15:07:18 akacja unbound[28592]: Apr 30 15:07:18 unbound[28592:0] error: can't bind socket: Address already in use for 0.0.0.0
Apr 30 15:07:18 akacja unbound[28592]: Apr 30 15:07:18 unbound[28592:0] fatal error: could not open ports
Apr 30 15:07:18 akacja systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE
Apr 30 15:07:18 akacja systemd[1]: unbound.service: Failed with result 'exit-code'.
Apr 30 15:07:18 akacja systemd[1]: Failed to start Unbound DNS server.
Apr 30 15:07:19 akacja systemd[1]: unbound.service: Service hold-off time over, scheduling restart.
Apr 30 15:07:19 akacja systemd[1]: unbound.service: Scheduled restart job, restart counter is at 2.
Apr 30 15:07:19 akacja systemd[1]: Stopped Unbound DNS server.
Apr 30 15:07:19 akacja systemd[1]: Starting Unbound DNS server...
Apr 30 15:07:19 akacja package-helper[28614]: /var/lib/unbound/root.key has content
Apr 30 15:07:19 akacja package-helper[28614]: success: the anchor is ok
Apr 30 15:07:19 akacja unbound[28629]: Apr 30 15:07:19 unbound[28629:0] warning: so-rcvbuf 4194304 was not granted. Got 425984. To fix: start with root permissions(linux) or sysctl bigger net.core.rmem_max(linux) or kern.ipc.maxsockbuf(b
Apr 30 15:07:19 akacja unbound[28629]: Apr 30 15:07:19 unbound[28629:0] warning: so-sndbuf 4194304 was not granted. Got 425984. To fix: start with root permissions(linux) or sysctl bigger net.core.wmem_max(linux) or kern.ipc.maxsockbuf(b
Apr 30 15:07:19 akacja unbound[28629]: Apr 30 15:07:19 unbound[28629:0] error: can't bind socket: Address already in use for 0.0.0.0
Apr 30 15:07:19 akacja unbound[28629]: Apr 30 15:07:19 unbound[28629:0] fatal error: could not open ports
Apr 30 15:07:19 akacja systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE
Apr 30 15:07:19 akacja systemd[1]: unbound.service: Failed with result 'exit-code'.
Apr 30 15:07:19 akacja systemd[1]: Failed to start Unbound DNS server.
Apr 30 15:07:19 akacja systemd[1]: unbound.service: Service hold-off time over, scheduling restart.
Apr 30 15:07:19 akacja systemd[1]: unbound.service: Scheduled restart job, restart counter is at 3.
Apr 30 15:07:19 akacja systemd[1]: Stopped Unbound DNS server.
Apr 30 15:07:19 akacja systemd[1]: Starting Unbound DNS server...
Apr 30 15:07:20 akacja package-helper[28649]: /var/lib/unbound/root.key has content
Apr 30 15:07:20 akacja package-helper[28649]: success: the anchor is ok
Apr 30 15:07:20 akacja unbound[28678]: Apr 30 15:07:20 unbound[28678:0] warning: so-rcvbuf 4194304 was not granted. Got 425984. To fix: start with root permissions(linux) or sysctl bigger net.core.rmem_max(linux) or kern.ipc.maxsockbuf(b
Apr 30 15:07:20 akacja unbound[28678]: Apr 30 15:07:20 unbound[28678:0] warning: so-sndbuf 4194304 was not granted. Got 425984. To fix: start with root permissions(linux) or sysctl bigger net.core.wmem_max(linux) or kern.ipc.maxsockbuf(b
Apr 30 15:07:20 akacja unbound[28678]: Apr 30 15:07:20 unbound[28678:0] error: can't bind socket: Address already in use for 0.0.0.0
Apr 30 15:07:20 akacja unbound[28678]: Apr 30 15:07:20 unbound[28678:0] fatal error: could not open ports
Apr 30 15:07:20 akacja systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE
Apr 30 15:07:20 akacja systemd[1]: unbound.service: Failed with result 'exit-code'.
Apr 30 15:07:20 akacja systemd[1]: Failed to start Unbound DNS server.
Apr 30 15:07:20 akacja systemd[1]: unbound.service: Service hold-off time over, scheduling restart.
Apr 30 15:07:20 akacja systemd[1]: unbound.service: Scheduled restart job, restart counter is at 4.
Apr 30 15:07:20 akacja systemd[1]: Stopped Unbound DNS server.
Apr 30 15:07:20 akacja systemd[1]: Starting Unbound DNS server...
Apr 30 15:07:20 akacja package-helper[28700]: /var/lib/unbound/root.key has content
Apr 30 15:07:20 akacja package-helper[28700]: success: the anchor is ok
Apr 30 15:07:20 akacja unbound[28717]: Apr 30 15:07:20 unbound[28717:0] warning: so-rcvbuf 4194304 was not granted. Got 425984. To fix: start with root permissions(linux) or sysctl bigger net.core.rmem_max(linux) or kern.ipc.maxsockbuf(b
Apr 30 15:07:20 akacja unbound[28717]: Apr 30 15:07:20 unbound[28717:0] warning: so-sndbuf 4194304 was not granted. Got 425984. To fix: start with root permissions(linux) or sysctl bigger net.core.wmem_max(linux) or kern.ipc.maxsockbuf(b
Apr 30 15:07:20 akacja unbound[28717]: Apr 30 15:07:20 unbound[28717:0] error: can't bind socket: Address already in use for 0.0.0.0
Apr 30 15:07:20 akacja unbound[28717]: Apr 30 15:07:20 unbound[28717:0] fatal error: could not open ports
Apr 30 15:07:20 akacja systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE
Apr 30 15:07:20 akacja systemd[1]: unbound.service: Failed with result 'exit-code'.
Apr 30 15:07:20 akacja systemd[1]: Failed to start Unbound DNS server.
Apr 30 15:07:20 akacja systemd[1]: unbound.service: Service hold-off time over, scheduling restart.
Apr 30 15:07:20 akacja systemd[1]: unbound.service: Scheduled restart job, restart counter is at 5.
Apr 30 15:07:20 akacja systemd[1]: Stopped Unbound DNS server.
Apr 30 15:07:20 akacja systemd[1]: unbound.service: Start request repeated too quickly.
Apr 30 15:07:20 akacja systemd[1]: unbound.service: Failed with result 'exit-code'.
Apr 30 15:07:20 akacja systemd[1]: Failed to start Unbound DNS server.
Apr 30 15:07:50 akacja systemd[1]: Starting Unbound DNS server...
Apr 30 15:07:50 akacja package-helper[28840]: /var/lib/unbound/root.key has content
Apr 30 15:07:50 akacja package-helper[28840]: success: the anchor is ok
Apr 30 15:07:50 akacja unbound[28857]: Apr 30 15:07:50 unbound[28857:0] warning: so-rcvbuf 4194304 was not granted. Got 425984. To fix: start with root permissions(linux) or sysctl bigger net.core.rmem_max(linux) or kern.ipc.maxsockbuf(b
Apr 30 15:07:50 akacja unbound[28857]: Apr 30 15:07:50 unbound[28857:0] warning: so-sndbuf 4194304 was not granted. Got 425984. To fix: start with root permissions(linux) or sysctl bigger net.core.wmem_max(linux) or kern.ipc.maxsockbuf(b
Apr 30 15:07:50 akacja unbound[28857]: Apr 30 15:07:50 unbound[28857:0] error: can't bind socket: Address already in use for 0.0.0.0
Apr 30 15:07:50 akacja unbound[28857]: Apr 30 15:07:50 unbound[28857:0] fatal error: could not open ports
Apr 30 15:07:50 akacja systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE
Apr 30 15:07:50 akacja systemd[1]: unbound.service: Failed with result 'exit-code'.
Apr 30 15:07:50 akacja systemd[1]: Failed to start Unbound DNS server.
Apr 30 15:07:50 akacja systemd[1]: unbound.service: Service hold-off time over, scheduling restart.
Apr 30 15:07:50 akacja systemd[1]: unbound.service: Scheduled restart job, restart counter is at 1.
Apr 30 15:07:50 akacja systemd[1]: Stopped Unbound DNS server.
Apr 30 15:07:50 akacja systemd[1]: Starting Unbound DNS server...
Apr 30 15:07:51 akacja package-helper[28878]: /var/lib/unbound/root.key has content
Apr 30 15:07:51 akacja package-helper[28878]: success: the anchor is ok
Apr 30 15:07:51 akacja unbound[28893]: Apr 30 15:07:51 unbound[28893:0] warning: so-rcvbuf 4194304 was not granted. Got 425984. To fix: start with root permissions(linux) or sysctl bigger net.core.rmem_max(linux) or kern.ipc.maxsockbuf(b
Apr 30 15:07:51 akacja unbound[28893]: Apr 30 15:07:51 unbound[28893:0] warning: so-sndbuf 4194304 was not granted. Got 425984. To fix: start with root permissions(linux) or sysctl bigger net.core.wmem_max(linux) or kern.ipc.maxsockbuf(b
Apr 30 15:07:51 akacja unbound[28893]: Apr 30 15:07:51 unbound[28893:0] error: can't bind socket: Address already in use for 0.0.0.0
Apr 30 15:07:51 akacja unbound[28893]: Apr 30 15:07:51 unbound[28893:0] fatal error: could not open ports
Apr 30 15:07:51 akacja systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE
Apr 30 15:07:51 akacja systemd[1]: unbound.service: Failed with result 'exit-code'.
Apr 30 15:07:51 akacja systemd[1]: Failed to start Unbound DNS server.
Apr 30 15:07:51 akacja systemd[1]: unbound.service: Service hold-off time over, scheduling restart.
Apr 30 15:07:51 akacja systemd[1]: unbound.service: Scheduled restart job, restart counter is at 2.
Apr 30 15:07:51 akacja systemd[1]: Stopped Unbound DNS server.
Apr 30 15:07:51 akacja systemd[1]: Starting Unbound DNS server...
Apr 30 15:07:51 akacja package-helper[28918]: /var/lib/unbound/root.key has content
Apr 30 15:07:51 akacja package-helper[28918]: success: the anchor is ok
Apr 30 15:07:51 akacja unbound[28935]: Apr 30 15:07:51 unbound[28935:0] warning: so-rcvbuf 4194304 was not granted. Got 425984. To fix: start with root permissions(linux) or sysctl bigger net.core.rmem_max(linux) or kern.ipc.maxsockbuf(b
Apr 30 15:07:51 akacja unbound[28935]: Apr 30 15:07:51 unbound[28935:0] warning: so-sndbuf 4194304 was not granted. Got 425984. To fix: start with root permissions(linux) or sysctl bigger net.core.wmem_max(linux) or kern.ipc.maxsockbuf(b
Apr 30 15:07:51 akacja unbound[28935]: Apr 30 15:07:51 unbound[28935:0] error: can't bind socket: Address already in use for 0.0.0.0
Apr 30 15:07:51 akacja unbound[28935]: Apr 30 15:07:51 unbound[28935:0] fatal error: could not open ports
Apr 30 15:07:51 akacja systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE
Apr 30 15:07:51 akacja systemd[1]: unbound.service: Failed with result 'exit-code'.
Apr 30 15:07:51 akacja systemd[1]: Failed to start Unbound DNS server.
Apr 30 15:07:51 akacja systemd[1]: unbound.service: Service hold-off time over, scheduling restart.
Apr 30 15:07:51 akacja systemd[1]: unbound.service: Scheduled restart job, restart counter is at 3.
Apr 30 15:07:51 akacja systemd[1]: Stopped Unbound DNS server.
Apr 30 15:07:51 akacja systemd[1]: Starting Unbound DNS server...
Apr 30 15:07:52 akacja package-helper[28961]: /var/lib/unbound/root.key has content
Apr 30 15:07:52 akacja package-helper[28961]: success: the anchor is ok
Apr 30 15:07:52 akacja unbound[28981]: Apr 30 15:07:52 unbound[28981:0] warning: so-rcvbuf 4194304 was not granted. Got 425984. To fix: start with root permissions(linux) or sysctl bigger net.core.rmem_max(linux) or kern.ipc.maxsockbuf(b
Apr 30 15:07:52 akacja unbound[28981]: Apr 30 15:07:52 unbound[28981:0] warning: so-sndbuf 4194304 was not granted. Got 425984. To fix: start with root permissions(linux) or sysctl bigger net.core.wmem_max(linux) or kern.ipc.maxsockbuf(b
Apr 30 15:07:52 akacja unbound[28981]: Apr 30 15:07:52 unbound[28981:0] error: can't bind socket: Address already in use for 0.0.0.0
Apr 30 15:07:52 akacja unbound[28981]: Apr 30 15:07:52 unbound[28981:0] fatal error: could not open ports
Apr 30 15:07:52 akacja systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE
Apr 30 15:07:52 akacja systemd[1]: unbound.service: Failed with result 'exit-code'.
Apr 30 15:07:52 akacja systemd[1]: Failed to start Unbound DNS server.
Apr 30 15:07:52 akacja systemd[1]: unbound.service: Service hold-off time over, scheduling restart.
Apr 30 15:07:52 akacja systemd[1]: unbound.service: Scheduled restart job, restart counter is at 4.
Apr 30 15:07:52 akacja systemd[1]: Stopped Unbound DNS server.
Apr 30 15:07:52 akacja systemd[1]: Starting Unbound DNS server...
Apr 30 15:07:52 akacja package-helper[29004]: /var/lib/unbound/root.key has content
Apr 30 15:07:52 akacja package-helper[29004]: success: the anchor is ok
Apr 30 15:07:52 akacja unbound[29021]: Apr 30 15:07:52 unbound[29021:0] warning: so-rcvbuf 4194304 was not granted. Got 425984. To fix: start with root permissions(linux) or sysctl bigger net.core.rmem_max(linux) or kern.ipc.maxsockbuf(b
Apr 30 15:07:52 akacja unbound[29021]: Apr 30 15:07:52 unbound[29021:0] warning: so-sndbuf 4194304 was not granted. Got 425984. To fix: start with root permissions(linux) or sysctl bigger net.core.wmem_max(linux) or kern.ipc.maxsockbuf(b
Apr 30 15:07:52 akacja unbound[29021]: Apr 30 15:07:52 unbound[29021:0] error: can't bind socket: Address already in use for 0.0.0.0
Apr 30 15:07:52 akacja unbound[29021]: Apr 30 15:07:52 unbound[29021:0] fatal error: could not open ports
Apr 30 15:07:52 akacja systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE
Apr 30 15:07:52 akacja systemd[1]: unbound.service: Failed with result 'exit-code'.
Apr 30 15:07:52 akacja systemd[1]: Failed to start Unbound DNS server.
Apr 30 15:07:52 akacja systemd[1]: unbound.service: Service hold-off time over, scheduling restart.
Apr 30 15:07:52 akacja systemd[1]: unbound.service: Scheduled restart job, restart counter is at 5.
Apr 30 15:07:52 akacja systemd[1]: Stopped Unbound DNS server.
Apr 30 15:07:52 akacja systemd[1]: unbound.service: Start request repeated too quickly.
Apr 30 15:07:52 akacja systemd[1]: unbound.service: Failed with result 'exit-code'.
Apr 30 15:07:52 akacja systemd[1]: Failed to start Unbound DNS server.

2. Run: unbound -d
See where it fails.

ela@akacja:~$ sudo unbound -d
Apr 30 15:11:41 unbound[29740:0] warning: so-rcvbuf 4194304 was not granted. Got 425984. To fix: start with root permissions(linux) or sysctl bigger net.core.rmem_max(linux) or kern.ipc.maxsockbuf(bsd) values.
Apr 30 15:11:41 unbound[29740:0] warning: so-sndbuf 4194304 was not granted. Got 425984. To fix: start with root permissions(linux) or sysctl bigger net.core.wmem_max(linux) or kern.ipc.maxsockbuf(bsd) values.
Apr 30 15:11:41 unbound[29740:0] error: can't bind socket: Address already in use for 0.0.0.0
Apr 30 15:11:41 unbound[29740:0] fatal error: could not open ports

I'm newbee in Linux.
I use ubuntu server and SOC intel apollo lake SOC as home router/firewal/Nas/music server.
It worked fine (with 17.10) before upgrade...
After ubuntu upgrade I have issues with unbound, firewall (shorewall), and Wifi network interface (hostapd dosen't start automaticaly) :wink:
How could I fix unbound issue?
Thanks,

4

systemd-resolved is using the socket, so Unbound can't bind it.

You needed Unbound before. Are you _sure_ you still need it? It might
be that systemd-resolved does what you need now.

If you do need Unbound, then take another look at my previous mail,
which showed in the "setup-script" section how you might change things.
But since you're new in Linux, I *strongly* recommend seeing if sticking
with the OS defaults will work better for you.

-Phil

5

Does systemd-resolved still sends out your query over ALL interfaces'
DNS servers and trusts the FIRST answer that comes back regardless of
DNSSEC status?

Paul

6

If you do need Unbound, then take another look at my previous mail, which showed in the “setup-script” section how you might change things.
But since you’re new in Linux, I strongly recommend seeing if sticking with the OS defaults will work better for you.

Thank you Phil,
You saved me a few hours spent searching for a resolution.
Yes stopping and disabling systemd-resolved service ‘unblock’ unbound.

I will look closer to systemd-resolved but I like unbound and currently stay with unbound :slight_smile:
Regards,
Bernard

7

Pass: it lacked the configurability I needed to be a viable option for
the deployment where I was looking. EC2 instance, needs access to
resolve "internal." and "amazonaws.com." using the in-VPC
Amazon-provided DNS resolvers, for customized results, but resolving
everything else via direct resolution, because Amazon's resolvers break
DNSSEC.

So I had a solid basis for sticking with Unbound, so that I could get
validation for everything except the domains which _have_ to be passed
onto certain upstreams. Cue much cussing yesterday. On the bright
side, I got a debugged setup in time to share details to help someone
else.

-Phil