Hello All,
I have set up a Debian 10 container in Proxmox, for the purpose of running pi-hole. This works fine.
I installed Unbound from apt, and configured as per these instructions: https://docs.pi-hole.net/guides/unbound
I reach the point of testing Unbound (before plugging in to pihole, so effectively a stand alone installation at this point), but the testing fails. Any dig sent to @127.0.0.1 -p 5353 (Unbound) returns SERVFAIL.
I have tried working out the issue with the pihole team, but my configuration matches other working systems, so something seems to be going wrong with my Unbound installation, or the OS environment it is running in.
Has anyone had issues running Unbound in a CT/Proxmox?
is yout time corrects on that box?
E
The box itself does not allow the systemd time keeping system to start, due to being in a container. I assume proxmox is working as the time keeper for the containers.
Proxmox does sync time, and the time zone is set correctly on both hypervisor and container.
So short answer is that running ‘date’ in the debian container returns the correct time and time zone.
Dne 16. 01. 20 v 4:21 Brendan Konings via unbound-users napsal(a):
Any dig sent to @127.0.0.1 <http://127.0.0.1> -p 5353 (Unbound) returns
SERVFAIL.
Can you confirm (for instance by ss -ulnp) that it is actually Unbound
listening on port 5353? This port is assigned to Multicast DNS. Many
Linux distributions have a mdns daemon sitting on it.
Hi Brendan,
I have set up a Debian 10 container in Proxmox, for the purpose of running
I have Unbound on my laptop, also running Buster, and the same problem.
fails. Any dig sent to @127.0.0.1 -p 5353 (Unbound) returns SERVFAIL.
I can confirm. I don't think it has anything to do with Proxmox.
Although the documentation says that Unbound will automatically figure
out whether to talk IPv4 or IPv6, or at least, that it does not prefer
IPv6, but only after saying
do-ipv6: no
in the configuration and a server restart, things started to work.
To me, this looks like a bug. I would also like to note that, at least
these days, one can encounter both IPv4-only and IPv6-only networks, and
it's quite inconvenient to have to reconfigure the local unbound when
connecting your laptop to these kinds of networks.
HTH.
Cheers,
Toni
If unbound works correctly after restarting the service, you may need to configure a systemd override.
This was required to get the service to start correctly on boot on my Debian 10.2 host.
root@host:~# grep After /lib/systemd/system/unbound.service
After=network.target
root@host:~# cat /etc/systemd/system/unbound.service.d/override.conf
[Unit]
After=systemd-networkd-wait-online.service
Regards,
Mark Picone
Hi Mark!
thank you for this hint!
If unbound works correctly after restarting the service, you may need to configure a systemd override.
This was required to get the service to start correctly on boot on my Debian 10.2 host.
root@host:~# grep After /lib/systemd/system/unbound.service
After=network.target
root@host:~# cat /etc/systemd/system/unbound.service.d/override.conf
[Unit]
After=systemd-networkd-wait-online.service
I've just checked on my laptop: It's also 10.2. I added your override,
did a systemctl daemon-reload, and commented the do-ipv6: no statement
from Unbound's configuration. Then I restarted unbound. And I got
"SERVFAIL" immediately, on everything. Conversely, explicitly disabling
IPv6 and restarting Unbound made resolution work again, immediately, and
on the same names where resolution failed before.
I think this is a problem with at least Debian's version of Unbound
(1.9.0).
Cheers,
Toni