Looks like unbound has a problem (cannot start or hung at stop)
Maybee also the dns rootkey (anchor) is corrupted.
Try:
/etc/init.d/unbound stop
unbound-anchor
/etc/init.d/unbound start
Looks like unbound has a problem (cannot start or hung at stop)
Maybee also the dns rootkey (anchor) is corrupted.
Try:
/etc/init.d/unbound stop
unbound-anchor
/etc/init.d/unbound start
Hi Arne.F,
let’s look at the results:
[root@ipf ~]# /etc/init.d/unbound stop
Stopping Unbound DNS Proxy… [ OK ]
[root@ipf ~]# unbound-anchor
[1620206035] libunbound[27383:0] error: udp connect failed: Cannot assign requested address for 2001:500:9f::42 port 53
[1620206035] libunbound[27383:0] error: udp connect failed: Cannot assign requested address for 2001:dc3::35 port 53
[root@ipf ~]# /etc/init.d/unbound start
Starting Unbound DNS Proxy… [ OK ]
[root@ipf ~]#
Looks like IPv6 problem - I don’t configured IPv6 … should it been configured ? and how to do?
The IPv6 messages are normal. If there is no other error the rootkey should be Ok.
You can verify this also by adding verbose switch.
unbound-anchor -v
should print “success: the anchor is ok”
after some IPv6 errors if no IPv6 is present.
Is your clock working? DNSSec validation need the correct date.
Btw: the failing rDNS is not the reason for the broken dns. (the reverse DNS display need working DNS to display something).
Thanks for advice…
Yes, clock is working - iPFire is the time server in GREEN.
Today I tested again with UDP then TCP and again with ISP UDP|TCP …:
Everytime the same : Status: BROKEN and Error in rDNS
I think, we are on the wrong lane …
For information purposes
dns2.digitalcourage.de
According to the entry on the website, you should no longer use this for new installations anymore. Have therefore adapted wiki with changed data.
Thanks for advice …
… we found the reason of unbound error.
cat /var/log/messages | grep unbound
There were errors to see…
Under [Network] > [DNS Forwarding] was 1 failure entry . corrected this - now DNS works !!!
.