Looks like unbound has a problem (cannot start or hung at stop)
Maybee also the dns rootkey (anchor) is corrupted.
Try:
/etc/init.d/unbound stop
unbound-anchor
/etc/init.d/unbound start
1 Like
Hi Arne.F,
let’s look at the results:
[root@ipf ~]# /etc/init.d/unbound stop
Stopping Unbound DNS Proxy… [ OK ]
[root@ipf ~]# unbound-anchor
[1620206035] libunbound[27383:0] error: udp connect failed: Cannot assign requested address for 2001:500:9f::42 port 53
[1620206035] libunbound[27383:0] error: udp connect failed: Cannot assign requested address for 2001:dc3::35 port 53
[root@ipf ~]# /etc/init.d/unbound start
Starting Unbound DNS Proxy… [ OK ]
[root@ipf ~]#
Looks like IPv6 problem - I don’t configured IPv6 … should it been configured ? and how to do?
The IPv6 messages are normal. If there is no other error the rootkey should be Ok.
You can verify this also by adding verbose switch.
unbound-anchor -v
should print “success: the anchor is ok”
after some IPv6 errors if no IPv6 is present.
Is your clock working? DNSSec validation need the correct date.
Btw: the failing rDNS is not the reason for the broken dns. (the reverse DNS display need working DNS to display something).
1 Like
Thanks for advice…
Yes, clock is working - iPFire is the time server in GREEN.
Today I tested again with UDP then TCP and again with ISP UDP|TCP …:
Everytime the same : Status: BROKEN and Error in rDNS
I think, we are on the wrong lane …
For information purposes
dns2.digitalcourage.de
According to the entry on the website, you should no longer use this for new installations anymore. Have therefore adapted wiki with changed data.
6 Likes
Thanks for advice …
- the entry for digitalcourage.de is updated
… we found the reason of unbound error.
cat /var/log/messages | grep unbound
There were errors to see…
Under [Network] > [DNS Forwarding] was 1 failure entry . corrected this - now DNS works !!! 
.
1 Like