I’m coming back to this topic because it continues to be a real problem for my system usability. I did some reading on unbound configuration and tried out one of the ways to turn off DNSSEC, but that didn’t help.
Basically, if there is any variation in our internet connection quality, which there is many times per day, DNS security reports “Broken” and all the rDNS entries on the page show that they failed to resolve. When this happens, it can take 10+ minutes for the DNS to start working again. If I connect directly to our internet connection device, traffic passes. So, it i the DSN security that is getting in the way of IPFire working on our setup now, which was not the case prior to the change to Unbound, I believe.
I looked at this page: https://nlnetlabs.nl/documentation/unbound/howto-turnoff-dnssec/
And I decided to try out
server:
val-permissive-mode: yes
That didn’t change anything.
Is there any way to turn off this security feature so that Unbound just routes traffic w/o whatever is going on to keep it from working on my system? Again, I realize t his is not ideal for security purposes, but a largely unusable/unreliable router is not ideal either.
Finally, doing some of my own sleuthing, I did find this error reported shown below when checking unbound via command line. Could this be part of the problem?
[root@ipfire unbound]# unbound -v
[1603450576] unbound[4758:0] notice: Start of unbound 1.11.0.
Oct 23 11:56:16 unbound[4758:0] error: can’t bind socket: Address already in use for 127.0.0.1 port 8953
Oct 23 11:56:16 unbound[4758:0] error: cannot open control interface 127.0.0.1 8953
Oct 23 11:56:16 unbound[4758:0] fatal error: could not open ports