Problem with unbound

Network
1

Hi guys.

I have a problem with an IPFire which is broken no matter what I do.

It was working fine until recently, but I don’t know what happened; everything seems OK, but it’s not working. Running /etc/init.d/unbound restart shows:

[root@bs ~]# /etc/init.d/unbound restart
Stopping Unbound DNS Proxy...    Not running.                          [ WARN ]
Starting Unbound DNS Proxy...                                          [  OK  ]
[root@bs ~]# /etc/init.d/unbound status
/usr/sbin/unbound is not running but /var/run/unbound.pid exists.
[root@bs ~]# /etc/init.d/unbound restart
Stopping Unbound DNS Proxy...    Not running.                          [ WARN ]
Starting Unbound DNS Proxy...                                          [  OK  ]
[root@bs ~]#

This image shows how it is:

imagen
imagen1012×750 26.1 KB

Any ideas?

Thanks.

2

Putting it in verbose mode gives me the following:

[root@bs ~]# /etc/init.d/unbound restart
Stopping Unbound DNS Proxy...    Not running.                          [ WARN ]
Starting Unbound DNS Proxy...
[1773872224] unbound[4006:0] notice: Start of unbound 1.24.2.
Mar 18 23:17:04 unbound[4006:0] debug: module config: "respip validator iterator"
Mar 18 23:17:05 unbound[4006:0] debug: chdir to /etc/unbound
Mar 18 23:17:05 unbound[4006:0] debug: drop user privileges, run as nobody
Mar 18 23:17:05 unbound[4006:0] debug: switching log to stderr
Mar 18 23:17:05 unbound[4006:0] warning: duplicate local-zone google.es.
Mar 18 23:17:05 unbound[4006:0] warning: duplicate local-zone google.com.
Mar 18 23:17:05 unbound[4006:0] error: local-data 'www.google.com 60 IN A 216.239.32.20' in redirect zone must not coexist with CNAME local-data
Mar 18 23:17:05 unbound[4006:0] fatal error: Could not set up local zon[ FAIL ]
[root@bs ~]#
3

[root@bs ~]# unbound-checkconf /etc/unbound/unbound.conf
[1773872764] unbound-checkconf[5826:0] warning: duplicate local-zone google.es.
[1773872764] unbound-checkconf[5826:0] warning: duplicate local-zone google.com.
[1773872764] unbound-checkconf[5826:0] error: local-data ‘www.google.com 60 IN A 216.239.32.20’ in redirect zone must not coexist with CNAME local-data
[1773872764] unbound-checkconf[5826:0] fatal error: failed local-zone, local-data configuration
[root@bs ~]#

4

Yessss, I’ve partially fixed it. Now, at least, it starts. I disabled both “Enable Safe Search” and “Include YouTube in Safe Search”, ran /etc/init.d/unbound restart again, and voilà, it works.

I need to investigate further…

P.D.: Only with “Enable safe search”

5

I’m a bit confused. Unbound is meant to avoid using external name servers, such as Google or EU DNS. I don’t know how this is implemented in IPfire, but in my opinion, these servers shouldn’t be configured in the DNS configuration.

Unbound should use a static list of root DNS servers and work similarly to other nameservers such as Google.

The consequence of using unbound is keeping your DNS root server list up-to-date. If you want to use DNSSEC, you need to have good system time.

6

If you don’t want to use any of the dns servers that are available then you can leave the DNS list empty of any dns server names and the system will then go into Recursor Mode as described in the DNS documentation.

https://www.ipfire.org/docs/configuration/network/dns-server#recursive-resolver

4 Likes
7

The correct status in this case should look like this:

unboud-ipfire
unboud-ipfire320×154 7.79 KB

8

Yes that is correct.