[SOLVED] Unbound refuses to start

PiotrPyclik · 2014-08-24 07:08:50

Hi,

I've set up DNSCrypt and Unbound, as explained in the wiki. I've enabled systemd services both for DNSCrypt and Unbound and created configuration file, to have DNSCrypt started before Unbound.

Here is my /etc/systemd/system/dnscrypt-proxy.service.d/unbound.conf:

[Unit]
Before=unbound.service

DNSCrypt starts up just fine, however Unbound doesn't and I get following output, to systemctl status unbound -l command:

● unbound.service - Unbound DNS Resolver
   Loaded: loaded (/usr/lib/systemd/system/unbound.service; enabled)
   Active: failed (Result: start-limit) since Sun 2014-08-24 08:12:08 CEST; 52min ago
  Process: 4949 ExecStart=/usr/bin/unbound -d (code=exited, status=1/FAILURE)
 Main PID: 4949 (code=exited, status=1/FAILURE)

Aug 24 08:12:07 esme unbound[4949]: [1408860727] unbound[4949:0] fatal error: could not open ports
Aug 24 08:12:07 esme systemd[1]: unbound.service: main process exited, code=exited, status=1/FAILURE
Aug 24 08:12:07 esme systemd[1]: Unit unbound.service entered failed state.
Aug 24 08:12:08 esme systemd[1]: unbound.service start request repeated too quickly, refusing to start.
Aug 24 08:12:08 esme systemd[1]: Failed to start Unbound DNS Resolver.
Aug 24 08:12:08 esme systemd[1]: Unit unbound.service entered failed state.

The weird thing is, that sometimes Unbound will start, but I don't know on what it may depend. Does anyone have an idea, how to fix it?

Last edited by PiotrPyclik (2014-09-02 21:06:08)

lahwaacz · 2014-08-24 10:06:20

The 'could not open ports' part suggests wrong configuration of ports on either DNSCrypt or Unbound side. In /etc/conf.d/dnscrypt-proxy the variable DNSCRYPT_LOCALPORT can't be set to 53, which would cause this error. What is your configuration?

PiotrPyclik · 2014-08-24 10:41:23

Here is my /etc/conf.d/dnscrypt-proxy file:

DNSCRYPT_LOCALIP=127.0.0.1
DNSCRYPT_LOCALPORT=40
DNSCRYPT_USER=nobody
DNSCRYPT_PROVIDER_NAME=2.dnscrypt-cert.resolver2.dnscrypt.eu
DNSCRYPT_PROVIDER_KEY=3748:5585:E3B9:D088:FD25:AD36:B037:01F5:520C:D648:9E9A:DD52:1457:4955:9F0A:9955
DNSCRYPT_RESOLVERIP=77.66.84.233
DNSCRYPT_RESOLVERPORT=443

and /etc/unbound/unbound.conf:

server:
  username: "unbound"
  directory: "/etc/unbound"
  use-syslog: yes
  do-not-query-localhost: no
  forward-zone:
    name: "."
    forward-addr: 127.0.0.1@40

ghen · 2014-08-26 08:14:06

(sudo) netstat -lutnp should tell you who is listening on what udp/tcp ports.

Can you start unbound when dnscrypt is not running?

PiotrPyclik · 2014-08-26 19:38:52

The strange thing is, that half of the times dnscrypt-proxy and unbound start without any problem - in such case, I can also stop and start them manually. Last time, unbound failed to start and here is output I've got:

~ sc-status unbound
● unbound.service - Unbound DNS Resolver
   Loaded: loaded (/usr/lib/systemd/system/unbound.service; enabled)
   Active: failed (Result: start-limit) since Tue 2014-08-26 21:31:10 CEST; 4s ago
  Process: 1834 ExecStart=/usr/bin/unbound -d (code=exited, status=1/FAILURE)
 Main PID: 1834 (code=exited, status=1/FAILURE)

Output stays exactly the same, regardless of status of dnscrypt-proxy. Also, it is different than in my first post. I don't know why, because I haven't changed configuration.

Here is my netstat -lutnp:

~ _ netstat -lutnp        
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      236/connmand        
tcp        0      0 127.0.0.1:8118          0.0.0.0:*               LISTEN      254/privoxy         
tcp        0      0 0.0.0.0:8888            0.0.0.0:*               LISTEN      265/btsync          
tcp        0      0 0.0.0.0:62204           0.0.0.0:*               LISTEN      265/btsync          
tcp6       0      0 ::1:53                  :::*                    LISTEN      236/connmand        
udp        0      0 127.0.0.1:37504         0.0.0.0:*                           265/btsync          
udp        0      0 0.0.0.0:62204           0.0.0.0:*                           265/btsync          
udp        0      0 0.0.0.0:3838            0.0.0.0:*                           265/btsync          
udp        0      0 0.0.0.0:1900            0.0.0.0:*                           265/btsync          
udp        0      0 0.0.0.0:59303           0.0.0.0:*                           233/systemd-timesyn 
udp        0      0 127.0.0.1:53            0.0.0.0:*                           236/connmand        
udp        0      0 192.168.0.101:49312     0.0.0.0:*                           265/btsync          
udp6       0      0 ::1:53                  :::*                                236/connmand

PiotrPyclik · 2014-08-26 19:47:37

And here is output to netstat -lnptu I've got after successfully starting unbound:

~ _ netstat -lnptu            
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      247/unbound         
tcp        0      0 127.0.0.1:8118          0.0.0.0:*               LISTEN      251/privoxy         
tcp        0      0 0.0.0.0:8888            0.0.0.0:*               LISTEN      268/btsync          
tcp        0      0 0.0.0.0:58920           0.0.0.0:*               LISTEN      268/btsync          
tcp        0      0 127.0.0.1:40            0.0.0.0:*               LISTEN      246/dnscrypt-proxy  
tcp6       0      0 ::1:53                  :::*                    LISTEN      247/unbound         
udp        0      0 192.168.0.101:37893     0.0.0.0:*                           268/btsync          
udp        0      0 127.0.0.1:42225         0.0.0.0:*                           268/btsync          
udp        0      0 0.0.0.0:58920           0.0.0.0:*                           268/btsync          
udp        0      0 0.0.0.0:3838            0.0.0.0:*                           268/btsync          
udp        0      0 0.0.0.0:1900            0.0.0.0:*                           268/btsync          
udp        0      0 127.0.0.1:40            0.0.0.0:*                           246/dnscrypt-proxy  
udp        0      0 127.0.0.1:53            0.0.0.0:*                           247/unbound         
udp        0      0 0.0.0.0:45465           0.0.0.0:*                           246/dnscrypt-proxy  
udp        0      0 0.0.0.0:57826           0.0.0.0:*                           238/systemd-timesyn 
udp6       0      0 ::1:53                  :::*                                247/unbound

ghen · 2014-08-30 15:42:27

Can you start unbound with (sudo) "unbound -d -v" to print more verbose output?

PiotrPyclik · 2014-09-02 19:36:45

Hi,
thanks for help, but after couple of days and several restarts, Unbound starts fine each time. I guess, it will remain a mystery. Nevertheless, I can't change the topic to "solved"...

ewaller · 2014-09-02 20:44:34

PiotrPyclik wrote:

Nevertheless, I can't change the topic to "solved"...

Well, you are the original poster, and the thread is not locked. So, go back and edit your first post and you should have the ability to edit the thread title. Just prepend [SOLVED] to the title.

Thanks

PiotrPyclik · 2014-09-02 21:05:54

What I meant is, I still don't know, what caused the problem. But since it no longer exists, I'll change the title.

Arch Linux

#1 2014-08-24 07:08:50

[SOLVED] Unbound refuses to start

#2 2014-08-24 10:06:20

Re: [SOLVED] Unbound refuses to start

#3 2014-08-24 10:41:23

Re: [SOLVED] Unbound refuses to start

#4 2014-08-26 08:14:06

Re: [SOLVED] Unbound refuses to start

#5 2014-08-26 19:38:52

Re: [SOLVED] Unbound refuses to start

#6 2014-08-26 19:47:37

Re: [SOLVED] Unbound refuses to start

#7 2014-08-30 15:42:27

Re: [SOLVED] Unbound refuses to start

#8 2014-09-02 19:36:45

Re: [SOLVED] Unbound refuses to start

#9 2014-09-02 20:44:34

Re: [SOLVED] Unbound refuses to start

#10 2014-09-02 21:05:54

Re: [SOLVED] Unbound refuses to start

Board footer