You are not logged in.

Pages: 1

#1 2024-07-07 09:08:03

Teaspoon
Member
Registered: 2012-08-29
Posts: 20

Unbound failing to start on boot due to systemd ordering

Any time my server reboots my Unbound DNS service dies and needs to be manually restarted:

$ journalctl -b0 -u unbound
Jul 07 18:42:42 luggage systemd[1]: Starting Validating, recursive, and caching DNS resolver...
Jul 07 18:42:42 luggage unbound[631]: [1720341762] unbound[631:0] error: node enp5s0:53 getaddrinfo: Name or service not known
Jul 07 18:42:42 luggage unbound[631]: [1720341762] unbound[631:0] fatal error: could not open ports
Jul 07 18:42:42 luggage systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE
Jul 07 18:42:42 luggage systemd[1]: unbound.service: Failed with result 'exit-code'.
Jul 07 18:42:42 luggage systemd[1]: Failed to start Validating, recursive, and caching DNS resolver.
Jul 07 18:43:11 luggage systemd[1]: Starting Validating, recursive, and caching DNS resolver...
Jul 07 18:43:11 luggage unbound[732]: [732:0] notice: init module 0: subnetcache
Jul 07 18:43:11 luggage unbound[732]: [732:0] notice: init module 1: validator
Jul 07 18:43:11 luggage unbound[732]: [732:0] notice: init module 2: iterator
Jul 07 18:43:11 luggage unbound[732]: [732:0] info: start of service (unbound 1.20.0).
Jul 07 18:43:11 luggage systemd[1]: Started Validating, recursive, and caching DNS resolver.
Jul 07 18:43:11 luggage unbound[732]: [732:0] info: generate keytag query _ta-4f66-5811. NULL IN

The issue seems to be that systemd-networkd hasn't brought up the enp5s0 interface and set its addresses before the unbound service is started. The unit file is the one included with the package, and the After and Before rules are:

[Unit]
Description=Validating, recursive, and caching DNS resolver
Documentation=man:unbound(8)
After=network.target
Before=network-online.target nss-lookup.target

The interface lines of my unbound.conf look like:

        interface: 127.0.0.1
        interface: 0.0.0.0
        interface: ::1
        interface: enp5s0

but if I try replacing the interface name with the actual v4 and v6 addresses it still fails to start because those addresses aren't available to listen on.

It looks like some of my other services like kea-dhcp4 use After=network-online.target and avoid coming up before the interface is ready for them, so why does Unbound's default unit file have it try to come up before network-online.target? What risks am I facing if I add an override to

[Unit]
After=network-online.target
Before=nss-lookup.target

?

Offline

#2 2024-07-07 15:01:16

GeneArch
Member
Registered: 2013-07-28
Posts: 83

Re: Unbound failing to start on boot due to systemd ordering

Try adding this to your unbound.conf file:

    ip-freebind: yes

It should fix the problem .

Edit:  Same for nsd if you use it.

Last edited by GeneArch (2024-07-07 15:13:22)

Offline

Pages: 1

Board footer

Powered by FluxBB