Arch Linux

phoenixclank

Member

Registered: 2022-03-14

Posts: 13

[SOLVED] unbound takes a long time to start

unbound, version 1.24.0, takes about two minutes to start working.

Before it works, `systemctl status unbound` shows:

○ unbound.service - Validating, recursive, and caching DNS resolver
     Loaded: loaded (/usr/lib/systemd/system/unbound.service; enabled; preset: disabled)
     Active: inactive (dead)
        Job: 135
       Docs: man:unbound(8)

(This was ran at 17:14 o’clock)

When it works, the status is:

● unbound.service - Validating, recursive, and caching DNS resolver
     Loaded: loaded (/usr/lib/systemd/system/unbound.service; enabled; preset: disabled)
     Active: active (running) since Wed 2025-09-24 17:16:19 CEST; 2min 38s ago
 Invocation: d593671b049248f2af3ce9d1df1a4b00
       Docs: man:unbound(8)
   Main PID: 1597 (unbound)
      Tasks: 1 (limit: 18230)
     Memory: 10M (peak: 10M)
        CPU: 43ms
     CGroup: /system.slice/unbound.service
             └─1597 /usr/bin/unbound -d -p

Sep 24 17:16:19 archp systemd[1]: Starting Validating, recursive, and caching DNS resolver...
Sep 24 17:16:19 archp unbound[1597]: [1597:0] notice: init module 0: validator
Sep 24 17:16:19 archp unbound[1597]: [1597:0] notice: init module 1: iterator
Sep 24 17:16:19 archp unbound[1597]: [1597:0] info: start of service (unbound 1.24.0).
Sep 24 17:16:19 archp systemd[1]: Started Validating, recursive, and caching DNS resolver.

In between, `unbound-host` can resolve domain names, but any program that tries to access the internet fails.

Downgrading to version 1.23.1 fixes this behavior (domain name resolution is available as soon as `.zlogin` is sourced).

Config options that I changed from the shipped file:

server:
	interface: 127.0.0.1
	interface: ::1
	so-rcvbuf: 0
	so-sndbuf: 0
	access-control: 127.0.0.0/8 allow
	access-control: ::1 allow
	access-control: ::ffff:127.0.0.1 allow
	interface-action: 127.0.0.1 allow
	interface-action: ::1 allow
	harden-dnssec-stripped: yes
	harden-below-nxdomain: yes
	harden-algo-downgrade: yes
	qname-minimisation: yes
	qname-minimisation-strict: no
	aggressive-nsec: yes
	dns-error-reporting: no

Last edited by phoenixclank (2025-09-29 17:32:47)

phoenixclank

Member

Registered: 2022-03-14

Posts: 13

Re: [SOLVED] unbound takes a long time to start

After some more digging, I commented out the line

Wants=network-online.target

in `/usr/lib/systemd/system/unbound.service`. This fixes the startup delay.
The line was put there in response to https://github.com/NLnetLabs/unbound/issues/1317.

Is there a different way I can configure my system for unbound to start quickly, without needing to wrench around in its shipped systemd unit file?

-thc

Member

Registered: 2017-03-15

Posts: 992

Re: [SOLVED] unbound takes a long time to start

I see two options:

- Correctly edit the systemd unit - which leaves the shipped file untouched
- Find out what your network management does to create this online delay - what happens after that time span?

Last edited by -thc (2025-09-29 14:46:17)

phoenixclank

Member

Registered: 2022-03-14

Posts: 13

Re: [SOLVED] unbound takes a long time to start

I have no idea what could cause this delay.

By now I’m pretty sure it’s some kind of timeout though. It always takes two minutes.

Anyways, my networks are managed by systemd-networkd. It knows about ethernet and wi-fi. Wi-fi is handled by iwd, and is how I usually connect to the internet.

During the timeout, wi-fi shows up as “configured” in `networkctl` immediately. Even if the ethernet is also plugged in before boot, it takes quite a while for it to show up as “configured”. It does so during the timeout though, so even after all networks systemd wants to manage show up as “configured” and “routable”, unbound still shows up as “inactive (dead)”.
Nothing changes if I add

[Link]
RequiredForOnline=no

to all my *.network files.

And as you can see from the timestamps in the OP, systemctl doesn’t even attempt to start unbound before the timeout expires. After that, unbound starts within one second.

Now that I look at the output of `networkctl status`, it not only says:

Online State: unknown

but also in the logs:

Sep 29 17:37:44 archp systemd-networkd[597]: wlan0: Connected WiFi access point: [REDACTED]
Sep 29 17:37:44 archp systemd-networkd[597]: wlan0: Gained carrier
Sep 29 17:37:44 archp systemd-networkd[597]: wlan0: DHCPv4 address 192.168.178.44/24, gateway 192.168.178.1 acquired from 192.168.178.1
Sep 29 17:37:46 archp systemd-networkd[597]: wlan0: Gained IPv6LL
Sep 29 17:38:07 archp systemd-networkd[597]: eno1: Gained carrier
Sep 29 17:38:09 archp systemd-networkd[597]: eno1: Gained IPv6LL
Sep 29 17:38:11 archp systemd-networkd[597]: eno1: DHCPv4 address 192.168.178.38/24, gateway 192.168.178.1 acquired from 192.168.178.1
Sep 29 17:39:40 archp systemd[1]: systemd-networkd-wait-online.service: Main process exited, code=exited, status=1/FAILURE
Sep 29 17:39:40 archp systemd[1]: systemd-networkd-wait-online.service: Failed with result 'exit-code'.
Sep 29 17:39:40 archp systemd[1]: Failed to start Wait for Network to be Configured.

Why does it fail to see me as online? (And why does it take one minute to gain connectivity via ethernet?)

-thc

Member

Registered: 2017-03-15

Posts: 992

Re: [SOLVED] unbound takes a long time to start

At least we know the cause of the 2 min delay.

Take a look at https://man.archlinux.org/man/systemd-n … .service.8.

You can try to edit the service file to add options to the call of the binary (like "--any" or "--interface=...").

That also works on the command line:

/usr/lib/systemd/systemd-networkd-wait-online --any

Last edited by -thc (2025-09-29 16:43:10)

phoenixclank

Member

Registered: 2022-03-14

Posts: 13

Re: [SOLVED] unbound takes a long time to start

Thanks! Adding `--any` (properly with a drop-in file this time), in conjunction with removing `RequiredForOnline=no` from my *.network files again, fixed this behavior!