Can not view unbound in /opt folder

[jrgiacone]

When building from a custom volume or default with docker-compose (no volume specified) there seems to be no file mounted in the /opt folder. Am I looking in the wrong spot, I only see pivpn in my case. Unbound is running but no config file can be located.

When created with a custom volume path such as /home/user/unbound:/opt/unbound/etc/unbound/ It also runs, but again nothing shows up in the opt/ folder, is this something I need to create?

[MatthewVance]

Yes. If you're mounting a volume, you have to provide configuration files. Those files will

If your customized configuration is located at /home/user/unbound and that's what you're mounting as your volume path, you'll need the following file at minimum: -- unbound.conf

This explains it further: https://github.com/MatthewVance/unbound-docker-rpi#use-a-fully-customize-unbound-configuration

If you don't mount a volume, the default configs get put in /opt/unbound/etc/unbound/.

[jrgiacone]

Mathew, appreciate it, my issue runs when i try to link the root.hints file which is also located within my home/user/unbound folder, the container constantly restarts.

[jrgiacone]

I can see that my file system in the container shows:

root@98968548a32b:/opt/unbound/etcroot@98968548a32b:/opt/unbound/etc/unbound# ls
dev  root.hints  unbound-working.conf  unbound.conf  unbound.pid  var/unbound# ls

However, when uncomment the line for /opt/unbound/etc/unbound/root.hints the container continually restarts

[MatthewVance]

Can you show the relevant parts of your unbound.sh and also the docker-compose or docker run command?

[jrgiacone]

sure thing here is my unbound.conf

server:
# If no logfile is specified, syslog is used
# logfile: "/var/log/unbound/unbound.log"
verbosity: 0

access-control: 172.16.0.0/12 allow
access-control: 127.0.0.0/8 allow
access-control: 10.0.0.0/8 allow
access-control: 192.168.0.0/16 allow
interface: 0.0.0.0
#port: 5335
do-ip4: yes
do-udp: yes
do-tcp: yes

# May be set to yes if you have IPv6 connectivity
do-ip6: no

# You want to leave this to no unless you have *native* IPv6. With 6to4 and
# Terredo tunnels your web browser should favor IPv4 for the same reasons
prefer-ip6: no

# Use this only when you downloaded the list of primary root servers!
# If you use the default dns-root-data package, unbound will find it automatically
# I have to quote out this root-hints, as it causing container endless restarting for a new installation. You can add root-hints back after first run.
#root-hints: “/opt/unbound/etc/unbound/root.hints”

# Trust glue only if it is within the server's authority
harden-glue: yes

# Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
harden-dnssec-stripped: yes

# Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes
# see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
use-caps-for-id: no

# Reduce EDNS reassembly buffer size.
# Suggested by the unbound man page to reduce fragmentation reassembly problems
edns-buffer-size: 1232

# Perform prefetching of close to expired message cache entries
# This only applies to domains that have been frequently queried
prefetch: yes

# One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.
num-threads: 1

# Ensure kernel buffer is large enough to not lose messages in traffic spikes
so-rcvbuf: 1m

# Ensure privacy of local IP ranges
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
private-address: 172.16.0.0/12
private-address: 10.0.0.0/8
private-address: fd00::/8
private-address: fe80::/10

here is my docker-compose:

 unbound:
    container_name: unbound
    image: mvance/unbound-rpi:latest
    restart: unless-stopped
    volumes:
      - /home/[user removed]/unbound:/opt/unbound/etc/unbound/
    ports:
      - "5053:53/tcp"
      - "5053:53/udp"

and I do not have an unbound.sh located in the /opt/unbound/etc/unbound#

it is when I uncomment the root-hints line that the container continually restarts

[MatthewVance]

Looks like curly quotes. Replace ” with ".

[jrgiacone]

Matthew you are a mad man! Thank you, I honestly have no idea how the curly got in there, but it is working now! I was also originally missing the / after unbound in my docker-compose.

Regarding the necessity of the root.hints file, is it necessary? I read on the documentation for unbound via pihole that we would need the file if we were compiling vs from a apt package?

[MatthewVance]

You’re welcome. I may or may not have had something similar happen.

When looking at your config and settings, I was confused at first because everything looked right until I spotted those quotes. Blame your text editor. Some like to convert quotes for you.

On Mar 14, 2022, at 7:51 PM, jrgiacone @.***> wrote:

 Matthew you are a mad man! Thank you, I honestly have no idea how the curly got in there, but it is working now! I was also originally missing the / after unbound in my docker-compose

— Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android. You are receiving this because you commented.

[jrgiacone]

also I don't know how important it is but the dnssec check wouldnt work with out var/root.key

[MatthewVance]

Interesting. Could you share how you checked that? I thought that file got auto-created if it doesn't exist per https://www.nlnetlabs.nl/documentation/unbound/unbound-anchor/, but now you have me wondering if it gets created in a default spot or with the wrong permissions causing this not to work.

[MatthewVance]

Closing due to no recent reply. Please reopen if needed.