Joulinar
commented
3 years ago Hi,
Many thanks for your message. Currently there is an issue on Unbound install. Pls can you retry.
Closed jeroen1973 closed 3 years ago
Joulinar
commented
3 years ago Hi,
Many thanks for your message. Currently there is an issue on Unbound install. Pls can you retry.
MichaIng
commented
3 years ago When running into the same issue, please open a subshell from the error prompt and do:
rm /etc/unbound/unbound.conf.d/dietpi-pihole.conf
G_CONFIG_INJECT 'port:[[:blank:]]' ' port: 5335' /etc/unbound/unbound.conf.d/dietpi.conf
G_CONFIG_INJECT 'interface:[[:blank:]]' ' interface: 127.0.0.1' /etc/unbound/unbound.conf.d/dietpi.confNote that we changed the default port for usage with Pi-hole from 5353 to 5335, since the first is already the default port for mDNS (Multicast DNS), so this is what needs to be set in Pi-hole then as well as upstream DNS: 127.0.0.1#5335
jeroen1973
commented
3 years ago Just tried it and again it fails
Jeroen van der Wal
Op 30 dec. 2020 om 17:20 heeft Joulinar notifications@github.com het volgende geschreven:
Hi,
Many thanks for your message. Currently there is an issue on Unbound install. Pls can you retry.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.
ravenclaw900
commented
3 years ago What is the output of the command journalctl -u unbound?
jeroen1973
commented
3 years ago journalctl -u unbound Gave this:
Jeroen van der Wal
Op 30 dec. 2020 om 23:00 heeft ravenclaw900 notifications@github.com het volgende geschreven:
journalctl -u unbound
Joulinar
commented
3 years ago Pls try to upload your information to GitHub directly
jeroen1973
commented
3 years ago journalctl -u unbound
Joulinar
commented
3 years ago Ahh, what IP address you are using? Currently there is an issue not allowing all privat IP adresses.
jeroen1973
commented
3 years ago the raspberrypi has a static ipadress 10.19.19.100
MichaIng
commented
3 years ago Jep that it is it. Take our new configuration file which as well contains some informational comments, is more sorted and allows all private IP ranges:
curl -# https://raw.githubusercontent.com/MichaIng/DietPi/dev/.conf/dps_182/unbound.conf > /etc/unbound/unbound.conf.d/dietpi.conf
G_CONFIG_INJECT 'port:[[:blank:]]' ' port: 5335' /etc/unbound/unbound.conf.d/dietpi.conf
G_CONFIG_INJECT 'interface:[[:blank:]]' ' interface: 127.0.0.1' /etc/unbound/unbound.conf.d/dietpi.conf
G_CONFIG_INJECT 'do-ip6:[[:blank:]]' ' do-ip6: no' /etc/unbound/unbound.conf.d/dietpi.confis that correct? curl -#
MichaIng
commented
3 years ago -# option reduces the fully fledged progress meter into a one-liner bar, sufficient for such a small text file.
MichaIng
commented
3 years ago Whoospie, sorry wrong branch, just updated it above 😉.
jeroen1973
commented
3 years ago thank you for helping out, but with the (updated) commands it still fails to install....
MichaIng
commented
3 years ago Please run again the commands and assure no errors happen, as obviously it did not work, as you still use the old configuration file. Check back with cat /etc/unbound/unbound.conf.d/dietpi.conf, which should look similar to that one, with just the settings from the other three commands adjusted: https://raw.githubusercontent.com/MichaIng/DietPi/unbound/.conf/dps_182/unbound.conf
jeroen1973
commented
3 years ago Looks like the installation now worked and unbound is running. I put 127.0.0.1#5335 in the Pi-hole upstream dnsserver.
When in then test with "dig pi-hole.net @127.0.0.1 -p 5335" the outcome is: connection timed out; no servers could be reached
jeroen1973
commented
3 years ago i give up, ditching dietpi and starting over with clean install Raspbian
jeroen1973
commented
3 years ago thanks for the help
Joulinar
commented
3 years ago You could check LISTEN ports. Probably it's running on a different one ss -alnp | grep LISTEN. As well Unbound could be listening to localhost only and is not accepting request from network interface.
MichaIng
commented
3 years ago I guess there is a conflicting configuration file in place somewhere, maybe you tried another solutions from Pi-hole side?
There should be four configuration files:
/etc/unbound/unbound.conf must contain nothing else than including the files from /etc/unbound/unbound.conf.d./etc/unbound/unbound.conf.d/qname-minimisation.conf privacy-related snipped, shipped with the Debian package itself./etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf snipped for DNSSEC validation, shipped with the Debian package itself./etc/unbound/unbound.conf.d/dietpi.conf our main configuration, configured for Pi-hole as above: https://github.com/MichaIng/DietPi/issues/4026#issuecomment-753464752No other file should exist.
Following the Pi-hole guide the only difference would be that our dietpi-conf is/must be replaced with pi-hole.conf taken from here: https://docs.pi-hole.net/guides/unbound/#configure-unbound
Taking into account the defaults, it mostly matches ours, but misses the access limitation to local networks. But that is only relevant when using it directly, not when using it in combination with Pi-hole, as then it is bond to the loopback IP where only services from the same machine can access. I didn't think about hat when thinking that 10.19.19.0/24 network might be the issue 😉.
xczh
commented
3 years ago Same issue. It seems a bug. Is there any solution? @Joulinar
My environment is a new installation of dietpi, no other changes. Failed to install unbound from dietpi-software.
Joulinar
commented
3 years ago There a couple of solutions. But first we would need to know what your issue is exactly
xczh
commented
3 years ago Job for unbound.service failed because the control process exited with error code.
See "systemctl status unbound.service" and "journalctl -xe" for details.[FAILED] DietPi-Software | Unable to continue, DietPi-Software will now terminate.
Joulinar
commented
3 years ago Pls can you share journalctl -u unbound
xczh
commented
3 years ago Jan 17 00:09:01 DietPi systemd[1]: Starting Unbound DNS server... Jan 17 00:09:01 DietPi package-helper[1593]: /etc/unbound/unbound.conf.d/dietpi.conf:74: error: expected deny, refuse, deny_non_local, refuse_non_local, allow, allow_setrd or allow_snoop in access control action Jan 17 00:09:01 DietPi package-helper[1593]: /etc/unbound/unbound.conf.d/dietpi.conf:75: error: unknown keyword '192.168.4.0/24' Jan 17 00:09:01 DietPi package-helper[1593]: /etc/unbound/unbound.conf.d/dietpi.conf:75: error: unknown keyword 'allow' Jan 17 00:09:01 DietPi package-helper[1593]: read /etc/unbound/unbound.conf failed: 3 errors in configuration file Jan 17 00:09:01 DietPi package-helper[1596]: /etc/unbound/unbound.conf.d/dietpi.conf:74: error: expected deny, refuse, deny_non_local, refuse_non_local, allow, allow_setrd or allow_snoop in access control action Jan 17 00:09:01 DietPi package-helper[1596]: /etc/unbound/unbound.conf.d/dietpi.conf:75: error: unknown keyword '192.168.4.0/24' Jan 17 00:09:01 DietPi package-helper[1596]: /etc/unbound/unbound.conf.d/dietpi.conf:75: error: unknown keyword 'allow' Jan 17 00:09:01 DietPi package-helper[1596]: read /etc/unbound/unbound.conf failed: 3 errors in configuration file Jan 17 00:09:01 DietPi unbound[1599]: /etc/unbound/unbound.conf.d/dietpi.conf:74: error: expected deny, refuse, deny_non_local, refuse_non_local, allow, allow_setrd or allow_snoop in access control action Jan 17 00:09:01 DietPi unbound[1599]: /etc/unbound/unbound.conf.d/dietpi.conf:75: error: unknown keyword '192.168.4.0/24' Jan 17 00:09:01 DietPi unbound[1599]: /etc/unbound/unbound.conf.d/dietpi.conf:75: error: unknown keyword 'allow' Jan 17 00:09:01 DietPi unbound[1599]: read /etc/unbound/unbound.conf failed: 3 errors in configuration file Jan 17 00:09:01 DietPi unbound[1599]: [1610813341] unbound[1599:0] fatal error: Could not read config file: /etc/unbound/unbound.conf. Maybe try unbound -dd, it stays on the commandline to see more errors, or unbound-checkconf Jan 17 00:09:01 DietPi systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE Jan 17 00:09:01 DietPi systemd[1]: unbound.service: Failed with result 'exit-code'. Jan 17 00:09:01 DietPi systemd[1]: Failed to start Unbound DNS server. Jan 17 00:09:02 DietPi systemd[1]: unbound.service: Service RestartSec=100ms expired, scheduling restart. Jan 17 00:09:02 DietPi systemd[1]: unbound.service: Scheduled restart job, restart counter is at 5. Jan 17 00:09:02 DietPi systemd[1]: Stopped Unbound DNS server. Jan 17 00:09:02 DietPi systemd[1]: unbound.service: Start request repeated too quickly. Jan 17 00:09:02 DietPi systemd[1]: unbound.service: Failed with result 'exit-code'. Jan 17 00:09:02 DietPi systemd[1]: Failed to start Unbound DNS server.
ravenclaw900
commented
3 years ago What is the contents of your unbound configuration file? cat /etc/unbound/unbound.conf.d/dietpi.conf
xczh
commented
3 years ago server:
verbosity: 0
interface: 0.0.0.0
port: 53
do-ip4: yes
do-udp: yes
do-tcp: yes
do-ip6: yes
prefer-ip6: no
root-hints: "/var/lib/unbound/root.hints"
harden-glue: yes
harden-large-queries: yes
harden-dnssec-stripped: yes
use-caps-for-id: yes
edns-buffer-size: 1472
rrset-roundrobin: yes
cache-min-ttl: 300
cache-max-ttl: 86400
serve-expired: yes
harden-algo-downgrade: yes
harden-short-bufsize: yes
hide-identity: yes
identity: "Server"
hide-version: yes
do-daemonize: no
neg-cache-size: 4M
qname-minimisation: yes
minimal-responses: yes
prefetch: yes
prefetch-key: yes
num-threads: 1
msg-cache-size: 50m
rrset-cache-size: 100m
so-reuseport: yes
so-rcvbuf: 4m
so-sndbuf: 4m
unwanted-reply-threshold: 10000
ratelimit: 1000
log-queries: no
log-replies: no
logfile: ''
access-control: 0.0.0.0/0 refuse
access-control: 127.0.0.1 allow
access-control: 192.168.1
192.168.1
192.168.4.0/24 allow
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
private-address: 172.16.0.0/12
private-address: 10.0.0.0/8
private-address: fd00::/8
private-address: fe80::/10This is generated automatically and I haven't edited it.
xczh
commented
3 years ago Maybe, this line is incorrect. On my machine, its execution result is:
192.168.1
192.168.1
192.168.4@Joulinar @ravenclaw900
ravenclaw900
commented
3 years ago That is the problem. Does your Pi have more than 1 IP address (and why)? If so, do you want to use the 192.168.1 subnet or the 192.168.4 subnet?
xczh
commented
3 years ago I do have more than one IP address. Even so, it gets the wrong subnet. Actually, my subnet is 192.168.137.0/24.
I manually modified the correct subnet and rerun the diet-software. The problem has been solved, thanks!
Do you need me to make a PR?
Joulinar
commented
3 years ago it's up to @MichaIng if he like to support this
ravenclaw900
commented
3 years ago Ah, it seems that it only grabbed the first digit of 137. No need to make a PR, there are many enhancements for Unbound planned in 6.35, and this is already fixed there (using 192.168.0.0/16 to support all 192.168 subnets instead of getting the specific one).
MichaIng
commented
3 years ago With next version we have that hostname IP specific entry removed and allow all IP ranges that are reserved for private networks instead. That check had also the issue that it allows 192.168.X IPs only while there are a few other ranges common and reserved for LANs. Please use this one:
curl -sSfL https://raw.githubusercontent.com/MichaIng/DietPi/dev/.conf/dps_182/unbound.conf -o /etc/unbound/unbound.conf.d/dietpi.conf
systemctl restart unbound
burstina
commented
3 years ago hello, same here, I copy-paste systemctl status unbound.service output too.
have fun
--------------------------------------------------------------------
- DietPi has encountered an error -
- Please create a ticket: https://github.com/MichaIng/DietPi/issues -
- Copy and paste only the BLUE lines below into the ticket -
---------------------------------------------------------------------
#### Details:
- Date | Sun Jan 17 19:20:19 GMT 2021
- Bug report | 9acbdc7e-42d5-4261-bb34-f10c6125197d
- DietPi version | v6.34.3 (MichaIng/master)
- Image creator | StephanStS
- Pre-image | Armbian
- Hardware | NanoPi NEO3 (aarch64) (ID=56)
- Kernel version | Linux DietPi 5.9.14-rockchip64 #20.11.4 SMP PREEMPT Tue Dec 15 08:52:20 CET 2020 aarch64 GNU/Linux
- Distro | buster (ID=5)
- Command | systemctl restart unbound
- Exit code | 1
- Software title | DietPi-Software
#### Steps to reproduce:
<!-- Explain how to reproduce the issue -->
1. ...
2. ...
#### Expected behaviour:
<!-- What SHOULD happen? -->
- ...
#### Actual behaviour:
<!-- What IS happening? -->
- ...
#### Extra details:
<!-- Please post any extra details that might help solve the issue -->
- ...
#### Additional logs:
Job for unbound.service failed because the control process exited with error code.
See "systemctl status unbound.service" and "journalctl -xe" for details.root@DietPi:/tmp/DietPi-Software# systemctl status unbound.service
● unbound.service - Unbound DNS server
Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sun 2021-01-17 19:22:47 GMT; 10s ago
Docs: man:unbound(8)
Process: 4957 ExecStartPre=/usr/lib/unbound/package-helper chroot_setup (code=exited, status=1/FAILURE)
Process: 4960 ExecStartPre=/usr/lib/unbound/package-helper root_trust_anchor_update (code=exited, status=1/FAILURE)
Process: 4963 ExecStart=/usr/sbin/unbound -d $DAEMON_OPTS (code=exited, status=1/FAILURE)
Main PID: 4963 (code=exited, status=1/FAILURE)
Jan 17 19:22:47 DietPi systemd[1]: unbound.service: Service RestartSec=100ms expired, scheduling restart.
Jan 17 19:22:47 DietPi systemd[1]: unbound.service: Scheduled restart job, restart counter is at 5.
Jan 17 19:22:47 DietPi systemd[1]: Stopped Unbound DNS server.
**Jan 17 19:22:47 DietPi systemd[1]: unbound.service: Start request repeated too quickly.
Jan 17 19:22:47 DietPi systemd[1]: unbound.service: Failed with result 'exit-code'.**
Jan 17 19:22:47 DietPi systemd[1]: Failed to start Unbound DNS server.Pls can you share journalctl -u unbound
burstina
commented
3 years ago sure, but I think it is incomplete:
Admin EDIT: Log moved to next post as it's quite long.
Joulinar
commented
3 years ago journalctl -u unbound for @burstina
Joulinar
commented
3 years ago @burstina
do you like to use PiHole in addition or just Unbound? If it is Unbound only, you could download our new config file
curl -sSfL https://raw.githubusercontent.com/MichaIng/DietPi/dev/.conf/dps_182/unbound.conf -o /etc/unbound/unbound.conf.d/dietpi.conf
systemctl restart unboundthanks for the advice, the true is I don't know both 😄 I begun learning linux just some months ago and I'm triying to building up a 4G gateway from scratch. Atm I turned to dnsmasq and it was helpful to achieve the result, the best solution should be a web interface: Does PiHole allow web interface?
thanks
Da: Joulinar notifications@github.com Inviato: domenica 17 gennaio 2021 21:58 A: MichaIng/DietPi DietPi@noreply.github.com Cc: burstina burstina@hotmail.com; Mention mention@noreply.github.com Oggetto: Re: [MichaIng/DietPi] Unbound install fails on dietpi v6.34.3 (#4026)
@burstinahttps://github.com/burstina do you like to use PiHole in addition or just Unbound? If it is Unbound only, you could download our new config file
curl -sSfL https://raw.githubusercontent.com/MichaIng/DietPi/dev/.conf/dps_182/unbound.conf -o /etc/unbound/unbound.conf.d/dietpi.conf systemctl restart unbound
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/MichaIng/DietPi/issues/4026#issuecomment-761878950, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ALJ73WEUOXWIPRFBJQHJUO3S2NFQBANCNFSM4VOO2UTA.
Joulinar
commented
3 years ago ahm PiHole has an own web interface
burstina
commented
3 years ago then I'm interested! Thanks a lot
Da: Joulinar notifications@github.com Inviato: martedì 19 gennaio 2021 14:40 A: MichaIng/DietPi DietPi@noreply.github.com Cc: burstina burstina@hotmail.com; Mention mention@noreply.github.com Oggetto: Re: [MichaIng/DietPi] Unbound install fails on dietpi v6.34.3 (#4026)
ahm PiHole has an own web interface
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/MichaIng/DietPi/issues/4026#issuecomment-762845374, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ALJ73WBIZXRQ5FYM5KKUS2DS2WDWJANCNFSM4VOO2UTA.
Joulinar
commented
3 years ago I would recommend following
unboundunbound)unbound as we will deliver quite some fixes on this releaseMichaIng
commented
3 years ago It's not too difficult to apply these changes directly, with and without Pi-hole: https://github.com/MichaIng/DietPi/issues/4026#issuecomment-753464752
burstina
commented
3 years ago Ok, I tried PiHole, but PiHole itself tried to install Unbound and got the same error, even after curl -sSfL https://raw.githubusercontent.com/MichaIng/DietPi/dev/.conf/dps_182/unbound.conf -o /etc/unbound/unbound.conf.d/dietpi.conf systemctl restart unbound
Joulinar
commented
3 years ago if you install PiHole, you get a dialog asking if you like to install Unbound as well. There you need to decline. Otherwise , yes Unbound will be installed as well.
burstina
commented
3 years ago if you install PiHole, you get a dialog asking if you like to install Unbound as well. There you need to decline. Otherwise , yes Unbound will be installed as well.
@MichaIng maybe we would need to switch option to make unbound op-in instead of opt-out
ah, ok, sorry I didnt noticed it was Unbound to be asked for. Sorry I'm a bit dyslexic and console font is a bit of aproblem. thanks again
Joulinar
commented
3 years ago no problem, we are here to help
MichaIng
commented
3 years ago I mark this as closed. Feel free to reopen if required.
When i try to install Unbound on dietpi via the diepti-software command it fails with this error
DietPi-Software ───────────────────────────────────────────────────── Mode: Configuring Unbound: validating, recursive, caching DNS resolver
[ OK ] DietPi-Software | Checking URL: https://www.internic.net/domain/named.root [ OK ] DietPi-Software | cd /tmp/DietPi-Software [ OK ] DietPi-Software | curl -sSfL https://www.internic.net/domain/named.root -o named.root [ OK ] DietPi-Software | Verifying download target: /var/lib/unbound/root.hints [ INFO ] DietPi-Software | Updating file: /var/lib/unbound/root.hints [ OK ] DietPi-Software | mv named.root /var/lib/unbound/root.hints [ OK ] DietPi-Software | Setting in /etc/unbound/unbound.conf.d/dietpi.conf adjusted: do-ip6: no [ INFO ] DietPi-Software | Configuring Unbound to work with Pi-hole [ OK ] DietPi-Software | Desired setting in /etc/pihole/setupVars.conf was already set: PIHOLE_DNS_1=127.0.0.1#5353 [ OK ] DietPi-Software | Desired setting in /etc/pihole/setupVars.conf was already set: PIHOLE_DNS_2= [FAILED] DietPi-Software | systemctl restart unbound [FAILED] DietPi-Software | systemctl restart unbound
Copy and paste only the BLUE lines below into the ticket -
Details:
Steps to reproduce:
Expected behaviour:
Actual behaviour:
Extra details:
Additional logs:
[FAILED] DietPi-Software | Unable to continue, DietPi-Software will now terminate.
root@DietPi:~#