Open eloyaldea opened 3 years ago
wcawijngaards
commented
3 years ago So the error is prints is that it cannot open the port number because there is already another server running on that port number. Unbound then exits with the fatal error. This means that unbound is not running on your system. The responses you get must be from another piece of software.
eloyaldea
commented
3 years ago Mmmm I don't know what to respond, this is a Raspberry that I only use it for Pi-Hole so I don't know what could be causing the issue. Maybe it's because I'm having an ssh session into the Raspberry from my computer? I don't know what steps I could follow to solve this.
wcawijngaards
commented
3 years ago Is the output that you quoted from the unbound -V? In that case what you are missing out on is the log messages from unbound. These are sent to syslog. You can also edit unbound.conf to send them to a file so you can find them. You can also increase the verbosity: value, to say, about 4. That logs a lot more details about what is going on. Then you look for why the servfail is happening, likely something to do with not being able to contact the network, since you already ruled out DNSSEC as a cause.
crowdh
commented
1 year ago Hi, reviving an old archive. As the dude said. < Test validation¶ You can test DNSSEC validation using dig fail01.dnssec.works @127.0.0.1 -p 5335 dig dnssec.works @127.0.0.1 -p 5335
For me it returns : dig fail01.dnssec.works @127.0.0.1 -p 5335
; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> fail01.dnssec.works @127.0.0.1 -p 5335 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 23012 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;fail01.dnssec.works. IN A
;; Query time: 0 msec ;; SERVER: 127.0.0.1#5335(127.0.0.1) (UDP) ;; WHEN: Sat Dec 17 21:04:43 EST 2022 ;; MSG SIZE rcvd: 48
&&
dig dnssec.works @127.0.0.1 -p 5335
; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> dnssec.works @127.0.0.1 -p 5335 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52638 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;dnssec.works. IN A
;; ANSWER SECTION: dnssec.works. 3592 IN A 5.45.107.88
;; Query time: 0 msec ;; SERVER: 127.0.0.1#5335(127.0.0.1) (UDP) ;; WHEN: Sat Dec 17 21:04:48 EST 2022 ;; MSG SIZE rcvd: 57
So if i understand everything should be fine. I also follow his steps.
And I also read somewhere a way to test on the web.
use this link to test your setup!.
https://d3ward.github.io/toolz/adblock.html
Hope it help... since I have the same issue.
Describe the bug Trying to set up
unboundto use with Pi-Hole (following this guide), the test validation commands both give the status report ofSERVFAIL, makingunboundnot work.To reproduce Steps to reproduce the behavior: (These are the commands from the guide of course)
unboundwithsudo apt install unbound/etc/unbound/unbound.conf.d/pi-hole.confwithsudo nano /etc/unbound/unbound.conf.d/pi-hole.confunboundwithsudo service unbound restartand test first withdig pi-hole.net @127.0.0.1 -p 5335dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5335anddig sigok.verteiltesysteme.net @127.0.0.1 -p 5335Expected behavior The command
dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5335should report a status ofSERVFAIL, which it does; but the commanddig sigok.verteiltesysteme.net @127.0.0.1 -p 5335should report a status ofNOERRORwhich it doesn't, it also shows aSERVFAILlike the first command.System:
unbound -Voutput:Additional information Hi! I'm currently running Pi-Hole inside a RaspbianOS on a Raspberry 3 and it's running fine. I wanted to take the next step and running Pi-Hole with
unboundusing this guide from the Pi-Hole website. Unfortunatelly as shown aboveunbounddoesn't pass the validation test as it reportsSERVFAILwith every domain you try to enter. I have tried withDNSSECenabeld and disabled and it doesn't make a difference.