Open eloyaldea opened 3 years ago
So the error is prints is that it cannot open the port number because there is already another server running on that port number. Unbound then exits with the fatal error. This means that unbound is not running on your system. The responses you get must be from another piece of software.
Mmmm I don't know what to respond, this is a Raspberry that I only use it for Pi-Hole so I don't know what could be causing the issue. Maybe it's because I'm having an ssh session into the Raspberry from my computer? I don't know what steps I could follow to solve this.
Is the output that you quoted from the unbound -V? In that case what you are missing out on is the log messages from unbound. These are sent to syslog. You can also edit unbound.conf to send them to a file so you can find them. You can also increase the verbosity: value, to say, about 4. That logs a lot more details about what is going on. Then you look for why the servfail is happening, likely something to do with not being able to contact the network, since you already ruled out DNSSEC as a cause.
Hi, reviving an old archive. As the dude said. < Test validation¶ You can test DNSSEC validation using dig fail01.dnssec.works @127.0.0.1 -p 5335 dig dnssec.works @127.0.0.1 -p 5335
For me it returns : dig fail01.dnssec.works @127.0.0.1 -p 5335
; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> fail01.dnssec.works @127.0.0.1 -p 5335 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 23012 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;fail01.dnssec.works. IN A
;; Query time: 0 msec ;; SERVER: 127.0.0.1#5335(127.0.0.1) (UDP) ;; WHEN: Sat Dec 17 21:04:43 EST 2022 ;; MSG SIZE rcvd: 48
&&
dig dnssec.works @127.0.0.1 -p 5335
; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> dnssec.works @127.0.0.1 -p 5335 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52638 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;dnssec.works. IN A
;; ANSWER SECTION: dnssec.works. 3592 IN A 5.45.107.88
;; Query time: 0 msec ;; SERVER: 127.0.0.1#5335(127.0.0.1) (UDP) ;; WHEN: Sat Dec 17 21:04:48 EST 2022 ;; MSG SIZE rcvd: 57
So if i understand everything should be fine. I also follow his steps.
And I also read somewhere a way to test on the web. use this link to test your setup!. https://d3ward.github.io/toolz/adblock.html
Hope it help... since I have the same issue.
Describe the bug Trying to set up
unbound
to use with Pi-Hole (following this guide), the test validation commands both give the status report ofSERVFAIL
, makingunbound
not work.To reproduce Steps to reproduce the behavior: (These are the commands from the guide of course)
unbound
withsudo apt install unbound
/etc/unbound/unbound.conf.d/pi-hole.conf
withsudo nano /etc/unbound/unbound.conf.d/pi-hole.conf
unbound
withsudo service unbound restart
and test first withdig pi-hole.net @127.0.0.1 -p 5335
dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5335
anddig sigok.verteiltesysteme.net @127.0.0.1 -p 5335
Expected behavior The command
dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5335
should report a status ofSERVFAIL
, which it does; but the commanddig sigok.verteiltesysteme.net @127.0.0.1 -p 5335
should report a status ofNOERROR
which it doesn't, it also shows aSERVFAIL
like the first command.System:
unbound -V
output:Additional information Hi! I'm currently running Pi-Hole inside a RaspbianOS on a Raspberry 3 and it's running fine. I wanted to take the next step and running Pi-Hole with
unbound
using this guide from the Pi-Hole website. Unfortunatelly as shown aboveunbound
doesn't pass the validation test as it reportsSERVFAIL
with every domain you try to enter. I have tried withDNSSEC
enabeld and disabled and it doesn't make a difference.