Closed update-freak closed 4 months ago
Hi and thanks for reaching out to me.
Why do you want to mount the iana.d
folder? It's not recommended to map this volume:
The "internic" files are downloaded at buildtime, the only reason to connect this volume would be manually updating these files. If you manually copied the files into the folder for a reason, just correct ownership and permissions. Anyway, you shouldn't need this mapping at all.
Edit: Yeah, that folder is still mapped in the examples, will fix that fixed.
One more thing: you only need to connect the folders if you want to use splitted configs or need the log. The image also runs fine without. In this case, only your customized unbound.conf needs to be mapped, if necessary at all. The image is already adapted to recursive
mode, some say "hyperlocal" and has various optimizations for performance and security already.
thank you very much for the info. I removed now the volumes-part in the docker compose. Now it works, but I get this warning. Is there an additional step necessary to solve this warning?
Apr 26 15:11:06 unbound[1:0] notice: init module 0: validator Apr 26 15:11:06 unbound[1:0] notice: init module 1: iterator Apr 26 15:11:06 unbound[1:0] warning: auth zone .: ZONEMD verification failed: verify DNSKEY RRset with trust anchor failed Apr 26 15:11:06 unbound[1:0] info: start of service (unbound 1.19.3). Apr 26 15:11:12 unbound[1:0] info: generate keytag query _ta-4f66. NULL IN
Did you completely down and up the compose stack docker-compose down && docker-compose up -d
? If it still shows this warning, I'd need your unbound config(s) then please. Thank you.
I used portainer to create a stack and used the docker compose file from above but without the volumes. So I also did not specify a dedicated conf-file (and using the default)
OK, then please mount the iana.d
folder again (sorry) and put the fresh downloaded root files (iana.org
root.key
and root.zone
) in there.
You'll surely need to correct ownership and the permissions afterwards using chown -R YourUNBOUND_UID:YourUNBOUND_GID /VOLUME1/.../YourUnboundFolder
and chmod -r 770 /VOLUME1/.../YourUnboundFolder
(sudo
may apply).
You maybe also need to set additional permissions via Synology File Manager or Windows ACLs on your Unbound share.
Thank you.
now it works without an error/warning in the log.
What I did:
Thank you for your help and this great docker image! From my side we can close this ticket.
It was a pleasure to me. Thanks for choosing my image, glad it works for you! If there's anything else, feel free to reopen the issue or to file a new one.
Cheers.
Describe the bug The docker container dont start. Details below. Here the files to reproduce: unbound.zip
To Reproduce Steps to reproduce the behavior:
Unbound
127.0.0.1:5355
Expected behavior Container starts
Screenshots But I got this error:
could not write builtin anchor, to file /usr/local/unbound/iana.d/root.key: Permission denied [1714068106] libunbound[7:0] error: unable to open /usr/local/unbound/iana.d/root.key for reading: No such file or directory [1714068106] libunbound[7:0] error: error reading auto-trust-anchor-file: /usr/local/unbound/iana.d/root.key [1714068106] libunbound[7:0] error: validator: error in trustanchors config [1714068106] libunbound[7:0] error: validator: could not apply configuration settings. [1714068106] libunbound[7:0] error: module init for module validator failed Apr 25 20:01:46 unbound[1:0] notice: init module 0: validator Apr 25 20:01:46 unbound[1:0] notice: init module 1: iterator Apr 25 20:01:47 unbound[1:0] info: start of service (unbound 1.19.3).
Without the volumes in the docker-compose the docker container can start.
Please complete the following information:
Additional context asked the question also here: https://www.synology-forum.de/threads/best-practice-adguard-home-unbound-als-dns-server.127983/page-15