search

pi-hole / docs

The official Pi-hole documentation
https://docs.pi-hole.net/
Creative Commons Attribution Share Alike 4.0 International
200 stars 206 forks source link

Pihole Unbound install documentation has location of (unbound) pihole.conf wrong. #470

Open brianread108 opened 3 years ago

brianread108 commented 3 years ago

Versions

[root@pihole ~]# pihole -v Pi-hole version is v5.2.4 (Latest: v5.2.4) AdminLTE version is v5.3.2 (Latest: v5.3.2) FTL version is v5.6 (Latest: v5.6) [root@pihole ~]#

Platform

Centos 7 LXC container.

Expected behavior

Unbound will work.

Actual behavior / bug

Unbound Fails to startup:


Feb 02 18:24:11 pihole systemd[1]: Started Unbound recursive Domain Name Server.
Feb 02 18:24:11 pihole unbound[449]: [1612290251] unbound[449:0] notice: Start of unbound 1.6.6.
Feb 02 18:24:11 pihole unbound[449]: Feb 02 18:24:11 unbound[449:0] debug: increased limit(open files) from 1024 to 16566
Feb 02 18:24:11 pihole unbound[449]: Feb 02 18:24:11 unbound[449:0] debug: creating udp6 socket ::1 53
Feb 02 18:24:11 pihole unbound[449]: Feb 02 18:24:11 unbound[449:0] debug: creating tcp6 socket ::1 53
Feb 02 18:24:11 pihole unbound[449]: Feb 02 18:24:11 unbound[449:0] error: can't bind socket: Address already in use for ::1 port 53 (len 28)
Feb 02 18:24:11 pihole unbound[449]: Feb 02 18:24:11 unbound[449:0] fatal error: could not open ports
Feb 02 18:24:11 pihole systemd[1]: unbound.service: main process exited, code=exited, status=1/FAILURE
Feb 02 18:24:11 pihole systemd[1]: Unit unbound.service entered failed state.
Feb 02 18:24:11 pihole systemd[1]: unbound.service failed.

[

Steps to reproduce

systemctl start unbound

Additional context

Used: https://docs.pi-hole.net/guides/dns/unbound/ To install unbound.

Loaded pihole.conf into /etc/unbound/unbound.conf.d/pihole.conf as per docs

Should be:

/etc/unbound/conf.d/pihole.conf

yubiuser commented 3 years ago

Why do you think it is a problem of the location of the conf file? Unbound errors because it can't bind to port 53 can't bind socket: Address already in use for ::1 port 53 (len 28)

brianread108 commented 3 years ago

See my thread here: https://github.com/NLnetLabs/unbound/issues/416

To summarise; Beecause of the incorrect directory Unbound activates on the default unbound.conf withouth applying the override pihiole.conf. Consequently it hooks onto port 53 which is the default and overriden in the pihole.conf.

DL6ER commented 3 years ago

Well, in my eyes the documentation is correct. However, this may depend on the version of Unbound.

On my system, I have

$ ls -l /etc/unbound/
total 24
-rw-r--r-- 1 root root  332 Aug 27  2018 unbound.conf
drwxr-xr-x 2 root root 4096 Feb  5 09:43 unbound.conf.d
-rw------- 1 root root 2459 Dec  4  2019 unbound_control.key
-rw-r----- 1 root root 1342 Dec  4  2019 unbound_control.pem
-rw------- 1 root root 2455 Dec  4  2019 unbound_server.key
-rw-r----- 1 root root 1334 Dec  4  2019 unbound_server.pem

with

$ ls -l /etc/unbound/unbound.conf.d/
total 12
-rw-r--r-- 1 root root 1717 Dec 24 13:51 pi-hole.conf
-rw-r--r-- 1 root root  302 Aug 27  2018 qname-minimisation.conf
-rw-r--r-- 1 root root  190 Aug 27  2018 root-auto-trust-anchor-file.conf

so as the docs say.

The critical part is that the right directory is sourced here:


$ cat /etc/unbound/unbound.conf
# Unbound configuration file for Debian.
#
# See the unbound.conf(5) man page.
#
# See /usr/share/doc/unbound/examples/unbound.conf for a commented
# reference config file.
#
# The following line includes additional configuration files from the
# /etc/unbound/unbound.conf.d directory.
include: "/etc/unbound/unbound.conf.d/*.conf"

So when I installed unbound a few years ago, that location was correct, it seems?

@brianread108 I left a comment on your unbound issue ticket, please re-open it so they'll see it.
DL6ER commented 3 years ago

Addendum: I have version unbound 1.9.6 but my system is Ubuntu 20.04 (and was upgraded from 18.04) so the initial configuration has been done with an older version.

brianread108 commented 3 years ago

The include entry in the default conf file /etc/unbound/unbound.conf shows conf.d

[root@pihole ~]# cat /etc/unbound/unbound.conf | grep conf.d include: /etc/unbound/conf.d/*.conf [root@pihole ~]# unbound -v [1612542986] unbound[4206:0] notice: Start of unbound 1.6.6.

As you can see I am using unbound 1.6.6, which was loaded from Centos 7 rpm:

[root@pihole ~]# rpm -qa | grep unbound unbound-libs-1.6.6-5.el7_8.x86_64 unbound-1.6.6-5.el7_8.x86_64 [root@pihole ~]#

Clearly you are somewhat ahead of me in unbound versions, perhaps the rules have changed, with Centos 7 some way behind.

DL6ER commented 3 years ago

When I first installed it on 18.04, I had 1.6.7 so I guess it is rather a distro difference. Debian (and Raspbian by inheritance) seems just the more widely used system among our userbase and hence this didn't come up before.

So we should add a small paragraph that you should check the real contents of uncound.conf to see where to store the files to. Yet, I don't think the path where I (and many others) have the file in is wrong per-se. I'm still sorry for the confusion this guide caused but I have never tried to install unbound on Fedora/CentOS (I only used Fedora as front-end system myself but never as servers).

brianread108 commented 3 years ago

No problem - glad we got it understood (and thanks for the help). I'll leave the issue open until the doc is changed.