Unbound doesnt start

Aeris asked:

after installing Unbound

apt-get -y install unbound dnsutils

su -c "unbound-anchor -a /var/lib/unbound/root.key" - unbound
systemctl reload unbound

apt-get -y install resolvconf
echo "nameserver 127.0.0.1" >> /etc/resolvconf/resolv.conf.d/head

I’m not able to start it properply:

[email protected]:~/asdf# service unbound status
● unbound.service - Unbound DNS server
   Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor preset: enabled)
   Active: activating (auto-restart) (Result: exit-code) since Fri 2017-12-29 13:59:49 CET; 81ms ago
     Docs: man:unbound(8)
  Process: 1676 ExecStart=/usr/sbin/unbound -d $DAEMON_OPTS (code=exited, status=1/FAILURE)
  Process: 1670 ExecStartPre=/usr/lib/unbound/package-helper root_trust_anchor_update (code=exited, status=0/SUCCESS)
  Process: 1665 ExecStartPre=/usr/lib/unbound/package-helper chroot_setup (code=exited, status=0/SUCCESS)
 Main PID: 1676 (code=exited, status=1/FAILURE)

Dec 29 13:59:49 mail systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE
Dec 29 13:59:49 mail systemd[1]: unbound.service: Unit entered failed state.
Dec 29 13:59:49 mail systemd[1]: unbound.service: Failed with result 'exit-code'.

Hosts file content:

127.0.0.1   localhost
127.0.1.1   mail.xyz.de  mail

::1         localhost ip6-localhost ip6-loopback
ff02::1     ip6-allnodes
ff02::2     ip6-allrouters

I’m really confused about that error.

Edit:
journalctl -xe output (shortened):

Dec 29 16:01:04 mail systemd[1]: unbound-resolvconf.service: Unit entered failed state.
Dec 29 16:01:04 mail systemd[1]: unbound-resolvconf.service: Failed with result 'start-limit-hit'.
Dec 29 16:01:04 mail unbound[59226]: [1514559664] unbound[59226:0] error: can't bind socket: Cannot assign requested address for ::1
Dec 29 16:01:04 mail unbound[59226]: [1514559664] unbound[59226:0] fatal error: could not open ports
Dec 29 16:01:04 mail systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE
Dec 29 16:01:04 mail systemd[1]: unbound.service: Unit entered failed state.
Dec 29 16:01:04 mail systemd[1]: unbound.service: Failed with result 'exit-code'.
Dec 29 16:01:04 mail systemd[1]: unbound-resolvconf.service: Start request repeated too quickly.
Dec 29 16:01:04 mail systemd[1]: Failed to start Unbound DNS server via resolvconf.
-- Subject: Unit unbound-resolvconf.service has failed

Edit 2: Arno Ip tables is also installed on the system!

Edit 3: Ipv6 is disabled, if this is related to the error.

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.ens3.disable_ipv6 = 1

Edit 4:
This is my /etc/unbound/unbound.conf after installing it via apt-get

# Unbound configuration file for Debian.
#
# See the unbound.conf(5) man page.
#
# See /usr/share/doc/unbound/examples/unbound.conf for a commented
# reference config file.
#
# The following line includes additional configuration files from the
# /etc/unbound/unbound.conf.d directory.
include: "/etc/unbound/unbound.conf.d/*.conf"

I changed it to:

server:
        interface: 127.0.0.1

include: "/etc/unbound/unbound.conf.d/*.conf"

But it doesnt work either :/

My answer:


The error messages show that having disabled IPv6 caused the problem.

Dec 29 16:01:04 mail unbound[59226]: [1514559664] unbound[59226:0] error: can't bind socket: Cannot assign requested address for ::1
Dec 29 16:01:04 mail unbound[59226]: [1514559664] unbound[59226:0] fatal error: could not open ports

IPv6 really isn’t optional anymore. It hasn’t been for a while. The best thing to do, of course, is to not disable IPv6 on the system.

If you can’t do that for some reason, then check your unbound.conf for interface and control-interface directives that specify IPv6 addresses and remove them. Note that the default for control-interface is to listen on both 127.0.0.1 and ::1, so you’ll have to specify it explicitly if you don’t want ::1.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.