Pihole Unbound install documentation has location of (unbound) pihole.conf wrong.

[brianread108]

Versions

[root@pihole ~]# pihole -v
Pi-hole version is v5.2.4 (Latest: v5.2.4)
AdminLTE version is v5.3.2 (Latest: v5.3.2)
FTL version is v5.6 (Latest: v5.6)
[root@pihole ~]#

Platform

Centos 7 LXC container.

Expected behavior

Unbound will work.

Actual behavior / bug

Unbound Fails to startup:

Feb 02 18:24:11 pihole systemd[1]: Started Unbound recursive Domain Name Server.
Feb 02 18:24:11 pihole unbound[449]: [1612290251] unbound[449:0] notice: Start of unbound 1.6.6.
Feb 02 18:24:11 pihole unbound[449]: Feb 02 18:24:11 unbound[449:0] debug: increased limit(open files) from 1024 to 16566
Feb 02 18:24:11 pihole unbound[449]: Feb 02 18:24:11 unbound[449:0] debug: creating udp6 socket ::1 53
Feb 02 18:24:11 pihole unbound[449]: Feb 02 18:24:11 unbound[449:0] debug: creating tcp6 socket ::1 53
Feb 02 18:24:11 pihole unbound[449]: Feb 02 18:24:11 unbound[449:0] error: can't bind socket: Address already in use for ::1 port 53 (len 28)
Feb 02 18:24:11 pihole unbound[449]: Feb 02 18:24:11 unbound[449:0] fatal error: could not open ports
Feb 02 18:24:11 pihole systemd[1]: unbound.service: main process exited, code=exited, status=1/FAILURE
Feb 02 18:24:11 pihole systemd[1]: Unit unbound.service entered failed state.
Feb 02 18:24:11 pihole systemd[1]: unbound.service failed.

[

Steps to reproduce

systemctl start unbound

Additional context

Used:
https://docs.pi-hole.net/guides/dns/unbound/
To install unbound.

Loaded pihole.conf into /etc/unbound/unbound.conf.d/pihole.conf as per docs

Should be:

/etc/unbound/conf.d/pihole.conf

[yubiuser]

Why do you think it is a problem of the location of the conf file?
Unbound errors because it can't bind to port 53
can't bind socket: Address already in use for ::1 port 53 (len 28)

[brianread108]

See my thread here: NLnetLabs/unbound#416

To summarise; Beecause of the incorrect directory Unbound activates on the default unbound.conf withouth applying the override pihiole.conf. Consequently it hooks onto port 53 which is the default and overriden in the pihole.conf.

[DL6ER]

Well, in my eyes the documentation is correct. However, this may depend on the version of Unbound.

On my system, I have

$ ls -l /etc/unbound/
total 24
-rw-r--r-- 1 root root  332 Aug 27  2018 unbound.conf
drwxr-xr-x 2 root root 4096 Feb  5 09:43 unbound.conf.d
-rw------- 1 root root 2459 Dec  4  2019 unbound_control.key
-rw-r----- 1 root root 1342 Dec  4  2019 unbound_control.pem
-rw------- 1 root root 2455 Dec  4  2019 unbound_server.key
-rw-r----- 1 root root 1334 Dec  4  2019 unbound_server.pem

with

$ ls -l /etc/unbound/unbound.conf.d/
total 12
-rw-r--r-- 1 root root 1717 Dec 24 13:51 pi-hole.conf
-rw-r--r-- 1 root root  302 Aug 27  2018 qname-minimisation.conf
-rw-r--r-- 1 root root  190 Aug 27  2018 root-auto-trust-anchor-file.conf

so as the docs say.

The critical part is that the right directory is sourced here:

$ cat /etc/unbound/unbound.conf
# Unbound configuration file for Debian.
#
# See the unbound.conf(5) man page.
#
# See /usr/share/doc/unbound/examples/unbound.conf for a commented
# reference config file.
#
# The following line includes additional configuration files from the
# /etc/unbound/unbound.conf.d directory.
include: "/etc/unbound/unbound.conf.d/*.conf"

So when I installed unbound a few years ago, that location was correct, it seems?

@brianread108 I left a comment on your unbound issue ticket, please re-open it so they'll see it.

[DL6ER]

Addendum: I have version unbound 1.9.6 but my system is Ubuntu 20.04 (and was upgraded from 18.04) so the initial configuration has been done with an older version.

[brianread108]

The include entry in the default conf file /etc/unbound/unbound.conf shows conf.d

[root@pihole ~]# cat /etc/unbound/unbound.conf | grep conf.d
include: /etc/unbound/conf.d/*.conf
[root@pihole ~]# unbound -v
[1612542986] unbound[4206:0] notice: Start of unbound 1.6.6.

As you can see I am using unbound 1.6.6, which was loaded from Centos 7 rpm:

[root@pihole ~]# rpm -qa | grep unbound
unbound-libs-1.6.6-5.el7_8.x86_64
unbound-1.6.6-5.el7_8.x86_64
[root@pihole ~]#

Clearly you are somewhat ahead of me in unbound versions, perhaps the rules have changed, with Centos 7 some way behind.

[DL6ER]

When I first installed it on 18.04, I had 1.6.7 so I guess it is rather a distro difference. Debian (and Raspbian by inheritance) seems just the more widely used system among our userbase and hence this didn't come up before.

So we should add a small paragraph that you should check the real contents of uncound.conf to see where to store the files to. Yet, I don't think the path where I (and many others) have the file in is wrong per-se. I'm still sorry for the confusion this guide caused but I have never tried to install unbound on Fedora/CentOS (I only used Fedora as front-end system myself but never as servers).

[brianread108]

No problem - glad we got it understood (and thanks for the help). I'll leave the issue open until the doc is changed.