Failed to start Unbound recursive Domain Name Server

idanka · June 10, 2019, 4:13pm

Hi!

Fedora unbound how does it exist? How to do unbound?

Failed to start Unbound recursive Domain Name Server

dnf install unbound
systemctl start unbound
Job for unbound.service failed because the control process exited with error code.
See "systemctl status unbound.service" and "journalctl -xe" for details.unbound-control status
[1560179858] unbound-control[10725:0] error: connect: Connection refused for 127.0.0.1 port 8953
unbound is stopped

unbound-checkconf
unbound-checkconf: no errors in /etc/unbound/unbound.conf

systemctl status unbound.service
● unbound.service - Unbound recursive Domain Name Server
   Loaded: loaded (/usr/lib/systemd/system/unbound.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Mon 2019-06-10 17:16:59 CEST; 1min 38s ago

systemd[1]: Starting Unbound recursive Domain Name Server...
unbound-checkconf[10633:0] error: unable to open /var/lib/unbound/root.key for reading: Permission denied
unbound-checkconf[10633]: [1560179819] unbound-checkconf[10633:0] error: error reading auto-trust-anchor-file: /var/lib/unbound/root.key
[10633]: [1560179819] unbound-checkconf[10633:0] error: validator: error in trustanchors config
unbound-checkconf[10633]: [1560179819] unbound-checkconf[10633:0] error: validator: could not apply configuration settings.
unbound-checkconf[10633]: [1560179819] unbound-checkconf[10633:0] fatal error: bad config for validator module
unbound-checkconf[10633]: warning: no search permission for one of the directories in path: /var/lib/unbound/root.key
systemd[1]: unbound.service: Control process exited, code=exited, status=1/FAILURE
systemd[1]: unbound.service: Failed with result 'exit-code'.
systemd[1]: Failed to start Unbound recursive Domain Name Server.

Thx!

philipishungry · June 10, 2019, 6:34pm

unbound-checkconf[10633:0] error: unable to open /var/lib/unbound/root.key for reading: Permission denied

The root key is stored in a file, /usr/local/etc/unbound/root.key. Unbound must be able to read and write it, to keep it up to date with the latest key(s). It must therefore reside within the chroot of unbound (if that is used). Access rights are world readable, user unbound write only. Use sudo -u unbound to start unbound-anchor so that the file owner is set to the unbound user (same username as daemon uses). You can put it somewhere else, accessible to the unbound daemon, such as /var/unbound or /etc. You need to pass this value to unbound-anchor (option -a file) and to unbound (auto-trust-anchor-file: “file” in unbound.conf).

idanka · June 11, 2019, 5:26pm

Thx philipishungry!
Work

Topic		Replies	Views
Bind permission denied even as root \| Unbound Ask Fedora selinux	5	2251	November 28, 2023
BIND no longer starting on boot with F37 Ask Fedora f37 , dns	6	1159	June 8, 2023
Do I need the unbound anchor service? Ask Fedora f31	2	5216	November 14, 2020
Unbound: recursion requested but not available Ask Fedora server	1	3858	July 25, 2023
Fedora 38 Bind new install not starting Ask Fedora f38 , server	13	1685	April 29, 2023

Failed to start Unbound recursive Domain Name Server

Related topics