<div dir="ltr"><div>Thanks, Daisuke.</div><div><br></div><div>However, I'm past that line. While I will change the settings as you kindly suggested (thank you for that), I'm encountering other issues which disable me from using Unbound.<br></div><div>I shot an email earlier today with the following:<br><br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><br></div><div><ol><li>Cannot open log file (despite it's configured in unbound.conf)</li><li>Cannot use the unbound-checkconf utility</li></ol><div>I provided a link to my config file at the bottom.</div><div>Appreciate your help!</div><div><br></div><div>Gil<br></div></div><div><br></div><div><br></div><div><span style="font-family:monospace"><span style="color:rgb(0,0,255)"><b>pi@raspberrypi:/etc/unbound $ sudo systemctl status unbound</b></span><br>● unbound.service - Unbound DNS resolver<br> Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor preset: enabled)<br> Active: active (running) since Fri 2021-01-01 10:44:56 AEDT; 19min ago<br> Process: 456 ExecStartPre=/usr/sbin/unbound-anchor -r /etc/unbound/root.hints -a /etc/unbound/root.key (code=exited, status=0/SUCCESS)<br> Main PID: 481 (unbound)<br> Tasks: 1 (limit: 2063)<br> CGroup: /system.slice/unbound.service<br> └─481 /usr/sbin/unbound -c /etc/unbound/unbound.conf -d<br><br>Jan 01 10:44:56 raspberrypi unbound-anchor[456]: [1609458296] libunbound[456:0] <span style="color:rgb(255,0,0)">error</span>: udp connect failed: Network is unreachable for 198.41.0.4 port 53<br>Jan 01 10:44:56 raspberrypi unbound-anchor[456]: [1609458296] libunbound[456:0] <span style="color:rgb(255,0,0)">error</span>: udp connect failed: Network is unreachable for 192.33.4.12 port 53<br>Jan 01 10:44:56 raspberrypi unbound-anchor[456]: [1609458296] libunbound[456:0] <span style="color:rgb(255,0,0)">error</span>: udp connect failed: Network is unreachable for 2001:dc3::35 port 53<br>Jan 01 10:44:56 raspberrypi unbound-anchor[456]: [1609458296] libunbound[456:0] <span style="color:rgb(255,0,0)">error</span>: udp connect failed: Network is unreachable for 2001:500:1::53 port 53<br>Jan 01 10:44:56 raspberrypi unbound-anchor[456]: [1609458296] libunbound[456:0] <span style="color:rgb(255,0,0)">error</span>: udp connect failed: Network is unreachable for 2001:500:9f::42 port 53<br>Jan 01 10:44:56 raspberrypi unbound-anchor[456]: [1609458296] libunbound[456:0] <span style="color:rgb(255,0,0)">error</span>: udp connect failed: Network is unreachable for 199.7.91.13 port 53<br>Jan 01 10:44:56 raspberrypi unbound[481]: [1609458296] unbound[481:0] <b><span style="color:rgb(255,0,0)">error</span>: Could not open logfile /var/log/unbound/unbound.log: No such file or directory</b><br>Jan 01 10:44:57 raspberrypi unbound[481]: [1609458297] unbound[481:0] notice: init module 0: validator<br>Jan 01 10:44:57 raspberrypi unbound[481]: [1609458297] unbound[481:0] notice: init module 1: iterator<br>Jan 01 10:44:57 raspberrypi unbound[481]: [1609458297] unbound[481:0] info: start of service (unbound 1.13.0).</span></div><div><span style="font-family:monospace"><br></span></div><div><span style="font-family:monospace"><span style="color:rgb(0,0,255)">pi@raspberrypi:/var/log/unbound $ ls</span><br>unbound.log</span></div><div><br></div><div><span style="color:rgb(0,0,255)">pi@raspberrypi:/etc/unbound $ unbound-checkconf /etc/unbound/unbound.conf</span><br>/etc/unbound/var/log/unbound: <b>No such file or directory</b><br>[1609459551] unbound-checkconf[1316:0] <span style="color:rgb(255,0,0)">fatal error</span>: logfile directory does not exist</div><div><br></div><div><span style="color:rgb(0,0,255)">pi@raspberrypi:/etc/unbound $ ls</span><br>root.hints
root.key root.zone unbound.conf unbound_control.key
unbound_control.pem unbound.log unbound.pid unbound_server.key
unbound_server.pem</div><div><br></div><div><b>unbound.conf</b> here -> <a href="https://pastebin.com/ZAUVFVEF" target="_blank">https://pastebin.com/ZAUVFVEF</a></div></blockquote><div><br></div><div>Any ideas what should I do? I'm really lost here and would like to keep using unbound.</div><div><br></div><div>Thanks in advance.<br></div>
</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, 1 Jan 2021 at 20:29, Daisuke HIGASHI <<a href="mailto:daisuke.higashi@gmail.com">daisuke.higashi@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi,<br>
<br>
".<a href="http://co.il" rel="noreferrer" target="_blank">co.il</a>" and ".il" (seemingly under DNSSEC algorithm rollover) have<br>
several errors. Current versions of Unbound in default configuration<br>
tolerate them, but in a specific configuration Unbound could make<br>
fatal errors.<br>
<br>
Assuming [1] is your configuration file, the offending line is:<br>
<br>
> harden-algo-downgrade: yes<br>
<br>
"harden-algo-downgrade: no" (this is the current default value) makes<br>
Unbound tolerant.<br>
<br>
[1] <a href="https://pastebin.com/ZAUVFVEF" rel="noreferrer" target="_blank">https://pastebin.com/ZAUVFVEF</a><br>
</blockquote></div>