Unbound won't listen on TLS port
Martin Weinelt
martin at darmstadt.freifunk.net
Wed Aug 21 18:07:58 UTC 2019
Hi,
I'm trying to get Unbound 1.9.0 on Debian 10 to provide a DoT interface
to clients on the LAN.
The configuration looks like so:
server:
interface: ::
interface: 0.0.0.0
interface: ::@853
interface: 0.0.0.0 at 853
port: 53
tls-port: 853
interface-automatic: yes
tls-service-key: /etc/ssl/letsencrypt/certs/router.example.com/privkey.pem
tls-service-pem: /etc/ssl/letsencrypt/certs/router.example.com/fullchain.pem
[...]
Unbound will simply not listen on port 853 and it also won't log why.
[1566410200] unbound[3017:0] debug: increased limit(open files) from 1024 to 4164
[1566410200] unbound[3017:0] debug: creating udp6 socket :: 53
[1566410200] unbound[3017:0] debug: creating tcp6 socket :: 53
[1566410200] unbound[3017:0] debug: creating udp4 socket 0.0.0.0 53
[1566410200] unbound[3017:0] debug: creating tcp4 socket 0.0.0.0 53
[1566410200] unbound[3017:0] debug: creating tcp4 socket 127.0.0.1 8953
[1566410200] unbound[3017:0] debug: creating tcp6 socket ::1 8953
[1566410200] unbound[3017:0] debug: setup SSL certificates
[1566410200] unbound[3017:0] error: cannot open pidfile /run/unbound.pid: Permission denied
[1566410200] unbound[3017:0] debug: chdir to /etc/unbound
[1566410200] unbound[3017:0] debug: drop user privileges, run as unbound
[...]
I've also tried out 1.9.3-rc1 but the behaviour was the same.
Can any provide insight into what happens here?
Best,
Martin
More information about the Unbound-users
mailing list