Unbound won't listen on TLS port

Wouter Wijngaards wouter at nlnetlabs.nl
Thu Aug 22 07:07:43 UTC 2019


Hi Martin,

It is the "interface-automatic: yes" statement.  It overrides the other
interface statements and listens on port 53.  If you remove that I think
you have a better shot at making it work.

Best regards, Wouter

On 8/21/19 8:07 PM, Martin Weinelt via Unbound-users wrote:
> Hi,
> 
> I'm trying to get Unbound 1.9.0 on Debian 10 to provide a DoT interface
> to clients on the LAN.
> 
> The configuration looks like so:
> 
> server:
> 	interface: ::
> 	interface: 0.0.0.0
> 
> 	interface: ::@853
> 	interface: 0.0.0.0 at 853
> 
> 	port: 53
> 	tls-port: 853
> 
> 	interface-automatic: yes
> 
> 	tls-service-key: /etc/ssl/letsencrypt/certs/router.example.com/privkey.pem
> 	tls-service-pem: /etc/ssl/letsencrypt/certs/router.example.com/fullchain.pem
> 
> 	[...]
> 
> 
> Unbound will simply not listen on port 853 and it also won't log why.
> 
>  [1566410200] unbound[3017:0] debug: increased limit(open files) from 1024 to 4164
>  [1566410200] unbound[3017:0] debug: creating udp6 socket :: 53
>  [1566410200] unbound[3017:0] debug: creating tcp6 socket :: 53
>  [1566410200] unbound[3017:0] debug: creating udp4 socket 0.0.0.0 53
>  [1566410200] unbound[3017:0] debug: creating tcp4 socket 0.0.0.0 53
>  [1566410200] unbound[3017:0] debug: creating tcp4 socket 127.0.0.1 8953
>  [1566410200] unbound[3017:0] debug: creating tcp6 socket ::1 8953
>  [1566410200] unbound[3017:0] debug: setup SSL certificates
>  [1566410200] unbound[3017:0] error: cannot open pidfile /run/unbound.pid: Permission denied
>  [1566410200] unbound[3017:0] debug: chdir to /etc/unbound
>  [1566410200] unbound[3017:0] debug: drop user privileges, run as unbound
>  [...]
> 
> I've also tried out 1.9.3-rc1 but the behaviour was the same.
> 
> 
> Can any provide insight into what happens here?
> 
> 
> Best,
> 
> Martin
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20190822/ce4f6f89/attachment.bin>


More information about the Unbound-users mailing list