libunbound error

LuMiWa lumiwa at dismail.de
Sat Dec 19 15:59:17 UTC 2020 

Hi!
I am using unbound for DOT on FreeBAS 12.2 desktop computer. It
works but I have about one month when unbound start libunbound errors:

[1608331195] libunbound[20481:0] error: udp connect failed: No route to
host for 2001:503:c27::2:30 port 53 [1608331195] libunbound[20481:0]
error: udp connect failed: No route to host for 2001:500:9f::42 port 53
[1608331195] libunbound[20481:0] error: udp connect failed: No route to
host for 2001:500:200::b port 53
----
----

unbound -V shows:
Configure line: --with-ssl=/usr --with-libexpat=/usr/local
--enable-dnscrypt --disable-dnstap --with-libnghttp2 --enable-ecdsa
--disable-event-api --enable-gost --with-libevent --disable-subnet
--enable-tfo-client --disable-tfo-server --with-pthreads
--prefix=/usr/local --localstatedir=/var --mandir=/usr/local/man
--infodir=/usr/local/share/info/ --build=amd64-portbld-freebsd12.2
Linked libs: libevent 2.1.12-stable (it uses kqueue), OpenSSL
1.1.1h-freebsd  22 Sep 2020 Linked modules: dns64 respip validator
iterator DNSCrypt feature available


and my unbound.conf looks like:

server:
  # port: 53
  username: unbound
  module-config: "validator iterator"
  access-control: 127.0.0.1/8  allow
  access-control: 192.168.0.0/16 allow
 # access-control: fddd::/48 allow
 # unblock-lan-zones: yes
 # insecure-lan-zones: yes
  aggressive-nsec: yes
  cache-max-ttl: 14400
  cache-min-ttl: 1200
  directory: /usr/local/etc/unbound
  chroot: /usr/local/etc/unbound
  root-hints: /usr/local/etc/unbound/root.hints
  auto-trust-anchor-file: "/usr/local/etc/unbound/root.key"  
  include: /usr/local/etc/unbound/blacklist.conf
  logfile: /usr/local/etc/unbound/unbound.log
  log-time-ascii: yes
  val-log-level: 2
  use-syslog: no
  do-ip4: yes
  do-ip6: no
  do-tcp: yes
  do-udp: yes
  hide-identity: yes
  hide-version: yes
  qname-minimisation: yes
  minimal-responses: yes
  harden-glue: yes
  harden-dnssec-stripped: yes
  disable-dnssec-lame-check: yes
  interface: 127.0.0.1
  interface: ::0
  pidfile: /var/run/unbound.pid
  prefetch: yes
  prefetch-key: yes
  rrset-roundrobin: yes
  val-clean-additional: yes
  unwanted-reply-threshold: 10000
  tls-cert-bundle: "/usr/local/share/certs/ca-root-nss.crt"
  use-caps-for-id: yes

  # Unbound from pkg built with libevent; increase threads and slabs to the
  # number of real cpu cores to reduce lock contention. Increase cache size to
  # store more records and allow each thread to serve an increased number of
  # concurrent client requests.
  num-threads: 4
  msg-cache-slabs: 1
  rrset-cache-slabs: 1
  infra-cache-slabs: 1
  key-cache-slabs: 1
  msg-cache-size: 50M
  rrset-cache-size: 100M
  outgoing-range: 950
  num-queries-per-thread: 512

 # forward-addr format must be ip "@" port number "#" followed by the valid public hostname
 # in order for unbound to use the tls-cert-bundle to validate the dns server certificate.
 forward-zone:
   name: "."
   forward-tls-upstream: yes
   forward-addr: adresses
   forward-addr: 
   forward-addr:       # 
   
Thank you.

LuMiWa
-- 
“Two things are infinite: the universe and human stupidity; and I'm not
sure about the universe.”

― Albert Einstein

More information about the Unbound-users mailing list