libunbound error
LuMiWa
lumiwa at dismail.de
Sat Dec 19 15:59:17 UTC 2020
Hi!
I am using unbound for DOT on FreeBAS 12.2 desktop computer. It
works but I have about one month when unbound start libunbound errors:
[1608331195] libunbound[20481:0] error: udp connect failed: No route to
host for 2001:503:c27::2:30 port 53 [1608331195] libunbound[20481:0]
error: udp connect failed: No route to host for 2001:500:9f::42 port 53
[1608331195] libunbound[20481:0] error: udp connect failed: No route to
host for 2001:500:200::b port 53
----
----
unbound -V shows:
Configure line: --with-ssl=/usr --with-libexpat=/usr/local
--enable-dnscrypt --disable-dnstap --with-libnghttp2 --enable-ecdsa
--disable-event-api --enable-gost --with-libevent --disable-subnet
--enable-tfo-client --disable-tfo-server --with-pthreads
--prefix=/usr/local --localstatedir=/var --mandir=/usr/local/man
--infodir=/usr/local/share/info/ --build=amd64-portbld-freebsd12.2
Linked libs: libevent 2.1.12-stable (it uses kqueue), OpenSSL
1.1.1h-freebsd 22 Sep 2020 Linked modules: dns64 respip validator
iterator DNSCrypt feature available
and my unbound.conf looks like:
server:
# port: 53
username: unbound
module-config: "validator iterator"
access-control: 127.0.0.1/8 allow
access-control: 192.168.0.0/16 allow
# access-control: fddd::/48 allow
# unblock-lan-zones: yes
# insecure-lan-zones: yes
aggressive-nsec: yes
cache-max-ttl: 14400
cache-min-ttl: 1200
directory: /usr/local/etc/unbound
chroot: /usr/local/etc/unbound
root-hints: /usr/local/etc/unbound/root.hints
auto-trust-anchor-file: "/usr/local/etc/unbound/root.key"
include: /usr/local/etc/unbound/blacklist.conf
logfile: /usr/local/etc/unbound/unbound.log
log-time-ascii: yes
val-log-level: 2
use-syslog: no
do-ip4: yes
do-ip6: no
do-tcp: yes
do-udp: yes
hide-identity: yes
hide-version: yes
qname-minimisation: yes
minimal-responses: yes
harden-glue: yes
harden-dnssec-stripped: yes
disable-dnssec-lame-check: yes
interface: 127.0.0.1
interface: ::0
pidfile: /var/run/unbound.pid
prefetch: yes
prefetch-key: yes
rrset-roundrobin: yes
val-clean-additional: yes
unwanted-reply-threshold: 10000
tls-cert-bundle: "/usr/local/share/certs/ca-root-nss.crt"
use-caps-for-id: yes
# Unbound from pkg built with libevent; increase threads and slabs to the
# number of real cpu cores to reduce lock contention. Increase cache size to
# store more records and allow each thread to serve an increased number of
# concurrent client requests.
num-threads: 4
msg-cache-slabs: 1
rrset-cache-slabs: 1
infra-cache-slabs: 1
key-cache-slabs: 1
msg-cache-size: 50M
rrset-cache-size: 100M
outgoing-range: 950
num-queries-per-thread: 512
# forward-addr format must be ip "@" port number "#" followed by the valid public hostname
# in order for unbound to use the tls-cert-bundle to validate the dns server certificate.
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: adresses
forward-addr:
forward-addr: #
Thank you.
LuMiWa
--
“Two things are infinite: the universe and human stupidity; and I'm not
sure about the universe.”
― Albert Einstein
More information about the Unbound-users
mailing list