Getting SERVFAIL when trying to reach .co.il domains

Gil Levy just.gil at gmail.com
Fri Jan 1 13:14:32 UTC 2021


>
> But apparently your unbound.conf file indicates it's here:
> >> /etc/unbound/var/log/unbound
>

This has already been fixed in my unbound.conf file (see here: unbound.conf
<https://pastebin.com/GsA8GtJF>), but it still errors: *error: Could not
open logfile /var/log/unbound/unbound.log: No such file or directory*

>
> See the difference?
> Are you running unbound in a chroot(8)?

I don't know how to check that.


On Fri, 1 Jan 2021 at 22:23, Unbound <unbound at tacomawireless.net> wrote:

> On 2021-01-01 03:06, Gil Levy via Unbound-users wrote:
> > Thanks, Daisuke.
> >
> > However, I'm past that line. While I will change the settings as you
> kindly
> > suggested (thank you for that), I'm encountering other issues which
> disable
> > me from using Unbound.
> > I shot an email earlier today with the following:
> >
> >
> >>
> >>    1. Cannot open log file (despite it's configured in unbound.conf)
> >>    2. Cannot use the unbound-checkconf utility
> >>
> >> I provided a link to my config file at the bottom.
> >> Appreciate your help!
> >>
> >> Gil
> >>
> >>
> >> *pi at raspberrypi:/etc/unbound $ sudo systemctl status unbound*
> >> ● unbound.service - Unbound DNS resolver
> >>    Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor
> >> preset: enabled)
> >>    Active: active (running) since Fri 2021-01-01 10:44:56 AEDT; 19min
> ago
> >>   Process: 456 ExecStartPre=/usr/sbin/unbound-anchor -r
> >> /etc/unbound/root.hints -a /etc/unbound/root.key (code=exited,
> >> status=0/SUCCESS)
> >>  Main PID: 481 (unbound)
> >>     Tasks: 1 (limit: 2063)
> >>    CGroup: /system.slice/unbound.service
> >>            └─481 /usr/sbin/unbound -c /etc/unbound/unbound.conf -d
> >>
> >> Jan 01 10:44:56 raspberrypi unbound-anchor[456]: [1609458296]
> >> libunbound[456:0] error: udp connect failed: Network is unreachable for
> >> 198.41.0.4 port 53
> >> Jan 01 10:44:56 raspberrypi unbound-anchor[456]: [1609458296]
> >> libunbound[456:0] error: udp connect failed: Network is unreachable for
> >> 192.33.4.12 port 53
> >> Jan 01 10:44:56 raspberrypi unbound-anchor[456]: [1609458296]
> >> libunbound[456:0] error: udp connect failed: Network is unreachable for
> >> 2001:dc3::35 port 53
> >> Jan 01 10:44:56 raspberrypi unbound-anchor[456]: [1609458296]
> >> libunbound[456:0] error: udp connect failed: Network is unreachable for
> >> 2001:500:1::53 port 53
> >> Jan 01 10:44:56 raspberrypi unbound-anchor[456]: [1609458296]
> >> libunbound[456:0] error: udp connect failed: Network is unreachable for
> >> 2001:500:9f::42 port 53
> >> Jan 01 10:44:56 raspberrypi unbound-anchor[456]: [1609458296]
> >> libunbound[456:0] error: udp connect failed: Network is unreachable for
> >> 199.7.91.13 port 53
> >> Jan 01 10:44:56 raspberrypi unbound[481]: [1609458296] unbound[481:0]
> >> *error:
> >> Could not open logfile /var/log/unbound/unbound.log: No such file or
> >> directory*
> >> Jan 01 10:44:57 raspberrypi unbound[481]: [1609458297] unbound[481:0]
> >> notice: init module 0: validator
> >> Jan 01 10:44:57 raspberrypi unbound[481]: [1609458297] unbound[481:0]
> >> notice: init module 1: iterator
> >> Jan 01 10:44:57 raspberrypi unbound[481]: [1609458297] unbound[481:0]
> >> info: start of service (unbound 1.13.0).
> >>
> >> pi at raspberrypi:/var/log/unbound $ ls
> >> unbound.log
> >>
> >> pi at raspberrypi:/etc/unbound $ unbound-checkconf
> /etc/unbound/unbound.conf
> >> /etc/unbound/var/log/unbound: *No such file or directory*
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> I won't speak for all your woes. But this line (above) says it all.
> On one hand you indicate your log file is located here:
> >> pi at raspberrypi:/var/log/unbound $ ls
> >> unbound.log
> But apparently your unbound.conf file indicates it's here:
> >> /etc/unbound/var/log/unbound
>
> See the difference?
> Are you running unbound in a chroot(8)?
>
> >> [1609459551] unbound-checkconf[1316:0] fatal error: logfile directory
> >> does not exist
> >>
> >> pi at raspberrypi:/etc/unbound $ ls
> >> root.hints  root.key  root.zone  unbound.conf  unbound_control.key
> >>  unbound_control.pem  unbound.log  unbound.pid  unbound_server.key
> >>  unbound_server.pem
> >>
> >> *unbound.conf* here -> https://pastebin.com/ZAUVFVEF
> >>
> >
> > Any ideas what should I do? I'm really lost here and would like to keep
> > using unbound.
> >
> > Thanks in advance.
> >
> > On Fri, 1 Jan 2021 at 20:29, Daisuke HIGASHI <daisuke.higashi at gmail.com>
> > wrote:
> >
> >> Hi,
> >>
> >> ".co.il" and ".il"  (seemingly under DNSSEC algorithm rollover) have
> >> several errors. Current versions of Unbound in default configuration
> >> tolerate them, but in a specific configuration Unbound could make
> >> fatal errors.
> >>
> >> Assuming [1] is your configuration file, the offending line is:
> >>
> >> >   harden-algo-downgrade: yes
> >>
> >> "harden-algo-downgrade: no" (this is the current default value) makes
> >> Unbound tolerant.
> >>
> >> [1] https://pastebin.com/ZAUVFVEF
> >>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20210102/cfadab06/attachment.htm>


More information about the Unbound-users mailing list