Getting SERVFAIL when trying to reach .co.il domains
Unbound
unbound at tacomawireless.net
Fri Jan 1 22:43:14 UTC 2021
On 2021-01-01 05:14, Gil Levy wrote:
>>
>> But apparently your unbound.conf file indicates it's here:
>> >> /etc/unbound/var/log/unbound
>>
>
> This has already been fixed in my unbound.conf file (see here: unbound.conf
> <https://pastebin.com/GsA8GtJF>), but it still errors: *error: Could not
> open logfile /var/log/unbound/unbound.log: No such file or directory*
>
>>
>> See the difference?
>> Are you running unbound in a chroot(8)?
>
> I don't know how to check that.
>
OK based on what I was able to ascertain from the somewhat jumbled
info in this thread. I'm going to stick my neck out and suggest this
is probably a *system* thing, more than an unbound thing.
That said. Let's try and sort this for you. :-)
If you perform the following, do you get output?
$ cat /etc/unbound.conf
If you get output.
SO. I can see, given your pastebin link, you can see the contents of
at least one of your unbound.conf files, and that you *are* running
unbound in a chroot(8).
Given the errors that I've seen in this thread, and your comments.
It appears that you're unfamiliar with chroot(8). Simply put, it
reroots the environment into a new (directory) tree. Your system
appears to think that's /etc/unbound
IMHO this is a poor choice of locations. As /etc is usually owned
by root, and is *intended* for initial configuration of your system
services.
Let's try this (based upon my own setup on a large server farm)
chroot unbound into /var -- or more accurately /var/unbound
DO NOTE: your init(8) script *must* reference this location
for (unbound) start|status|stop|...
Copy your current /etc/unbound.conf to /etc/unbound.conf.last
$ cp /etc/unbound.conf /etc/unbound.conf.last
empty the entire /etc/unbound.conf, then add ONLY the following:
include: "/var/unbound/unbound.conf"
save /etc/unbound.conf
Make the initial unbound chroot and populate it
$ mkdir /var/unbound
$ cd /var/unbound
I've created an unbound.conf on your pastebin copy:
https://internethell.org/var-unbound-unbound.conf
Grab it, and place this file in /var/unbound as
unbound.conf
Ensure that unbound owns this chroot directory.
While in /var/unbound do:
$ chown -Rh unbound:unbound .
After ensuring that your init(8) script correctly references
your unbound chroot tree. Start unbound
service unbound start
Do note; you will likely need to preface all the commands
indicated above with: sudo
Give this a try, and indicate the status.
Best wishes, and Happy New Year!
--- trimmed for brevity ----
More information about the Unbound-users
mailing list