Getting SERVFAIL when trying to reach .co.il domains

Unbound unbound at tacomawireless.net
Fri Jan 1 22:43:14 UTC 2021


On 2021-01-01 05:14, Gil Levy wrote:
>> 
>> But apparently your unbound.conf file indicates it's here:
>> >> /etc/unbound/var/log/unbound
>> 
> 
> This has already been fixed in my unbound.conf file (see here: unbound.conf
> <https://pastebin.com/GsA8GtJF>), but it still errors: *error: Could not
> open logfile /var/log/unbound/unbound.log: No such file or directory*
> 
>> 
>> See the difference?
>> Are you running unbound in a chroot(8)?
> 
> I don't know how to check that.
> 
OK based on what I was able to ascertain from the somewhat jumbled
info in this thread. I'm going to stick my neck out and suggest this
is probably a *system* thing, more than an unbound thing.
That said. Let's try and sort this for you. :-)
If you perform the following, do you get output?

$ cat /etc/unbound.conf

If you get output.
SO. I can see, given your pastebin link, you can see the contents of
at least one of your unbound.conf files, and that you *are* running
unbound in a chroot(8).
Given the errors that I've seen in this thread, and your comments.
It appears that you're unfamiliar with chroot(8). Simply put, it
reroots the environment into a new (directory) tree. Your system
appears to think that's /etc/unbound
IMHO this is a poor choice of locations. As /etc is usually owned
by root, and is *intended* for initial configuration of your system
services.
Let's try this (based upon my own setup on a large server farm)
chroot unbound into /var -- or more accurately /var/unbound
DO NOTE: your init(8) script *must* reference this location
for (unbound) start|status|stop|...
Copy your current /etc/unbound.conf to /etc/unbound.conf.last

$ cp /etc/unbound.conf /etc/unbound.conf.last

empty the entire /etc/unbound.conf, then add ONLY the following:

include: "/var/unbound/unbound.conf"

save /etc/unbound.conf
Make the initial unbound chroot and populate it

$ mkdir /var/unbound
$ cd /var/unbound

I've created an unbound.conf on your pastebin copy:
https://internethell.org/var-unbound-unbound.conf
Grab it, and place this file in /var/unbound as
unbound.conf
Ensure that unbound owns this chroot directory.
While in /var/unbound do:

$ chown -Rh unbound:unbound .

After ensuring that your init(8) script correctly references
your unbound chroot tree. Start unbound

service unbound start

Do note; you will likely need to preface all the commands
indicated above with: sudo

Give this a try, and indicate the status.

Best wishes, and Happy New Year!



--- trimmed for brevity ----


More information about the Unbound-users mailing list