unbound refuses all requests

Johannes B. Kernel weberzbf at gmail.com
Fri Nov 12 16:19:02 UTC 2021 

hi george,

i tried it with that config now. (unbound starts)

server:

statistics-cumulative: yes
extended-statistics: yes
log-queries: yes
log-servfail: yes
verbosity: 3
val-log-level: 2
auto-trust-anchor-file: /etc/unbound/var/root-anchors.txt

interface: 127.0.0.1
interface: 192.168.100.250
interface: 116.202.87.165
interface: 192.168.120.251
interface: 192.168.110.250

outgoing-interface: 192.168.100.250
outgoing-interface: 192.168.110.250
outgoing-interface: 192.168.120.251
outgoing-interface: 116.202.87.165

num-threads: 8

include: /etc/unbound/unbound.conf.d/access_options.conf
include: /etc/unbound/unbound.conf.d/name_solving.conf
include: /etc/unbound/unbound.conf.d/privacy_options.conf
include: /etc/unbound/unbound.conf.d/cache_options.conf
include: /etc/unbound/unbound.conf.d/dnssec_options.conf
include: /etc/unbound/unbound.conf.d/blacklist.conf
include: /etc/unbound/unbound.conf.d/local_names.conf
include: /etc/unbound/unbound.conf.d/opennic_names.conf
include: /etc/unbound/unbound.conf.d/forwarders.conf

remote-control:
      control-enable: yes
      control-interface: 127.0.0.1
      control-port: 8953
      control-use-cert: "no"

#module-config: "validator cachedb iterator"

cachedb:
  backend: "redis"
  secret-seed: "default"
  redis-server-host: 127.0.0.1
  redis-server-port: 6379
  redis-timeout: 100
  redis-expire-records: no


BUT, unbound-control status
shows this:

supabunka /etc/unbound # unbound-control status
version: 1.13.2
verbosity: 3
threads: 8
modules: 2 [ validator iterator ]
uptime: 218 seconds
options: reuseport control
unbound (pid 31165) is running...

it does not load the cachedb module .....
( i also found no way to list or to show available modules, maybe it has
another name now )

on https://github.com/NLnetLabs/unbound/blob/master/doc/example.conf.in
i found this:

# CacheDB
# Enable external backend DB as auxiliary cache. Specify the backend name
# (default is "testframe", which has no use other than for debugging and
# testing) and backend-specific options. The 'cachedb' module must be
# included in module-config, just before the iterator module.
# cachedb:
# backend: "testframe"
# # secret seed string to calculate hashed keys
# secret-seed: "default"
#
# # For "redis" backend:
# # redis server's IP address or host name
# redis-server-host: 127.0.0.1
# # redis server's TCP port
# redis-server-port: 6379
# # timeout (in ms) for communication with the redis server
# redis-timeout: 100
# # set timeout on redis records based on DNS response TTL
# redis-expire-records: no
i set the cachedb module just before iterator

any ideas?

best regards
marko



Am Fr., 12. Nov. 2021 um 10:45 Uhr schrieb George Thessalonikefs via
Unbound-users <unbound-users at lists.nlnetlabs.nl>:

> Hi Johannes,
>
> I see a lot of configuration errors WRT redis in your unbound.conf.
> Instead of me going over everything I would suggest to read the "Cache
> DB Module Options" section in the unbound.conf man page (Also online for
> the latest version:
> https://www.nlnetlabs.nl/documentation/unbound/unbound.conf/) as I
> believe it covers all the steps and configuration you need to make.
>
> If you still have questions feel free to ask them here again.
>
> Best regards,
> -- George
>
> On 11/11/2021 17:42, Johannes B. Kernel via Unbound-users wrote:
> > @hauke , damn  ps aux showed me 2 running daemons.....
> > and i found out, i "missed" to copy over the access.conf in
> > unbound.conf.d/  :-)
> >
> > now nearlyall is running fine..
> > only redis seems not to cache.....
> >
> > my unbound.conf.
> >
> > server:
> >
> > statistics-cumulative: yes
> > extended-statistics: yes
> > log-queries: yes
> > log-servfail: yes
> > verbosity: 3
> > val-log-level: 2
> > auto-trust-anchor-file: /etc/unbound/var/root-anchors.txt
> >
> > interface: 127.0.0.1
> > interface: 192.168.100.250
> > interface: 192.168.120.251
> > interface: 192.168.110.250
> >
> > outgoing-interface: 192.168.100.250
> > outgoing-interface: 192.168.110.250
> > outgoing-interface: 192.168.120.251
> > outgoing-interface: 116.202.87.165
> >
> > num-threads: 8
> >
> > include: /etc/unbound/unbound.conf.d/access_options.conf
> > include: /etc/unbound/unbound.conf.d/name_solving.conf
> > include: /etc/unbound/unbound.conf.d/privacy_options.conf
> > include: /etc/unbound/unbound.conf.d/cache_options.conf
> > include: /etc/unbound/unbound.conf.d/dnssec_options.conf
> > include: /etc/unbound/unbound.conf.d/blacklist.conf
> > include: /etc/unbound/unbound.conf.d/local_names.conf
> > include: /etc/unbound/unbound.conf.d/opennic_names.conf
> > include: /etc/unbound/unbound.conf.d/forwarders.conf
> >
> > remote-control:
> >        control-enable: yes
> >
> > cachedb:
> >    backend: "testframe"
> >    secret-seed: "default"
> >    redis-server-host: 127.0.0.1
> >    redis-server-port: 6379
> >    redis-timeout: 100
> >    redis-expire-records: no
> >
> >
> >
> > when i connect my redis server via "redis-cli" .....
> >
> > supabunka/etc/unbound #redis-cli
> > 127.0.0.1:6379 <http://127.0.0.1:6379>> keys *
> > (empty array)
> > 127.0.0.1:6379 <http://127.0.0.1:6379>>
> >
> >
> > seems nothing get cached......
> >
> > any idea?
> >
> >
> > Am Mi., 10. Nov. 2021 um 18:29 Uhr schrieb Hauke Lampe via Unbound-users
> > <unbound-users at lists.nlnetlabs.nl
> > <mailto:unbound-users at lists.nlnetlabs.nl>>:
> >
> >
> >     On 10.11.21 17:50, Johannes B. Kernel via Unbound-users wrote:
> >
> >      > and now it works, for 3-5 requests, the all gets refused for 2-5
> >     time, then
> >      > again it works .............
> >      >
> >      > Nov 10 17:45:40 supabunka unbound: [25308:1] debug: refused query
> >     from ip4
> >      > Nov 10 17:45:43 supabunka unbound: [15016:0] info:
> >     192.168.100.250 heise.de <http://heise.de>.
> >
> >     The refusals come from PID 25308 while PID 15016 processes the
> requests.
> >
> >     Do you have multiple daemons with different configurations and/or a
> DNS
> >     balancer?
> >
> >
> >     Hauke.
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20211112/236f1a4a/attachment-0001.htm>

More information about the Unbound-users mailing list