Service unbound down

Testing of eFa 4
Post Reply
Justin
Posts: 97
Joined: 18 Sep 2014 13:00
Location: The Netherlands
Contact:

Service unbound down

Post by Justin » 04 Mar 2019 07:48

I keep receiving this error email after a few days.
Sadly, i cannot find the logfile which is needed to get more info.

-----
eFa Monitor ALERT


Service unbound down and restarted ( 3 attempts in past day, max attempts is 3 )

Please examine your eFa logs on mx99.domain.nl and resources to determine cause of failure
-----

Service unbound does give me this error:

[root@mx99 eFa]# service unbound status
Redirecting to /bin/systemctl status unbound.service
● unbound.service - Unbound recursive Domain Name Server
Loaded: loaded (/usr/lib/systemd/system/unbound.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Mon 2019-03-04 00:03:01 CET; 8h ago

Mar 04 00:03:01 mx99.domain.nl systemd[1]: Starting Unbound recursive Domain Name Server...
Mar 04 00:03:01 mx99.domain.nl unbound-checkconf[29880]: [1551654181] unbound-checkconf[29880:0] error: cannot parse forward . ip address: 'forward-addr:'
Mar 04 00:03:01 mx99.domain.nl unbound-checkconf[29880]: [1551654181] unbound-checkconf[29880:0] fatal error: Could not set forward zones
Mar 04 00:03:01 mx99.domain.nl systemd[1]: unbound.service: control process exited, code=exited status=1
Mar 04 00:03:01 mx99.domain.nl systemd[1]: Failed to start Unbound recursive Domain Name Server.
Mar 04 00:03:01 mx99.domain.nl systemd[1]: Unit unbound.service entered failed state.
Mar 04 00:03:01 mx99.domain.nl systemd[1]: unbound.service failed.

henk
Posts: 359
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: Service unbound down

Post by henk » 04 Mar 2019 09:06

unbound-checkconf[29880:0] error: cannot parse forward . ip address: 'forward-addr:'
can you check?:

Code: Select all

cat /etc/unbound/conf.d/forwarders.conf
it should be something like this:

Code: Select all

forward-zone:
  name: "."
  forward-addr: xxx.xxx.xxx.xxx
  forward-first: yes
restart unbound after changing

test

Code: Select all

unbound-control list_forwards
unbound-control lookup google.com

Justin
Posts: 97
Joined: 18 Sep 2014 13:00
Location: The Netherlands
Contact:

Re: Service unbound down

Post by Justin » 04 Mar 2019 09:18

henk wrote:
04 Mar 2019 09:06
unbound-checkconf[29880:0] error: cannot parse forward . ip address: 'forward-addr:'
can you check?:

Code: Select all

cat /etc/unbound/conf.d/forwarders.conf
it should be something like this:

Code: Select all

forward-zone:
  name: "."
  forward-addr: xxx.xxx.xxx.xxx
  forward-first: yes
restart unbound after changing

test

Code: Select all

unbound-control list_forwards
unbound-control lookup google.com
Thanks for the quick reply.
For some reason my DNS Servers were missing even though i added them with the setup.
Adding the DNS Server and restarting the unbound service seems to give me the following results.

Code: Select all

[root@mx99]# cat /etc/unbound/conf.d/forwarders.conf
forward-zone:
  name: "."
  forward-addr: 212.45.45.45
  forward-addr: 2001:9e0:4:32::3
[root@mx99]# unbound-control list_forwards
. IN forward 212.45.45.45 2001:9e0:4:32::3
[root@mx99]# unbound-control lookup google.com
The following name servers are used for lookup of google.com.
forwarding request:
Delegation with 0 names, of which 0 can be examined to query further addresses.
It provides 2 IP addresses.
212.45.45.45            not in infra cache.
2001:9e0:4:32::3        not in infra cache.
Is this the correct result?

henk
Posts: 359
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: Service unbound down

Post by henk » 04 Mar 2019 10:39

Yes. It shows the name server(s) that would be used to look up the name specified.

Just dig google.com multiple times. Query time should be 0 msec

The main question is: how did this happen ("though i added them with the setup")

Can you show the original /etc/unbound/conf.d/forwarders.conf, just after setup?
--/etc/efa/ contain the config files with the values used to generate the unbound config--
Last edited by henk on 04 Mar 2019 10:46, edited 1 time in total.

Justin
Posts: 97
Joined: 18 Sep 2014 13:00
Location: The Netherlands
Contact:

Re: Service unbound down

Post by Justin » 04 Mar 2019 10:45

henk wrote:
04 Mar 2019 10:39
Yes. It shows the name server(s) that would be used to look up the name specified.

Just dig google.com multiple times. Query time should be 0 msec

The main question is: how did this happen ("though i added them with the setup")

Can you show the original /etc/unbound/conf.d/forwarders.conf, just after setup?
Sadly enough i cannot show to original one.
But i received an error "permission denied" which was gone after adding my 2 DNS servers under IP Configuration.
It could be possible that i forgot to add the DNS in the setup, but i normally add them as i always do that.

henk
Posts: 359
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: Service unbound down

Post by henk » 04 Mar 2019 10:53

Check the values in /etc/eFa/eFa-Config

Do you use RC3? ( eFa-Configure -- DNS server entry throwing an error is a resolved issue viewtopic.php?f=19&t=3306

Justin
Posts: 97
Joined: 18 Sep 2014 13:00
Location: The Netherlands
Contact:

Re: Service unbound down

Post by Justin » 04 Mar 2019 11:28

henk wrote:
04 Mar 2019 10:53
Check the values in /etc/eFa/eFa-Config

Do you use RC3? ( eFa-Configure -- DNS server entry throwing an error is a resolved issue viewtopic.php?f=19&t=3306
This file shows the 2 DNS records i need and added.
I use the latest version of this morning.

Post Reply