efa-project.org

Hello,
After the upgrade to last version dns recursion as enabled automaticly, when tray to disable with eFa-Config show a timeout error about network service.
I see this error about unbound service:
[root@gttvmlin02efa conf.d]# systemctl status unbound.service
● unbound.service - Unbound recursive Domain Name Server
Loaded: loaded (/usr/lib/systemd/system/unbound.service; enabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/unbound.service.d
└─override.conf
Active: failed (Result: timeout) since Thu 2021-02-04 12:27:49 CET; 16min ago
Process: 4313 ExecStartPre=/usr/sbin/unbound-anchor -a /var/lib/unbound/root.key -c /etc/unbound/icannbundle.pem -f /etc/resol>
Process: 4311 ExecStartPre=/usr/sbin/unbound-checkconf (code=exited, status=0/SUCCESS)

Feb 04 12:26:19 gttvmlin02efa.i.atm.to.it systemd[1]: Starting Unbound recursive Domain Name Server...
Feb 04 12:26:19 gttvmlin02efa.i.atm.to.it unbound-checkconf[4311]: unbound-checkconf: no errors in /etc/unbound/unbound.conf
Feb 04 12:27:49 gttvmlin02efa.i.atm.to.it systemd[1]: unbound.service: start-pre operation timed out. Terminating.
Feb 04 12:27:49 gttvmlin02efa.i.atm.to.it systemd[1]: unbound.service: Failed with result 'timeout'.
Feb 04 12:27:49 gttvmlin02efa.i.atm.to.it systemd[1]: Failed to start Unbound recursive Domain Name Server.

Thanks
Regards

Are the forwarder(s) you specified responding to unbound?

yes I tested the resolution with nslookup.

I have with test eFa antispam reproduced the issue.
The problem seems to be the firewall between efa server and dns.
But the query run correctly and i can't see packet bloked in the firewall.

Thanks

regards

Enrico

What's the result of the following commands: