OPNsense Forum

Hi,

After the latest upgrade to OPNsense 21.1.3-amd64, the Unbound service shows stopped after reboot in the Dashboard service list. It stays stopped state after click on the start button.

But, in terminal it seems to be ok:

=========

[spt@opnsense ~]$ unbound-checkconf
unbound-checkconf: no errors in /usr/local/etc/unbound/unbound.conf

[spt@opnsense ~]$ sudo unbound -dd
[1615497513] unbound[55165:0] notice: init module 0: validator
[1615497513] unbound[55165:0] notice: init module 1: iterator
[1615497513] unbound[55165:0] info: start of service (unbound 1.13.1).

=========
And when shutting down the service:

[1615498300] unbound[55165:0] info: service stopped (unbound 1.13.1).
[1615498300] unbound[55165:0] info: server stats for thread 0: 177 queries, 38 answers from cache, 139 recursions, 0 prefetch, 0 rejected by ip ratelimiting
[1615498300] unbound[55165:0] info: server stats for thread 0: requestlist max 12 avg 0.935252 exceeded 0 jostled 0
[1615498300] unbound[55165:0] info: average recursion processing time 0.530602 sec
[1615498300] unbound[55165:0] info: histogram of recursion processing times
[1615498300] unbound[55165:0] info: [25%]=0.176583 median[50%]=0.26093 [75%]=0.583752
[1615498300] unbound[55165:0] info: lower(secs) upper(secs) recursions
[1615498300] unbound[55165:0] info:    0.008192    0.016384 1
[1615498300] unbound[55165:0] info:    0.032768    0.065536 3
[1615498300] unbound[55165:0] info:    0.065536    0.131072 12
[1615498300] unbound[55165:0] info:    0.131072    0.262144 54
[1615498300] unbound[55165:0] info:    0.262144    0.524288 32
[1615498300] unbound[55165:0] info:    0.524288    1.000000 18
[1615498300] unbound[55165:0] info:    1.000000    2.000000 15
[1615498300] unbound[55165:0] info:    2.000000    4.000000 2
[1615498300] unbound[55165:0] info:    4.000000    8.000000 2

======

Hi
any errors on
configctl unbound start?

The unbound configuration is at a different path.
Use the following command to check it:

unbound-checkconf /var/unbound/unbound.conf

@fright  It returns "OK"

@cgone  Yes there are errors:

======
/var/unbound/etc/dot.conf:1: error: cannot open include file '/var/unbound/etc/dnsbl.conf': Permission denied
/var/unbound/ad-blacklist.conf:1: error: syntax error
read /var/unbound/unbound.conf failed: 2 errors in configuration file

=======
-rw-r--r--  1 unbound  unbound       2003 Mar 11 21:33 /var/unbound/etc/blacklists.ini
-rw-r-----  1 unbound  unbound  104124499 Mar 12 09:31 /var/unbound/etc/dnsbl.conf
-rw-r--r--  1 unbound  unbound          0 Oct 10 16:29 /var/unbound/etc/dnsbl.inc
-rw-r--r--  1 unbound  unbound          0 Mar 11 21:33 /var/unbound/etc/dot.conf
-rw-r--r--  1 unbound  unbound          0 Oct 10 16:29 /var/unbound/etc/lists.inc
-rw-r--r--  1 unbound  unbound          0 Mar 11 21:33 /var/unbound/etc/miscellaneous.conf
-rw-r--r--  1 unbound  unbound          0 Oct 10 16:29 /var/unbound/etc/whitelist.inc

=======
more /var/unbound/ad-blacklist.conf
local-zone: "0.0.0.0" refuse
local-zone: "000free.us" refuse
local-zone: "000owamail0.000webhostapp.com" refuse
local-zone: "005.free-counter.co.uk" refuse
=======

Quote/var/unbound/etc/dot.conf:1: error: cannot open include file '/var/unbound/etc/dnsbl.conf': Permission denied
/var/unbound/ad-blacklist.conf:1: error: syntax error
read /var/unbound/unbound.conf failed: 2 errors in configuration file

some custom config for AD-blocking?

Thanks @Fright, that was the problem. Removed the custom config and everything seems to be ok now.  :)