Greetings
I am unable to start the Unbound service. The errors are as follows:
[1762877195] unbound[40961:0] warning: setsockopt(..., SO_SNDBUF, ...) was not granted: No buffer space available
[1762877195] unbound[40961:0] warning: so-sndbuf 4194304 was not granted. Got 57344. To fix: start with root permissions(linux) or sysctl bigger net.core.wmem_max(linux) or kern.ipc.maxsockbuf(bsd) values. or set so-sndbuf: 0 (use system value).
[1762877195] unbound[40961:0] error: can't bind socket: Permission denied for 127.0.0.1 port 53
[1762877195] unbound[40961:0] fatal error: could not open ports
I have reviewed forums and searched but I remain stuck. Any assistance would be appreciated.
Thanks.
Is there any other other DNS service enabled which might block the port? Dnsmasq, BIND, ...?
Cheers
Maurice
Thank you for the reply. There is not any other DNS service running and netstat demonstrates the port is unused.
root@OPNsense:/etc # netstat -an | grep LISTEN
tcp6 0 0 *.80 *.* LISTEN
tcp4 0 0 *.80 *.* LISTEN
tcp6 0 0 *.10443 *.* LISTEN
tcp4 0 0 *.10443 *.* LISTEN
tcp4 0 0 *.23022 *.* LISTEN
tcp6 0 0 *.23022 *.* LISTEN
Look at
sockstat -l
Check if any :53 listeners are already open.
With sockstat:
sockstat -l4u
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
root php-cgi 84739 0 stream /var/lib/php/tmp/php-fastcgi.socket-3
root php-cgi 50162 0 stream /var/lib/php/tmp/php-fastcgi.socket-3
dhcpd dhcpd 72134 10 udp4 *:67 *:*
root php-cgi 66730 0 stream /var/lib/php/tmp/php-fastcgi.socket-2
root php-cgi 47702 0 stream /var/lib/php/tmp/php-fastcgi.socket-3
root php-cgi 24263 0 stream /var/lib/php/tmp/php-fastcgi.socket-3
root sshd-sessi 62202 9 stream (not connected)
root sshd-sessi 51438 9 stream (not connected)
root php-cgi 12255 0 stream /var/lib/php/tmp/php-fastcgi.socket-3
root php-cgi 9635 0 stream /var/lib/php/tmp/php-fastcgi.socket-2
root php-cgi 9267 0 stream /var/lib/php/tmp/php-fastcgi.socket-1
root php-cgi 8601 0 stream /var/lib/php/tmp/php-fastcgi.socket-2
root php-cgi 8125 0 stream /var/lib/php/tmp/php-fastcgi.socket-1
root php-cgi 7352 0 stream /var/lib/php/tmp/php-fastcgi.socket-2
root php-cgi 6664 0 stream /var/lib/php/tmp/php-fastcgi.socket-1
root php-cgi 5728 0 stream /var/lib/php/tmp/php-fastcgi.socket-0
root php-cgi 5216 0 stream /var/lib/php/tmp/php-fastcgi.socket-2
root php-cgi 5142 0 stream /var/lib/php/tmp/php-fastcgi.socket-1
root php-cgi 4622 0 stream /var/lib/php/tmp/php-fastcgi.socket-0
root php-cgi 4316 0 stream /var/lib/php/tmp/php-fastcgi.socket-1
root php-cgi 4303 0 stream /var/lib/php/tmp/php-fastcgi.socket-0
root php-cgi 3787 0 stream /var/lib/php/tmp/php-fastcgi.socket-0
root php-cgi 2752 0 stream /var/lib/php/tmp/php-fastcgi.socket-0
root php-cgi 2267 0 stream /var/lib/php/tmp/php-fastcgi.socket-3
root php-cgi 1889 0 stream /var/lib/php/tmp/php-fastcgi.socket-2
root php-cgi 1266 0 stream /var/lib/php/tmp/php-fastcgi.socket-1
root php-cgi 1253 0 stream /var/lib/php/tmp/php-fastcgi.socket-0
root lighttpd 879 7 tcp4 *:10443 *:*
root lighttpd 879 9 tcp4 *:80 *:*
root python3.11 55636 3 stream /var/run/configd.socket
root openvpn 68655 6 stream /var/etc/openvpn/instance-b5da173f-1a07-42f3-a481-b81db5e2118b.sock
root openvpn 68655 8 udp46 *:1172 *:*
root openvpn 66795 6 stream /var/etc/openvpn/instance-9e52dea4-c270-44dd-b31a-b892632fe39d.sock
root openvpn 66795 8 udp46 *:1171 *:*
root openvpn 60720 6 stream /var/etc/openvpn/instance-2d0bab87-ec48-48da-8cce-7fd90a8ce180.sock
root openvpn 60720 8 udp46 *:1170 *:*
root openvpn 57975 6 stream /var/etc/openvpn/instance-e8bd9180-5fe2-4288-96f1-4f0dd2047f2e.sock
root openvpn 57975 8 udp46 *:1169 *:*
root openvpn 55375 6 stream /var/etc/openvpn/instance-103facf0-f007-47a1-bfc0-71a28e94fd51.sock
root openvpn 55375 8 udp46 *:1168 *:*
root openvpn 52942 6 stream /var/etc/openvpn/instance-39757c7e-db75-45bf-afa0-e07742db1fc8.sock
root openvpn 52942 8 udp46 *:1167 *:*
root ntpd 75308 21 udp4 *:123 *:*
root ntpd 75308 22 udp4 10.10.255.5:123 *:*
root ntpd 75308 26 udp4 127.0.0.1:123 *:*
root ntpd 75308 30 udp4 10.242.0.1:123 *:*
root ntpd 75308 31 udp4 10.242.1.1:123 *:*
root ntpd 75308 32 udp4 10.242.2.1:123 *:*
root ntpd 75308 33 udp4 10.242.3.1:123 *:*
root ntpd 75308 34 udp4 10.242.4.1:123 *:*
root ntpd 75308 35 udp4 10.242.5.1:123 *:*
root sshd 73231 7 tcp4 *:23022 *:*
root syslog-ng 19783 20 dgram /var/run/log <-
root syslog-ng 19783 21 dgram /var/run/logpriv
root syslog-ng 19783 22 dgram /var/dhcpd/var/run/log <-
root syslog-ng 19783 23 dgram /var/unbound/var/run/log
root syslog-ng 19783 27 stream /var/db/syslog-ng.ctl
root devd 1852 6 stream /var/run/devd.pipe
root devd 1852 7 seqpac /var/run/devd.seqpacket.pipe
Its kinda weird it gets permission denied for loopback (127.0.0.1)
Can you go to
Services: Unbound DNS: General
And select an interfacw to bind to instead? See if it starts then?
I eliminated the socket buffer error by increasing the memory available under Tunables, kern.ipc.maxsockbuf to 10M. So now I only have the permissions error. It remains no matter if I select or comment out interfaces in the config file.
Quote from: Monviech (Cedrik) on November 12, 2025, 07:25:41 PMIts kinda weird it gets permission denied for loopback (127.0.0.1)
Can you go to
Services: Unbound DNS: General
And select an interfacw to bind to instead? See if it starts then?
It does not appear to be reading the config file. If I change
This:
# Interface IP(s) to bind to
interface: 0.0.0.0
interface: ::
interface-automatic: yes
To That:
# Interface IP(s) to bind to
interface: 10.10.255.5
#interface: ::
interface-automatic: yes
I get the same result:
sudo -u unbound /usr/local/sbin/unbound -vvv -dc /var/unbound/unbound.conf
[1762982815] unbound[42406:0] notice: Start of unbound 1.24.0.
[1762982815] unbound[42406:0] debug: setting ip-ratelimit-slabs: 8
[1762982815] unbound[42406:0] debug: setting ratelimit-slabs: 8
[1762982815] unbound[42406:0] debug: setting dnscrypt-shared-secret-cache-slabs: 8
[1762982815] unbound[42406:0] debug: setting dnscrypt-nonce-cache-slabs: 8
[1762982815] unbound[42406:0] debug: creating udp4 socket 0.0.0.0 53 udpancil
[1762982815] unbound[42406:0] error: can't bind socket: Permission denied for 0.0.0.0 port 53 (len 16)
[1762982815] unbound[42406:0] fatal error: could not open ports
You cannot start Unbound as user unbound. It must be started as root to be able to bind to ports below 1024. It will do that and then drop privileges via setuid() all by itself.
OPNsense will take care of that. You should not start services via custom command lines. Use Services > Unbound to enable and start. Or the Services dashboard widget.
Yes, the reason I'm doing that is because the service does not start via Unbound under services or via the dashboard.
Then try starting it as root - it will drop privileges if successful. Or possibly produce a more helpful error message. The "permission denied" problem is definitely due to not starting as root.
This is resolved. There were two issues. The first was the "No buffer space available". This was solved by increasing the memory available under Tunables, kern.ipc.maxsockbuf to 10M and (according to support) was likely a result of multiple OpenVPN instances.
The second issue was "error: can't bind socket: Permission denied for 127.0.0.1 port 53".
Patrick M. Hausen gave a hint when he reminded me to try starting as root. Using the command /usr/local/sbin/unbound -vvv -dc /var/unbound/unbound.conf as root showed the certificates were invalid. In fact, they were empty. I generated new certificates and now everything is happy.
Thank you to everyone who offered suggestions.