Solved: Stuck on Unbound

Started by cyberfarer, November 11, 2025, 05:08:05 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 11, 2025, 05:08:05 PM Last Edit: Today at 04:50:11 PM by cyberfarer Reason: Solved
Greetings

I am unable to start the Unbound service. The errors are as follows:

Code Select
[1762877195] unbound[40961:0] warning: setsockopt(..., SO_SNDBUF, ...) was not granted: No buffer space available
[1762877195] unbound[40961:0] warning: so-sndbuf 4194304 was not granted. Got 57344. To fix: start with root permissions(linux) or sysctl bigger net.core.wmem_max(linux) or kern.ipc.maxsockbuf(bsd) values. or set so-sndbuf: 0 (use system value).
[1762877195] unbound[40961:0] error: can't bind socket: Permission denied for 127.0.0.1 port 53
[1762877195] unbound[40961:0] fatal error: could not open ports

I have reviewed forums and searched but I remain stuck. Any assistance would be appreciated.

Thanks.
November 11, 2025, 11:34:26 PM #1
Is there any other other DNS service enabled which might block the port? Dnsmasq, BIND, ...?

Cheers
Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
November 12, 2025, 05:30:21 PM #2 Last Edit: November 12, 2025, 05:35:38 PM by cyberfarer
Thank you for the reply. There is not any other DNS service running and netstat demonstrates the port is unused.

root@OPNsense:/etc # netstat -an | grep LISTEN
tcp6       0      0 *.80                   *.*                    LISTEN     
tcp4       0      0 *.80                   *.*                    LISTEN     
tcp6       0      0 *.10443                *.*                    LISTEN     
tcp4       0      0 *.10443                *.*                    LISTEN     
tcp4       0      0 *.23022                *.*                    LISTEN     
tcp6       0      0 *.23022                *.*                    LISTEN   
November 12, 2025, 05:32:23 PM #3
Look at

sockstat -l

Check if any :53 listeners are already open.
Hardware:
DEC740
November 12, 2025, 05:39:09 PM #4
With sockstat:

 sockstat -l4u
USER     COMMAND    PID   FD  PROTO  LOCAL ADDRESS         FOREIGN ADDRESS     
root     php-cgi    84739 0   stream /var/lib/php/tmp/php-fastcgi.socket-3
root     php-cgi    50162 0   stream /var/lib/php/tmp/php-fastcgi.socket-3
dhcpd    dhcpd      72134 10  udp4   *:67                  *:*
root     php-cgi    66730 0   stream /var/lib/php/tmp/php-fastcgi.socket-2
root     php-cgi    47702 0   stream /var/lib/php/tmp/php-fastcgi.socket-3
root     php-cgi    24263 0   stream /var/lib/php/tmp/php-fastcgi.socket-3
root     sshd-sessi 62202 9   stream (not connected)
root     sshd-sessi 51438 9   stream (not connected)
root     php-cgi    12255 0   stream /var/lib/php/tmp/php-fastcgi.socket-3
root     php-cgi     9635 0   stream /var/lib/php/tmp/php-fastcgi.socket-2
root     php-cgi     9267 0   stream /var/lib/php/tmp/php-fastcgi.socket-1
root     php-cgi     8601 0   stream /var/lib/php/tmp/php-fastcgi.socket-2
root     php-cgi     8125 0   stream /var/lib/php/tmp/php-fastcgi.socket-1
root     php-cgi     7352 0   stream /var/lib/php/tmp/php-fastcgi.socket-2
root     php-cgi     6664 0   stream /var/lib/php/tmp/php-fastcgi.socket-1
root     php-cgi     5728 0   stream /var/lib/php/tmp/php-fastcgi.socket-0
root     php-cgi     5216 0   stream /var/lib/php/tmp/php-fastcgi.socket-2
root     php-cgi     5142 0   stream /var/lib/php/tmp/php-fastcgi.socket-1
root     php-cgi     4622 0   stream /var/lib/php/tmp/php-fastcgi.socket-0
root     php-cgi     4316 0   stream /var/lib/php/tmp/php-fastcgi.socket-1
root     php-cgi     4303 0   stream /var/lib/php/tmp/php-fastcgi.socket-0
root     php-cgi     3787 0   stream /var/lib/php/tmp/php-fastcgi.socket-0
root     php-cgi     2752 0   stream /var/lib/php/tmp/php-fastcgi.socket-0
root     php-cgi     2267 0   stream /var/lib/php/tmp/php-fastcgi.socket-3
root     php-cgi     1889 0   stream /var/lib/php/tmp/php-fastcgi.socket-2
root     php-cgi     1266 0   stream /var/lib/php/tmp/php-fastcgi.socket-1
root     php-cgi     1253 0   stream /var/lib/php/tmp/php-fastcgi.socket-0
root     lighttpd     879 7   tcp4   *:10443               *:*
root     lighttpd     879 9   tcp4   *:80                  *:*
root     python3.11 55636 3   stream /var/run/configd.socket
root     openvpn    68655 6   stream /var/etc/openvpn/instance-b5da173f-1a07-42f3-a481-b81db5e2118b.sock
root     openvpn    68655 8   udp46  *:1172                *:*
root     openvpn    66795 6   stream /var/etc/openvpn/instance-9e52dea4-c270-44dd-b31a-b892632fe39d.sock
root     openvpn    66795 8   udp46  *:1171                *:*
root     openvpn    60720 6   stream /var/etc/openvpn/instance-2d0bab87-ec48-48da-8cce-7fd90a8ce180.sock
root     openvpn    60720 8   udp46  *:1170                *:*
root     openvpn    57975 6   stream /var/etc/openvpn/instance-e8bd9180-5fe2-4288-96f1-4f0dd2047f2e.sock
root     openvpn    57975 8   udp46  *:1169                *:*
root     openvpn    55375 6   stream /var/etc/openvpn/instance-103facf0-f007-47a1-bfc0-71a28e94fd51.sock
root     openvpn    55375 8   udp46  *:1168                *:*
root     openvpn    52942 6   stream /var/etc/openvpn/instance-39757c7e-db75-45bf-afa0-e07742db1fc8.sock
root     openvpn    52942 8   udp46  *:1167                *:*
root     ntpd       75308 21  udp4   *:123                 *:*
root     ntpd       75308 22  udp4   10.10.255.5:123       *:*
root     ntpd       75308 26  udp4   127.0.0.1:123         *:*
root     ntpd       75308 30  udp4   10.242.0.1:123        *:*
root     ntpd       75308 31  udp4   10.242.1.1:123        *:*
root     ntpd       75308 32  udp4   10.242.2.1:123        *:*
root     ntpd       75308 33  udp4   10.242.3.1:123        *:*
root     ntpd       75308 34  udp4   10.242.4.1:123        *:*
root     ntpd       75308 35  udp4   10.242.5.1:123        *:*
root     sshd       73231 7   tcp4   *:23022               *:*
root     syslog-ng  19783 20  dgram  /var/run/log <-
root     syslog-ng  19783 21  dgram  /var/run/logpriv
root     syslog-ng  19783 22  dgram  /var/dhcpd/var/run/log <-
root     syslog-ng  19783 23  dgram  /var/unbound/var/run/log
root     syslog-ng  19783 27  stream /var/db/syslog-ng.ctl
root     devd        1852 6   stream /var/run/devd.pipe
root     devd        1852 7   seqpac /var/run/devd.seqpacket.pipe
November 12, 2025, 07:25:41 PM #5
Its kinda weird it gets permission denied for loopback (127.0.0.1)

Can you go to

Services: Unbound DNS: General

And select an interfacw to bind to instead? See if it starts then?
Hardware:
DEC740
November 12, 2025, 10:15:41 PM #6
I eliminated the socket buffer error by increasing the memory available under Tunables, kern.ipc.maxsockbuf to 10M. So now I only have the permissions error. It remains no matter if I select or comment out interfaces in the config file.

November 12, 2025, 10:27:16 PM #7
Quote from: Monviech (Cedrik) on November 12, 2025, 07:25:41 PMIts kinda weird it gets permission denied for loopback (127.0.0.1)

Can you go to

Services: Unbound DNS: General

And select an interfacw to bind to instead? See if it starts then?

It does not appear to be reading the config file. If I change
This:
# Interface IP(s) to bind to
interface: 0.0.0.0
interface: ::
interface-automatic: yes

To That:
 
# Interface IP(s) to bind to
interface: 10.10.255.5
#interface: ::
interface-automatic: yes

I get the same result:
sudo -u unbound /usr/local/sbin/unbound -vvv -dc /var/unbound/unbound.conf
[1762982815] unbound[42406:0] notice: Start of unbound 1.24.0.
[1762982815] unbound[42406:0] debug: setting ip-ratelimit-slabs: 8
[1762982815] unbound[42406:0] debug: setting ratelimit-slabs: 8
[1762982815] unbound[42406:0] debug: setting dnscrypt-shared-secret-cache-slabs: 8
[1762982815] unbound[42406:0] debug: setting dnscrypt-nonce-cache-slabs: 8
[1762982815] unbound[42406:0] debug: creating udp4 socket 0.0.0.0 53 udpancil
[1762982815] unbound[42406:0] error: can't bind socket: Permission denied for 0.0.0.0 port 53 (len 16)
[1762982815] unbound[42406:0] fatal error: could not open ports

November 12, 2025, 10:46:33 PM #8 Last Edit: November 12, 2025, 10:48:20 PM by Patrick M. Hausen
You cannot start Unbound as user unbound. It must be started as root to be able to bind to ports below 1024. It will do that and then drop privileges via setuid() all by itself.

OPNsense will take care of that. You should not start services via custom command lines. Use Services > Unbound to enable and start. Or the Services dashboard widget.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Today at 04:22:34 PM #9
Yes, the reason I'm doing that is because the service does not start via Unbound under services or via the dashboard.
Today at 04:25:48 PM #10 Last Edit: Today at 05:40:57 PM by Patrick M. Hausen
Then try starting it as root - it will drop privileges if successful. Or possibly produce a more helpful error message. The "permission denied" problem is definitely due to not starting as root.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Today at 04:57:25 PM #11
This is resolved. There were two issues. The first was the "No buffer space available". This was solved by increasing the memory available under Tunables, kern.ipc.maxsockbuf to 10M and (according to support) was likely a result of multiple OpenVPN instances.

The second issue was "error: can't bind socket: Permission denied for 127.0.0.1 port 53".

Patrick M. Hausen gave a hint when he reminded me to try starting as root. Using the command  /usr/local/sbin/unbound -vvv -dc /var/unbound/unbound.conf as root showed the certificates were invalid. In fact, they were empty. I generated new certificates and now everything is happy.

Thank you to everyone who offered suggestions.
Print
Go Up Pages1
User actions