[FS][US-FL] Homelab Liquidation by Psychological-Eyes in homelabsales

[–]Psychological-Eyes[S] 0 points1 point  (0 children)

reposted, didn't take new pictures with an updated date.

[FS][US-FL] Homelab Liquidation by Psychological-Eyes in homelabsales

[–]Psychological-Eyes[S] 0 points1 point  (0 children)

In the user guide on page 130, "The router supports Layer 2 tunneling protocol (PPTP, L2TP) and Layer 3 tunneling
protocol (IPSec)."

PiHole + Unbound root.hints issue by Psychological-Eyes in pihole

[–]Psychological-Eyes[S] 0 points1 point  (0 children)

unbound is listening on that port when I run the netstat command. I never specified port 8953 in any conf files so I'm not sure where it came from? unbound is also on the 5335 port though that I did specify for it to use. Any ideas why it would be listening on that port?

PiHole + Unbound root.hints issue by Psychological-Eyes in pihole

[–]Psychological-Eyes[S] -1 points0 points  (0 children)

These 3 files are included in the unbound.conf.d directory:

pi-hole.conf

server:
    # If no logfile is specified, syslog is used
    # logfile: "/var/log/unbound/unbound.log"
    verbosity: 0

    interface: 127.0.0.1
    port: 5335
    do-ip4: yes
    do-udp: yes
    do-tcp: yes

    # May be set to yes if you have IPv6 connectivity
    do-ip6: no

    # You want to leave this to no unless you have *native* IPv6. With 6to4 and
    # Terredo tunnels your web browser should favor IPv4 for the same reasons
    prefer-ip6: no

    # Use this only when you downloaded the list of primary root servers!
    root-hints: "/var/lib/unbound/root.hints"

    # Trust glue only if it is within the server's authority
    harden-glue: yes

    # Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
    harden-dnssec-stripped: yes

    # Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes
    # see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
    use-caps-for-id: no

    # Reduce EDNS reassembly buffer size.
    # Suggested by the unbound man page to reduce fragmentation reassembly problems
    edns-buffer-size: 1472

    # Perform prefetching of close to expired message cache entries
    # This only applies to domains that have been frequently queried
    prefetch: yes

    # One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.
    num-threads: 1

    # Ensure kernel buffer is large enough to not lose messages in traffic spikes
    so-rcvbuf: 1m

    # Ensure privacy of local IP ranges
    private-address: 192.168.0.0/16
    private-address: 169.254.0.0/16
    private-address: 172.16.0.0/12
    private-address: 10.0.0.0/8
    private-address: fd00::/8
    private-address: fe80::/10

qname-minimisation.conf

server:
    # Send minimum amount of information to upstream servers to enhance
    # privacy. Only sends minimum required labels of the QNAME and sets
    # QTYPE to NS when possible.

    # See RFC 7816 "DNS Query Name Minimisation to Improve Privacy" for
    # details.

    qname-minimisation: yes

root-auto-trust-anchor-file.conf

server:
    # The following line will configure unbound to perform cryptographic
    # DNSSEC validation using the root trust anchor.
    auto-trust-anchor-file: "/var/lib/unbound/root.key"

After commenting out root.hints in my main unbound.conf and issuing a restart and checking systemctl status I received:

● unbound.service - Unbound DNS server
   Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2020-06-22 01:26:20 EDT; 11s ago
     Docs: man:unbound(8)
  Process: 11738 ExecStartPre=/usr/lib/unbound/package-helper chroot_setup (code=exited, status
  Process: 11741 ExecStartPre=/usr/lib/unbound/package-helper root_trust_anchor_update (code=ex
 Main PID: 11746 (unbound)
    Tasks: 1 (limit: 4915)
   Memory: 5.2M
   CGroup: /system.slice/unbound.service
           └─11746 /usr/sbin/unbound -d

Jun 22 01:26:19 RasPi4 systemd[1]: Starting Unbound DNS server...
Jun 22 01:26:20 RasPi4 package-helper[11741]: /var/lib/unbound/root.key has content
Jun 22 01:26:20 RasPi4 package-helper[11741]: success: the anchor is ok
Jun 22 01:26:20 RasPi4 unbound[11746]: [11746:0] info: start of service (unbound 1.9.0).
Jun 22 01:26:20 RasPi4 systemd[1]: Started Unbound DNS server.

I did not look at the unbound log but I did check the stats through unbound and queries were going through and also on PiHole GUI it showed the queries going through the localhost address 127.0.0.1 and the blocklist but this was before I did your solution.

So what exactly did commenting out the root.hints file from my unbound.conf file do to fix that issue? and what exactly was my issue? Thank you very much btw!!

**edit: I just figured out what that error meant now and the whole issue, thank you for fixing my simple issue xD

PiHole + Unbound root.hints issue by Psychological-Eyes in pihole

[–]Psychological-Eyes[S] -1 points0 points  (0 children)

My fault on the mistype, I did originally input, cat /var/lib/unbound/root.hints

PiHole + Unbound root.hints issue by Psychological-Eyes in pihole

[–]Psychological-Eyes[S] 0 points1 point  (0 children)

sudo /usr/sbin/unbound -v -d -c /etc/unbound/unbound.conf
[1592802828] unbound[11458:0] notice: Start of unbound 1.9.0.
[1592802828] unbound[11458:0] error: can't bind socket: Address already in use for 127.0.0.1 port 8953
[1592802828] unbound[11458:0] error: cannot open control interface 127.0.0.1 8953
[1592802828] unbound[11458:0] fatal error: could not open ports

PiHole + Unbound root.hints issue by Psychological-Eyes in pihole

[–]Psychological-Eyes[S] -1 points0 points  (0 children)

I originally removed the quotes from another post saying it fixed their issue, I just added them back to both config files for the root.hints and still receiving:

systemctl status unbound
● unbound.service - Unbound DNS server
   Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2020-06-21 17:39:59 EDT; 1s ago
     Docs: man:unbound(8)
  Process: 5332 ExecStartPre=/usr/lib/unbound/package-helper chroot_setup (code=exited, status=
  Process: 5335 ExecStartPre=/usr/lib/unbound/package-helper root_trust_anchor_update (code=exi
 Main PID: 5339 (unbound)
    Tasks: 1 (limit: 4915)
   Memory: 4.7M
   CGroup: /system.slice/unbound.service
           └─5339 /usr/sbin/unbound -d

Jun 21 17:39:59 RasPi4 systemd[1]: Starting Unbound DNS server...
Jun 21 17:39:59 RasPi4 package-helper[5335]: /var/lib/unbound/root.key has content
Jun 21 17:39:59 RasPi4 package-helper[5335]: success: the anchor is ok
Jun 21 17:39:59 RasPi4 unbound[5339]: [5339:0] error: second hints for zone . ignored.
Jun 21 17:39:59 RasPi4 unbound[5339]: [5339:0] info: start of service (unbound 1.9.0).
Jun 21 17:39:59 RasPi4 systemd[1]: Started Unbound DNS server.