Hello, I ran into the same issue recently, and after looking around, I found that adding the line near the top of my config fixed the issue: so-sndbuf: 0
Hope that helps John On Fri, 19 Dec 2025 at 16:50, <[email protected]> wrote: > I sent only to misc@ because I don't believe this to be a bug. > > On Fri, Dec 19, 2025 at 08:25:18AM +0000, Otto Cooper wrote: > > chrooted unbound is the default in openbsd. > > chrooted unbound has its configuration file in /var/unbound/etc. The > command "rcctl \ > > reload unbound" fails because it looks for the configuration in /etc. To > solve this \ > > problem, the rc.d config for reloading the daemon needs to be pointed at > \ > > /var/unbound/etc. > > As mentioned before unbound runs chrooted to /var/unbound so after chroot > is in effect > logs and such will say /etc/unbound.conf but in really is > /var/unbound/etc/unbound.conf. > Also of note unbound changes userid to _unbound so permissions must be for > that user. > > > > cat /var/unbound/etc/unbound.conf > > server: > > include: "/var/unbound/etc/local.unbound" > > use-syslog: no > > logfile: /var/unbound/log/current > > > ls -l /var/unbound/etc/local.unbound > > > > > -rw-r----- 1 root wheel 2957 Dec 12 10:46 local.unbound > > Your unbound service will NOT be able to read this file! > Unbound is running as user _unbound:_unbound so none of the permissions > match. > OpenBSD's default permissions in 7.8 (and Dec 19th snapshot) is root:wheel > -rw-r--r-- > for files in /var/unbound/etc/. Note: the _unbound user has read-only > access (good security). > Either "chmod 644 local.unbound" or "chgrp _unbound local.unbound". > Be sure unbound.conf also has correct permissions or chmod/chgrp. > > Syslog is the default for logging but as you did you can specify your own > log file. > Be sure the _unbound user has write access here. > Using db directory as template guide: > Set /var/unbound/log to root:_unbound drwxrwxr-x and > set logfile current to _unbound:_unbound -rw-r--r--. > > > In summary, to solve this problem, I had to make the following two > changes to \ > > openbsd's base installation of unbound: > > In /etc/login.conf > > > > > unbound:\ > > > > openfiles-max=8192:\ > > > > tc=daemon: > > I don't understand why unbound wants so many openfiles, my running system > never shows > more than 400 files opened systemwide (sysctl kern.nfiles) and I'm running > two unbound services. > But it does seem to complain (but continue) with the default openfiles=512. > > For what it's worth, on my system I set openfiles=1024 and in unbound.conf > I use: > outgoing-range: 950 > num-queries-per-thread: 512 > For good(?) measure I recently added "num-threads: 4" (I settled on four > after monitoring, > but having just 1 thread has always worked too) > > Since I have a second unbound running named unbound2 in /etc/rc.d I also > had to create: > $ cat /etc/login.conf.d/unbound2 > unbound2:\ > :tc=unbound: > to pick-up the same settings for both instances. > > > and > > > > doas chown _unbound /var/unbound/etc/* > > I wouldn't do that, leave the files owned/writable only by root, readable > by _unbound (or other). > > > I see something new in the log above: > > > > Dec 19 17:48:49 unbound[55896:0] warning: setsockopt(..., SO_SNDBUF, > ...) was not \ > > granted: No buffer space available Dec 19 17:48:49 unbound[55896:0] > warning: \ > > so-sndbuf 4194304 was not granted. Got 9216. To fix: start with root \ > > permissions(linux) or sysctl bigger net.core.wmem_max(linux) or \ > > kern.ipc.maxsockbuf(bsd) values. or set so-sndbuf: 0 (use system value). > > See https://marc.info/?l=openbsd-bugs&m=176026002606676&w=2 > Upstream changed default for so-sndbuf to 4M, OpenBSD is different (see > thread). > Stuart set it to 1M in OpenBSD so if you are getting this error you most > likely > are setting so-sndbuf in your config (or did the 1.24.2 import loose this > setting?) > > In my system I had added "so-sndbuf: 2m" (even before upgrading to 7.8). > > I use a handful of values from nlnetlabs's tunning guide: > > https://unbound.docs.nlnetlabs.nl/en/latest/topics/core/performance.html#configuration > "man unbound.conf" has very good descriptions of all the settings, a must > read! > >
