Hi! I am using unbound for DOT on FreeBAS 12.2 desktop computer. It works but I have about one month when unbound start libunbound errors:
[1608331195] libunbound[20481:0] error: udp connect failed: No route to host for 2001:503:c27::2:30 port 53 [1608331195] libunbound[20481:0] error: udp connect failed: No route to host for 2001:500:9f::42 port 53 [1608331195] libunbound[20481:0] error: udp connect failed: No route to host for 2001:500:200::b port 53 ---- ---- unbound -V shows: Configure line: --with-ssl=/usr --with-libexpat=/usr/local --enable-dnscrypt --disable-dnstap --with-libnghttp2 --enable-ecdsa --disable-event-api --enable-gost --with-libevent --disable-subnet --enable-tfo-client --disable-tfo-server --with-pthreads --prefix=/usr/local --localstatedir=/var --mandir=/usr/local/man --infodir=/usr/local/share/info/ --build=amd64-portbld-freebsd12.2 Linked libs: libevent 2.1.12-stable (it uses kqueue), OpenSSL 1.1.1h-freebsd 22 Sep 2020 Linked modules: dns64 respip validator iterator DNSCrypt feature available and my unbound.conf looks like: server: # port: 53 username: unbound module-config: "validator iterator" access-control: 127.0.0.1/8 allow access-control: 192.168.0.0/16 allow # access-control: fddd::/48 allow # unblock-lan-zones: yes # insecure-lan-zones: yes aggressive-nsec: yes cache-max-ttl: 14400 cache-min-ttl: 1200 directory: /usr/local/etc/unbound chroot: /usr/local/etc/unbound root-hints: /usr/local/etc/unbound/root.hints auto-trust-anchor-file: "/usr/local/etc/unbound/root.key" include: /usr/local/etc/unbound/blacklist.conf logfile: /usr/local/etc/unbound/unbound.log log-time-ascii: yes val-log-level: 2 use-syslog: no do-ip4: yes do-ip6: no do-tcp: yes do-udp: yes hide-identity: yes hide-version: yes qname-minimisation: yes minimal-responses: yes harden-glue: yes harden-dnssec-stripped: yes disable-dnssec-lame-check: yes interface: 127.0.0.1 interface: ::0 pidfile: /var/run/unbound.pid prefetch: yes prefetch-key: yes rrset-roundrobin: yes val-clean-additional: yes unwanted-reply-threshold: 10000 tls-cert-bundle: "/usr/local/share/certs/ca-root-nss.crt" use-caps-for-id: yes # Unbound from pkg built with libevent; increase threads and slabs to the # number of real cpu cores to reduce lock contention. Increase cache size to # store more records and allow each thread to serve an increased number of # concurrent client requests. num-threads: 4 msg-cache-slabs: 1 rrset-cache-slabs: 1 infra-cache-slabs: 1 key-cache-slabs: 1 msg-cache-size: 50M rrset-cache-size: 100M outgoing-range: 950 num-queries-per-thread: 512 # forward-addr format must be ip "@" port number "#" followed by the valid public hostname # in order for unbound to use the tls-cert-bundle to validate the dns server certificate. forward-zone: name: "." forward-tls-upstream: yes forward-addr: adresses forward-addr: forward-addr: # Thank you. LuMiWa -- “Two things are infinite: the universe and human stupidity; and I'm not sure about the universe.” ― Albert Einstein
