Hi Martin, It is the "interface-automatic: yes" statement. It overrides the other interface statements and listens on port 53. If you remove that I think you have a better shot at making it work.
Best regards, Wouter On 8/21/19 8:07 PM, Martin Weinelt via Unbound-users wrote: > Hi, > > I'm trying to get Unbound 1.9.0 on Debian 10 to provide a DoT interface > to clients on the LAN. > > The configuration looks like so: > > server: > interface: :: > interface: 0.0.0.0 > > interface: ::@853 > interface: 0.0.0.0@853 > > port: 53 > tls-port: 853 > > interface-automatic: yes > > tls-service-key: > /etc/ssl/letsencrypt/certs/router.example.com/privkey.pem > tls-service-pem: > /etc/ssl/letsencrypt/certs/router.example.com/fullchain.pem > > [...] > > > Unbound will simply not listen on port 853 and it also won't log why. > > [1566410200] unbound[3017:0] debug: increased limit(open files) from 1024 to > 4164 > [1566410200] unbound[3017:0] debug: creating udp6 socket :: 53 > [1566410200] unbound[3017:0] debug: creating tcp6 socket :: 53 > [1566410200] unbound[3017:0] debug: creating udp4 socket 0.0.0.0 53 > [1566410200] unbound[3017:0] debug: creating tcp4 socket 0.0.0.0 53 > [1566410200] unbound[3017:0] debug: creating tcp4 socket 127.0.0.1 8953 > [1566410200] unbound[3017:0] debug: creating tcp6 socket ::1 8953 > [1566410200] unbound[3017:0] debug: setup SSL certificates > [1566410200] unbound[3017:0] error: cannot open pidfile /run/unbound.pid: > Permission denied > [1566410200] unbound[3017:0] debug: chdir to /etc/unbound > [1566410200] unbound[3017:0] debug: drop user privileges, run as unbound > [...] > > I've also tried out 1.9.3-rc1 but the behaviour was the same. > > > Can any provide insight into what happens here? > > > Best, > > Martin >
signature.asc
Description: OpenPGP digital signature
