Cloudron Forum

@girish Thank you!

I restarted ubound and it's all good now. Thank you!

@girish Thanks you for your quick answer. Works great now.

@fisi I think @nebulon responded to your ticket from support. If this is the same support ticket, the reason is that your server has 2 NICs and connected to the internal and external network. This is not a problem but the routes are set up incorrectly in ubuntu. The default route is going via the internal gateway. I think you have to adjust the netplan to fix the routing situation .

(I hope I am replying about the correct tickte 🙂 ! )

Looks like the DNS resolution is failing. Can you explain your environment and check if you can resolve any host from the system via SSH? Is the unbound service working?

Not sure if relevant to your situation, but to bypass specific DNS entries you can also do:

local-zone: example.com typetransparent local-data: "my.example.com A 172.18.0.1"

Right, you need to figure why unbound is not starting. The logs are in journalctl -u unbound -fa . Note that if unbound doesn't work, DNS doesnt work properly on the server and makes this quite unstable (as you experienced already).

@nichu42 said in DNS resolving problem:

I've tried to modify the forward-all.conf like this

forward-tls-upstream: yes forward-addr: 91.239.100.100@853#anycast.uncensoreddns.org forward-addr: 1.1.1.1@853#cloudflare-dns.com

but it didn't work (SERVFAIL).

Answer to myself (in case someone else ever needs this):

It is necessary to also add the following to the conf file:

server: tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt

so the validity of the certificates can be verified.
After that, you can add TLS upstream servers as mentioned in my previous post. I've decided for anycast.uncensoreddns.org and dns.quad9.net now.

@nebulon said in Cloudron dashboard not loading after reboot after NextCloud "not responding":

Most likely you are hitting an unbound issue then. Checkout the unbound section at https://docs.cloudron.io/troubleshooting/

Unbound solved my issues, thank you! 🙂

OK, I have fixed the unbound issue with IPv6. It's an upstream bug but I have made a workaround for the moment. Fix will be part of 7.3.5 (released next week).

@bcdodgeme this usually only happens when the server runs out of disk space.

@girish Yes, looks like it

@girish Thank you - now its working again.

@ajtatum Congrats on the success and all the learning! 😎

@gobenizzle see the unbound section of https://docs.cloudron.io/troubleshooting/#recovery-after-disk-full in case you hit the disk space issue.

@Mastadamus From the earlier screenshot you posted, the issue seems to be "Could not establish chain of trust". So, I would investigate that angle (which is DNSSEC related)

@girish I think it was ultimately a disk space issue - I restarted unbound and that seemed to do the trick. I have to move servers again because of a Vultr restriction (block storage not in the zone I had the VM in) that's unrelated to Cloudron so I'll see what happens. Thanks guys!

@nebulon Unfortunatelly not.

@khadanja Is your idea to forward all queries ? The example config you pasted will only forward DNS queries for cloudron.lan (sic). You need the config in https://forum.cloudron.io/topic/5756/custom-dns-server-in-local-network/2 to forward all queries to your router.

@hendrikvl It's not a problem to have local network specific configuration in unbound. See https://docs.cloudron.io/networking/#private-dns .

As for the motivation, we use unbound because the mail server needs to do DNSBL queries. Most of the DNSBL servers like Zen SpamHaus will not respond if the queries originate from Google/Cloudflare DNS. This forces us to run our own DNS server.

The other motivation was also to log DNS lookups by apps to identify any malicious use but we never got around to this (this was initially designed for a setup where we expected all app packages to be done by 3rd party).

Finally, the unbound server should not be used much at all because most of the apps should not be querying anything external.

@nebulon Thanks!!!
I followed the recommendations and I managed to fix it.
I tried to do in the application terminal itself.
But it turned out it was necessary to use the server terminal. (feel stupid 😂 )
The problem was with the "Unbound" service.