can't install cloudron due to unbound issues
-
as @nebulon said please test
host -t NS apple.com 127.0.0.1on a fresh ubuntu + unbound. If this works, this is already a start . Next step is to use the unbound config at https://forum.cloudron.io/post/104349 . With that config in place, you have to test withhost -t NS apple.com 127.0.0.150. Here's a demo recording if it helps - https://asciinema.org/a/9mMqdLmgJ2X7vWgBUkQVAgB5i -
@nebulon , I'm quite confused as well - I realize it's a basic thing that, would it be broken, would affect everyone at all.
Default unbound works on 127.0.0.1 indeed and so far I ended up with point-finger with firewall - it seems UDP requires 53 port to be open on the inbound firewall rules to be working - something you have on your iptables rules as well.
For your reference - it's much easier to troubleshoot unbound with
systemctl stop unbound && unbound -dd -vvvvas it start writing everything on the console, so we stop the guess work.
Other common troubleshooting steps aress -tulnp | grep 53to see if there is anyone listening.@girish , thank you - for the time being I ended up disabling firewall completely to process with installation process.
I believe I unexpectedly advanced with unbound server for the last 24 hours and will be looking to reconfigure it once the setup is done.It seems like unbound is only used for SpamHause and during setup. If the setup issue will resorted, only SpamHause issue will remain.
-
@nebulon , I'm quite confused as well - I realize it's a basic thing that, would it be broken, would affect everyone at all.
Default unbound works on 127.0.0.1 indeed and so far I ended up with point-finger with firewall - it seems UDP requires 53 port to be open on the inbound firewall rules to be working - something you have on your iptables rules as well.
For your reference - it's much easier to troubleshoot unbound with
systemctl stop unbound && unbound -dd -vvvvas it start writing everything on the console, so we stop the guess work.
Other common troubleshooting steps aress -tulnp | grep 53to see if there is anyone listening.@girish , thank you - for the time being I ended up disabling firewall completely to process with installation process.
I believe I unexpectedly advanced with unbound server for the last 24 hours and will be looking to reconfigure it once the setup is done.It seems like unbound is only used for SpamHause and during setup. If the setup issue will resorted, only SpamHause issue will remain.
@potemkin_ai said in can't install cloudron due to unbound issues:
It seems like unbound is only used for SpamHause and during setup. If the setup issue will resorted, only SpamHause issue will remain.
It's also used for DNS propagation checks (during app install, change location etc) and also verify validity of DNS records for Let's Encrypt. We cannot rely on caching resolvers because they would cache not found (NXDOMAIN) entries for very long periods of time.
The recommendation is to keep all the outbound ports open - https://docs.cloudron.io/security/#outbound-ports .
-
G girish has marked this topic as solved on
