Re: Installation failed - DNS/resolvconf issues
Gave it a shot, and it's still angry and not wanting to resolve things
It's super strange for sure. It's the same across 18.04, 20.04 iso installs and a 20.04 cloud image deployment. I did verify port 53 was open outbound at the firewall to be safe, even though it doesn't seem to be getting that far.
● unbound.service - Unbound DNS server
Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2021-02-17 17:05:48 UTC; 23s ago
Docs: man:unbound(8)
Process: 1496 ExecStartPre=/usr/lib/unbound/package-helper chroot_setup (code=exited, status=0/SUCCESS)
Process: 1501 ExecStartPre=/usr/lib/unbound/package-helper root_trust_anchor_update (code=exited, status=0/SUCCESS)
Main PID: 1505 (unbound)
Tasks: 1 (limit: 38494)
Memory: 7.5M
CGroup: /system.slice/unbound.service
└─1505 /usr/sbin/unbound -d
Feb 17 17:05:48 cloudron-temp systemd[1]: Starting Unbound DNS server...
Feb 17 17:05:48 cloudron-temp package-helper[1504]: /var/lib/unbound/root.key has content
Feb 17 17:05:48 cloudron-temp package-helper[1504]: fail: the anchor is NOT ok and could not be fixed
Feb 17 17:05:48 cloudron-temp unbound[1505]: [1505:0] notice: init module 0: subnet
Feb 17 17:05:48 cloudron-temp unbound[1505]: [1505:0] notice: init module 1: validator
Feb 17 17:05:48 cloudron-temp unbound[1505]: [1505:0] notice: init module 2: iterator
Feb 17 17:05:48 cloudron-temp unbound[1505]: [1505:0] info: start of service (unbound 1.9.4).
Feb 17 17:05:48 cloudron-temp systemd[1]: Started Unbound DNS server.
Adding the below to my configuration fixes resolution (I noticed that it was trying to do IPv6 whereas the server only has IPv4 addressing). Also if i don't give it the forward zone, it fails and if I leave out the part for dnssec it fails too.
harden-dnssec-stripped: no
server:
do-ip4: yes
do-ip6: no
forward-zone:
name: "."
forward-addr: x.x.x.x
Post changes I tried the install again and it succeeded. I'm happy to keep troubleshooting unbound if you have any ideas aside from what I did. The changes got it going, but my tinfoil-hat-wearing alter ego would probably like to enable dnssec again.
##############################################
Cloudron Setup (latest)
##############################################
Follow setup logs in a second terminal with:
$ tail -f /var/log/cloudron-setup.log
Join us at https://forum.cloudron.io for any questions.
=> Updating apt and installing script dependencies
=> Checking version
=> Downloading version 6.1.2 ...
=> Installing base dependencies and downloading docker images (this takes some time) ...
=> Installing version 6.1.2 (this takes some time) ...
=> Waiting for cloudron to be ready (this takes some time) ....
After reboot, visit https://x.x.x.x and accept the self-signed certificate to finish setup.
The server has to be rebooted to apply all the settings. Reboot now ? [Y/n]