I have recently started using unbound dns.
I have configured all the things I need properly. But the server doesn't log when I make a query.
I have no errors in the unbound.conf file
The following is my .conf file
# The server clause sets the main parameters.
server:
# whitespace is not necessary, but looks cleaner.
# verbosity number, 0 is least verbose. 1 is default.
verbosity: 1
# print statistics to the log (for every thread) every N seconds.
# Set to "" or 0 to disable. Default is disabled.
statistics-interval: 5
interface: 192.168.116.134
# port to answer queries from
port: 53
cache-min-ttl: 400
cache-max-ttl: 86400
# Enable IPv4, "yes" or "no".
do-ip4: yes
# Enable IPv6, "yes" or "no".
# do-ip6: yes
# Enable UDP, "yes" or "no".
do-udp: yes
# Enable TCP, "yes" or "no".
do-tcp: yes
access-control: 0.0.0.0/0 allow
# chroot: "/etc/unbound"
# username: "unbound"
# directory: "/etc/unbound"
# the log file, "" means log to stderr.
# Use of this option sets use-syslog to "no".
logfile: "/var/log/unbound/unbound.log"
forward-zone:
name: "."
forward-addr: 8.8.4.4
forward-addr: 8.8.8.8
The lig file does exist in the given directory and I have made the unbound user its owner using chown
, but when I make a query the log file is still empty.
Platform: Ubuntu 18 Desktop
Best Answer
I had the same issue today. You do not mention the Linux distro you are using.
This post geared for Debian/Ubuntu/similar using their repo version.
Remove CHROOT config directive and make sure BOTH the log file & parent folder are owned by unbound user:
Still not working for me (or you).
After this I noticed it was still logging to syslog after turning up verbosity to debug. I also noticed kernel showing "apparmor" was logging DENIED's for the unbound log location:
Example in syslog:
So, I added a local override to
apparmor.d
area:This will create a new /local/ file.
Add this single line to it:
(Yes, with comma on end) Save.
Reload apparmor entries for unbound:
Restart Unbound:
Check log:
WORKS. If you notice, when syslog logs it, it uses a standard date format. But, Unbound custom logging/non-syslog uses Unix/Epoch time (seconds since 1970) by default. If you wish to have timestamps like syslog, add this to your unbound config and reload service:
If your log location is different, make sure you change all the paths/filenames referenced above.
My config:
gist text
References:
https://nlnetlabs.nl/documentation/unbound/unbound.conf/
https://wiki.debian.org/AppArmor/Debug