Thanks, Daisuke. However, I'm past that line. While I will change the settings as you kindly suggested (thank you for that), I'm encountering other issues which disable me from using Unbound. I shot an email earlier today with the following:
> > 1. Cannot open log file (despite it's configured in unbound.conf) > 2. Cannot use the unbound-checkconf utility > > I provided a link to my config file at the bottom. > Appreciate your help! > > Gil > > > *pi@raspberrypi:/etc/unbound $ sudo systemctl status unbound* > ● unbound.service - Unbound DNS resolver > Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor > preset: enabled) > Active: active (running) since Fri 2021-01-01 10:44:56 AEDT; 19min ago > Process: 456 ExecStartPre=/usr/sbin/unbound-anchor -r > /etc/unbound/root.hints -a /etc/unbound/root.key (code=exited, > status=0/SUCCESS) > Main PID: 481 (unbound) > Tasks: 1 (limit: 2063) > CGroup: /system.slice/unbound.service > └─481 /usr/sbin/unbound -c /etc/unbound/unbound.conf -d > > Jan 01 10:44:56 raspberrypi unbound-anchor[456]: [1609458296] > libunbound[456:0] error: udp connect failed: Network is unreachable for > 198.41.0.4 port 53 > Jan 01 10:44:56 raspberrypi unbound-anchor[456]: [1609458296] > libunbound[456:0] error: udp connect failed: Network is unreachable for > 192.33.4.12 port 53 > Jan 01 10:44:56 raspberrypi unbound-anchor[456]: [1609458296] > libunbound[456:0] error: udp connect failed: Network is unreachable for > 2001:dc3::35 port 53 > Jan 01 10:44:56 raspberrypi unbound-anchor[456]: [1609458296] > libunbound[456:0] error: udp connect failed: Network is unreachable for > 2001:500:1::53 port 53 > Jan 01 10:44:56 raspberrypi unbound-anchor[456]: [1609458296] > libunbound[456:0] error: udp connect failed: Network is unreachable for > 2001:500:9f::42 port 53 > Jan 01 10:44:56 raspberrypi unbound-anchor[456]: [1609458296] > libunbound[456:0] error: udp connect failed: Network is unreachable for > 199.7.91.13 port 53 > Jan 01 10:44:56 raspberrypi unbound[481]: [1609458296] unbound[481:0] *error: > Could not open logfile /var/log/unbound/unbound.log: No such file or > directory* > Jan 01 10:44:57 raspberrypi unbound[481]: [1609458297] unbound[481:0] > notice: init module 0: validator > Jan 01 10:44:57 raspberrypi unbound[481]: [1609458297] unbound[481:0] > notice: init module 1: iterator > Jan 01 10:44:57 raspberrypi unbound[481]: [1609458297] unbound[481:0] > info: start of service (unbound 1.13.0). > > pi@raspberrypi:/var/log/unbound $ ls > unbound.log > > pi@raspberrypi:/etc/unbound $ unbound-checkconf /etc/unbound/unbound.conf > /etc/unbound/var/log/unbound: *No such file or directory* > [1609459551] unbound-checkconf[1316:0] fatal error: logfile directory > does not exist > > pi@raspberrypi:/etc/unbound $ ls > root.hints root.key root.zone unbound.conf unbound_control.key > unbound_control.pem unbound.log unbound.pid unbound_server.key > unbound_server.pem > > *unbound.conf* here -> https://pastebin.com/ZAUVFVEF > Any ideas what should I do? I'm really lost here and would like to keep using unbound. Thanks in advance. On Fri, 1 Jan 2021 at 20:29, Daisuke HIGASHI <daisuke.higa...@gmail.com> wrote: > Hi, > > ".co.il" and ".il" (seemingly under DNSSEC algorithm rollover) have > several errors. Current versions of Unbound in default configuration > tolerate them, but in a specific configuration Unbound could make > fatal errors. > > Assuming [1] is your configuration file, the offending line is: > > > harden-algo-downgrade: yes > > "harden-algo-downgrade: no" (this is the current default value) makes > Unbound tolerant. > > [1] https://pastebin.com/ZAUVFVEF >
