Hi Arnold,
This is because Unbound is *started* as the "unbound" user.
Port 53 needs elevated privileges to open.
I would start Unbound as root in your case, unbound will drop root
privileges at startup right after when not needed anymore (after reading
certain files and opening ports for example) and it will change to the
configured 'username:' user.
The default value of username is "unbound" if you haven't provided
another one during compilation.
The value "" in the configuration file means that Unbound will continue
to operate as the startup user; in your case root but I believe you
don't want that.
Best regards,
-- Yorgos
On 10/09/2025 01:54, Arnold via Unbound-users wrote:
Hello all. I am new to Unbound. I have it installed on Ubuntu Server
22.04 LTS, and I'm attempting to run it, but am having problems getting
it to run. The primary error I get now is that it attempts to open a
udp4 circuit on Port 53, but craps out, saying it cannot open the port.
This, even after I disabled systemd-resolverd, etc., and I ensured
nothing else was attempting to open the port. The following are my
support and config files, as well as logs on what happens when i try to
run it.
1) My standard Unbound Config file - Attachment #1.
2) Log file: "*Systemctl Status systemd-resolved*" command and result
- Attachment#2
3) Result of "*ufw status*" command before starting Unbound - Attachment#3
4) *Netstat -tulnp | grep :53* result - showing that port 53 is not
open. Attachment#4 -
5) Actual command to execute *unbound* and the resultant log/error
messages - Attachment#5
Some Notes:
1) In my test terminal window, I am logged in as "root." I use "sudo -u
unbound" before running the command so it runs as "unbound" and not
"root," since most of the files it needs to access are owned by unbound
and not root. But I wonder if that might be a factor in the process not
being able to open port 53.
2) I do not use localhost (127.0.0.1) in the "interface" command of the
config file. I use the machine's assigned local IP (197.185.29.10). But
I do recall switching to the hard IP(127.0.0.1) and it made no
difference. The port did not open. And I also "allow" it in my access-
control statements.
3) All stub resolvers including systemd-resolved are disabled.
4) It is an older version of Unbound (1.13.1) I know 1.23.1 is current.
Might the older version be an issue? My packae manager didn't have the
most recent version. Only this one.If this is a concern, where can I get
the updated pkg? I currently do not have "make" etc. installed so I
can't build it at present.
5) I set "*chroot = "" *" if that means anything.
Hopefully, this is enough to get the discussion going. I appreciate any
assistance offered. If you need further info, please let me know and
I'll produce it.
Thanks very much.
Regards,
Arnold.
