Customizing unbound issues

Question

Customizing unbound issues

larssb opened this issue 5 years ago · comments

larssb commented 5 years ago

ISSUE

I'm trying to customize unbound. However, the *.conf file I've made is not picked up on container initialization.

DONE

I created a logging.conf file with the following content:

logfile: "/opt/unbound/etc/unbound/unbound.log"
verbosity: 1
log-queries: yes

The dir. is as it is, because of the following chroot value: "/opt/unbound/etc/unbound"
The file was created in the folder /home/USERNAME/unbound-conf

Initialized the container with the following Docker run cmd: sudo docker run --ulimit nofile=90000:90000 --name=dnscrypt-server -p 443:443/udp -p 443:443/tcp --net=host -v /home/USERNAME/unbound-conf:/opt/unbound/etc/unbound/zones jedisct1/dnscrypt-server init -N NAME -E IP:443
Executed: docker start dnscrypt-server
Executed: docker update --restart=unless-stopped dnscrypt-server
Went into the container via docker exec ...
1. Executed cat /opt/unbound/etc/unbound/unbound.conf to eyeball verify if my unbound customization's had been picked up. Unfortunately no.

EXPECTED RESULT

That my customization's had been picked up

FROM HERE

Tips on how-to solve this/get this to work would be great. I've double checked that I followed the guide correctly.

I can cat the file inside my dnscrypt-server container. So perms. do not seem to be an issue.

Looking forward to get some tips on this. Thank you very much.

Frank Denis · Answer 1 · Mon Mar 23 2020 05:43:30 GMT+0800 (China Standard Time)

/opt/unbound/etc/unbound/unbound.conf has the following line:

  include: "/opt/unbound/etc/unbound/zones/*.conf"

that should include everything in /opt/unbound/etc/unbound/zones/.

Is your logging.conf file present in /opt/unbound/etc/unbound/zones/?

Frank Denis · Answer 2 · Mon Mar 23 2020 05:48:36 GMT+0800 (China Standard Time)

Also, I think log files are relative to the chroot (/opt/unbound/etc/unbound) path.

larssb · Answer 3 · Mon Mar 23 2020 14:08:10 GMT+0800 (China Standard Time)

Hi @jedisct1

Thank you very much for your quick reply. Yep, I've seen the include: "... line in the unbound.conf file.
And yes I've put my logging.conf in that folder. Executing ls -la .... into the /opt/unbound/etc/unbound/zones folder reveals that my logging.conf file is there.
I think you are perfectly right as to log files being relative to the chroot you mention. However, when my Unbound settings do not get into the unbound.conf file it won't really make a difference.

I did not mention it, but I actually tried to execute:

ZONES_DIR="/opt/unbound/etc/unbound/zones"
sed \
-e "s#@ZONES_DIR@#${ZONES_DIR}#" \
    > /opt/unbound/etc/unbound/unbound.conf << EOT
server:
  verbosity: 1
  num-threads: @THREADS@
  interface: 127.0.0.1@55....
....
....
    include: "@ZONES_DIR@/*.conf"
EOT

Inside the container.

My settings from the logging.conf file did not get into the unbound.conf file.

Any ideas? And thank you.

Frank Denis · Answer 4 · Mon Mar 23 2020 21:30:26 GMT+0800 (China Standard Time)

The include statement is handled by unbound directly, not by the sed command.

larssb · Answer 5 · Mon Mar 23 2020 23:38:08 GMT+0800 (China Standard Time)

Dang! I got it to work. I've to admit that I misunderstood the way unbound include works. I get it now and could confirm that my settings is loaded by unbound. Via e.g. /opt/unbound/sbin/unbound-checkconf -f /opt/unbound/etc/unbound/unbound.conf -o verbosity (executed inside the container).
Had to execute touch unbound.log inside the unbound chroot dir. And then use chown in order for the file to be picked up by Unbound. Then to finish it of, restart the unbound container and all engines was go! Cool karaoke 💯 .... Now I'm on to figuring out how-to get the actual IP, the one that gave the query to the unbound server, into the log. As I'm trying to verify that my dnscrypt-proxy Anonymize-DNS setup works.

Thank you a million for your help. Greatly appreciated 🥇