Unbound faild after upgrade.

[nv.nguyen]

My proxmox gateway Ver 7.3-11. After upgrade unbound (unbound/oldstable-security 1.13.1-1+deb11u2 amd64 [upgradable from: 1.13.1-1+deb11u1]), Unbound cannot start.

systemctl start  unbound.service
Job for unbound.service failed because the control process exited with error code.
See "systemctl status unbound.service" and "journalctl -xe" for details.

unbound -d -vvvv
[1713976325] unbound[10213:0] notice: Start of unbound 1.13.1.
[1713976325] unbound[10213:0] debug: increased limit(open files) from 1024 to 4152
[1713976325] unbound[10213:0] debug: creating udp6 socket ::1 53
[1713976325] unbound[10213:0] error: can't create socket: Permission denied
[1713976325] unbound[10213:0] fatal error: could not open ports

 

[Stoiko Ivanov]

Is something else listening on the relevant ports?
but it seems more likely related to a permission issue - and nothing in the changelog between those two version indicate that something changed w.r.t. permissions....
https://metadata.ftp-master.debian.org/changelogs//main/u/unbound/unbound_1.13.1-1+deb11u2_changelog

- please share the journal output and the systemctl status output

 

[nv.nguyen]

I have add this config in /etc/unbound/unbound.conf

server:
    # Enable Unbound to work with IPv4
    do-ip4: yes

    # Disable IPv6 if not needed
    do-ip6: no

    # Define the interfaces to listen on
    interface: 0.0.0.0
    interface: 127.0.0.1

Unbound allready running.

 

[yrzorg]

Hi,

I recently updated PMG to version 9.0.7, and since then unbound refuses to start
Here's the current situation:

• Running on Hyper-V VM
• The service fails immediately with exit code 1.
• I've already tried disabling the remote-control interface and tweaking the systemd unit, remove/install/reinstall/downgrade, but nothing helped.

I've collected some logs and config info below. Any ideas would be appreciated.

Jun 01 09:16:14 srv systemd[1]: Starting unbound.service - Unbound DNS server...
Jun 01 09:16:14 srv (unbound)[28142]: unbound.service: Referenced but unset environment variable evaluates to an empty string: DAEMON_OPTS
Jun 01 09:16:14 srv unbound[28142]: [1780294574] unbound[28142:0] error: Cannot create local socket /run/unbound.ctl (Permission denied)
Jun 01 09:16:14 srv unbound[28142]: [1780294574] unbound[28142:0] error: cannot open control interface /run/unbound.ctl 8953
Jun 01 09:16:14 srv unbound[28142]: [1780294574] unbound[28142:0] fatal error: could not open ports
Jun 01 09:16:14 srv systemd[1]: unbound.service: Main process exited, code=exited, status=1/FAILURE
Jun 01 09:16:14 srv systemd[1]: unbound.service: Failed with result 'exit-code'.
Jun 01 09:16:14 srv systemd[1]: Failed to start unbound.service - Unbound DNS server.

 unbound.service - Unbound DNS server
     Loaded: loaded (/usr/lib/systemd/system/unbound.service; disabled; preset: enabled)
     Active: failed (Result: exit-code) since Mon 2026-06-01 09:50:58 MSK; 36s ago
 Invocation: 694aa60060af4ea9beb4316d4754aee1
       Docs: man:unbound(8)
    Process: 28718 ExecStartPre=/usr/libexec/unbound-helper chroot_setup (code=exited, status=0/SUCCESS)
    Process: 28720 ExecStartPre=/usr/libexec/unbound-helper root_trust_anchor_update (code=exited, status=0/SUCCESS)
    Process: 28724 ExecStart=/usr/sbin/unbound -d -p $DAEMON_OPTS (code=exited, status=1/FAILURE)
    Process: 28726 ExecStopPost=/usr/libexec/unbound-helper chroot_teardown (code=exited, status=0/SUCCESS)
   Main PID: 28724 (code=exited, status=1/FAILURE)

 

[nv.nguyen]

Turn off apparmor service

 

[yrzorg]

Turn off apparmor service

Didn't help, same error

 

[nv.nguyen]

sudo journalctl -k | grep apparmor
Let try it.
So i think apparmor disable create unbound.ctl
sudo systemctl stop apparmor
then restart unbound

 

[yrzorg]

Stopping the apparmor service didn't help. AI helped me find a working solution:

apt update && apt install apparmor-utils -y
aa-complain /etc/apparmor.d/usr.sbin.unbound
systemctl restart apparmor
systemctl start unbound

After that, unbound started normally.