pfSense » pfSense Packages

Problem: both packages (want to) use same port 953 on 127.0.0.1 for (remote) control. If BIND is installed and enabled, then unbound fails to start after reboot.

2.4.0-BETA][admin@fwA]/root: /usr/local/sbin/unbound -c /var/unbound/unbound.conf
[1487326118] unbound[44792:0] error: can't bind socket: Address already in use for 127.0.0.1
[1487326118] unbound[44792:0] error: cannot open control interface 127.0.0.1 953
[1487326118] unbound[44792:0] fatal error: could not open ports

Implications of unbound failing to come up can be pretty drastic after restoring a config backup on a freshly installed pfSense box when its DNS Server Settings depend on unbound. It will try repeatedly to resolve beta.pfsense.com until timing out after minutes, be unable to install packages that are listed in the config backup, and fail to bring up SSHd or Web-configurator.

Proposed and tested solution: Move control port of unbound from 953 back to its default value 8953 (see [1]), e.g. in

/etc/inc/unbound.inc

 control-port: 953

 control-port: 8953

Thanks,
Rolf

[1] https://www.freebsd.org/cgi/man.cgi?unbound.conf
...
control-port: port number
The port number to listen on for IPv4 or IPv6 control interfaces,
default is 8953. If you change this and permissions have been
dropped, you must restart the server for the change to take
effect.