I can see different packages on my firewall:

192.168.70.250 is my mailcow dockerized host host
192.168.89.10 is my internal DNS server

tcpdump -ni igc0.10 port 53 and src or dst 192.168.70.250
======= no answer from the external servers ==============
14:02:29.907240 IP 192.168.70.250.48835 > 192.203.230.10.53: 63600% [1au] NS? . (28)
14:02:30.660538 IP 192.168.70.250.62572 > 192.203.230.10.53: 31860% [1au] NS? . (28)
14:02:34.426525 IP 192.168.70.250.22435 > 198.97.190.53.53: 61323% [1au] NS? . (28)
14:02:35.179706 IP 192.168.70.250.44438 > 198.97.190.53.53: 33745% [1au] NS? . (28)
14:02:36.687445 IP 192.168.70.250.28075 > 170.247.170.2.53: 65094% [1au] NS? . (28)
14:02:37.440559 IP 192.168.70.250.65089 > 170.247.170.2.53: 52982% [1au] NS? . (28)
14:02:42.714327 IP 192.168.70.250.43985 > 192.5.5.241.53: 25941% [1au] NS? . (28)
14:02:43.467583 IP 192.168.70.250.21064 > 192.5.5.241.53: 8375% [1au] NS? . (28)
14:02:50.246415 IP 192.168.70.250.60779 > 192.5.5.241.53: 17457% [1au] NS? . (28)
14:02:51.751340 IP 192.168.70.250.28204 > 192.5.5.241.53: 2973% [1au] NS? . (28)
14:02:53.257525 IP 192.168.70.250.61425 > 199.7.83.42.53: 26413% [1au] NS? . (28)
====== the internal server answers ==========
14:02:53.848946 IP 192.168.70.250.58687 > 192.168.89.10.53: 7394+ [1au] AAAA? bazaar.abuse.ch. (44)
14:02:53.849390 IP 192.168.70.250.35524 > 192.168.89.10.53: 26113+ [1au] A? bazaar.abuse.ch. (44)
14:02:53.879490 IP 192.168.89.10.53 > 192.168.70.250.58687: 7394 1/1/1 CNAME p2.shared.global.fastly.net. (156)
14:02:53.880268 IP 192.168.89.10.53 > 192.168.70.250.35524: 26113 2/0/1 CNAME p2.shared.global.fastly.net., A 146.75.118.49 (101)

when I send a request to the external servers I can see an answer:
dig www.heise.de @192.33.4.12

tcpdump:
14:07:44.182651 IP 192.168.70.250.52271 > 192.33.4.12.53: 41983+ [1au] A? www.heise.de. (53)
14:07:44.275878 IP 192.33.4.12.53 > 192.168.70.250.52271: 41983- 0/6/13 (443)

nope:

docker-compose logs unbound-mailcow
mailcowdockerized-unbound-mailcow-1 | Setting console permissions…
mailcowdockerized-unbound-mailcow-1 | Receiving anchor key…
mailcowdockerized-unbound-mailcow-1 | Receiving root hints…
######################################################################## 100.0%
mailcowdockerized-unbound-mailcow-1 | setup in directory /etc/unbound
mailcowdockerized-unbound-mailcow-1 | Certificate request self-signature ok
mailcowdockerized-unbound-mailcow-1 | subject=CN = unbound-control
mailcowdockerized-unbound-mailcow-1 | removing artifacts
mailcowdockerized-unbound-mailcow-1 | Setup success. Certificates created. Enable in unbound.conf file to use
mailcowdockerized-unbound-mailcow-1 | [1708524103] unbound[1:0] notice: init module 0: validator
mailcowdockerized-unbound-mailcow-1 | [1708524103] unbound[1:0] notice: init module 1: iterator
mailcowdockerized-unbound-mailcow-1 | [1708524103] unbound[1:0] info: start of service (unbound 1.17.1).

nope:

docker-compose logs unbound-mailcow
mailcowdockerized-unbound-mailcow-1 | Setting console permissions…
mailcowdockerized-unbound-mailcow-1 | Receiving anchor key…
mailcowdockerized-unbound-mailcow-1 | Receiving root hints…
######################################################################## 100.0%
mailcowdockerized-unbound-mailcow-1 | setup in directory /etc/unbound
mailcowdockerized-unbound-mailcow-1 | Certificate request self-signature ok
mailcowdockerized-unbound-mailcow-1 | subject=CN = unbound-control
mailcowdockerized-unbound-mailcow-1 | removing artifacts
mailcowdockerized-unbound-mailcow-1 | Setup success. Certificates created. Enable in unbound.conf file to use
mailcowdockerized-unbound-mailcow-1 | [1708524103] unbound[1:0] notice: init module 0: validator
mailcowdockerized-unbound-mailcow-1 | [1708524103] unbound[1:0] notice: init module 1: iterator
mailcowdockerized-unbound-mailcow-1 | [1708524103] unbound[1:0] info: start of service (unbound 1.17.1).

nope:

docker-compose logs unbound-mailcow
mailcowdockerized-unbound-mailcow-1 | Setting console permissions…
mailcowdockerized-unbound-mailcow-1 | Receiving anchor key…
mailcowdockerized-unbound-mailcow-1 | Receiving root hints…
######################################################################## 100.0%
mailcowdockerized-unbound-mailcow-1 | setup in directory /etc/unbound
mailcowdockerized-unbound-mailcow-1 | Certificate request self-signature ok
mailcowdockerized-unbound-mailcow-1 | subject=CN = unbound-control
mailcowdockerized-unbound-mailcow-1 | removing artifacts
mailcowdockerized-unbound-mailcow-1 | Setup success. Certificates created. Enable in unbound.conf file to use
mailcowdockerized-unbound-mailcow-1 | [1708524103] unbound[1:0] notice: init module 0: validator
mailcowdockerized-unbound-mailcow-1 | [1708524103] unbound[1:0] notice: init module 1: iterator
mailcowdockerized-unbound-mailcow-1 | [1708524103] unbound[1:0] info: start of service (unbound 1.17.1).

nope:

docker-compose logs unbound-mailcow
mailcowdockerized-unbound-mailcow-1 | Setting console permissions…
mailcowdockerized-unbound-mailcow-1 | Receiving anchor key…
mailcowdockerized-unbound-mailcow-1 | Receiving root hints…
######################################################################## 100.0%
mailcowdockerized-unbound-mailcow-1 | setup in directory /etc/unbound
mailcowdockerized-unbound-mailcow-1 | Certificate request self-signature ok
mailcowdockerized-unbound-mailcow-1 | subject=CN = unbound-control
mailcowdockerized-unbound-mailcow-1 | removing artifacts
mailcowdockerized-unbound-mailcow-1 | Setup success. Certificates created. Enable in unbound.conf file to use
mailcowdockerized-unbound-mailcow-1 | [1708524103] unbound[1:0] notice: init module 0: validator
mailcowdockerized-unbound-mailcow-1 | [1708524103] unbound[1:0] notice: init module 1: iterator
mailcowdockerized-unbound-mailcow-1 | [1708524103] unbound[1:0] info: start of service (unbound 1.17.1).

nope:

docker-compose logs unbound-mailcow
mailcowdockerized-unbound-mailcow-1 | Setting console permissions…
mailcowdockerized-unbound-mailcow-1 | Receiving anchor key…
mailcowdockerized-unbound-mailcow-1 | Receiving root hints…
######################################################################## 100.0%
mailcowdockerized-unbound-mailcow-1 | setup in directory /etc/unbound
mailcowdockerized-unbound-mailcow-1 | Certificate request self-signature ok
mailcowdockerized-unbound-mailcow-1 | subject=CN = unbound-control
mailcowdockerized-unbound-mailcow-1 | removing artifacts
mailcowdockerized-unbound-mailcow-1 | Setup success. Certificates created. Enable in unbound.conf file to use
mailcowdockerized-unbound-mailcow-1 | [1708524103] unbound[1:0] notice: init module 0: validator
mailcowdockerized-unbound-mailcow-1 | [1708524103] unbound[1:0] notice: init module 1: iterator
mailcowdockerized-unbound-mailcow-1 | [1708524103] unbound[1:0] info: start of service (unbound 1.17.1).

Nothing I identify as error:

docker-compose logs unbound-mailcow

mailcowdockerized-unbound-mailcow-1 | Setting console permissions…
mailcowdockerized-unbound-mailcow-1 | Receiving anchor key…
mailcowdockerized-unbound-mailcow-1 | Receiving root hints…
######################################################################## 100.0%
mailcowdockerized-unbound-mailcow-1 | setup in directory /etc/unbound
mailcowdockerized-unbound-mailcow-1 | Certificate request self-signature ok
mailcowdockerized-unbound-mailcow-1 | subject=CN = unbound-control
mailcowdockerized-unbound-mailcow-1 | removing artifacts
mailcowdockerized-unbound-mailcow-1 | Setup success. Certificates created. Enable in unbound.conf file to use
mailcowdockerized-unbound-mailcow-1 | [1708524103] unbound[1:0] notice: init module 0: validator
mailcowdockerized-unbound-mailcow-1 | [1708524103] unbound[1:0] notice: init module 1: iterator
mailcowdockerized-unbound-mailcow-1 | [1708524103] unbound[1:0] info: start of service (unbound 1.17.1).

Nothing I identify as error:

docker-compose logs unbound-mailcow

mailcowdockerized-unbound-mailcow-1  | Setting console permissions...
mailcowdockerized-unbound-mailcow-1  | Receiving anchor key...
mailcowdockerized-unbound-mailcow-1  | Receiving root hints...
######################################################################## 100.0%                                       
mailcowdockerized-unbound-mailcow-1  | setup in directory /etc/unbound
mailcowdockerized-unbound-mailcow-1  | Certificate request self-signature ok
mailcowdockerized-unbound-mailcow-1  | subject=CN = unbound-control
mailcowdockerized-unbound-mailcow-1  | removing artifacts
mailcowdockerized-unbound-mailcow-1  | Setup success. Certificates created. Enable in unbound.conf file to use
mailcowdockerized-unbound-mailcow-1  | [1708524103] unbound[1:0] notice: init module 0: validator
mailcowdockerized-unbound-mailcow-1  | [1708524103] unbound[1:0] notice: init module 1: iterator
mailcowdockerized-unbound-mailcow-1  | [1708524103] unbound[1:0] info: start of service (unbound 1.17.1).

[unknown]
uuups —- sorry for the multiple inserts

DocFraggle
Sorry for the multiple copies in the reply.
I did not find any problem in the log.

    So this works from inside the unbound container as well?

    dig www.heise.de @192.33.4.12

      DocFraggle
      yes: all the “dig” commands were placed inside the unbound container

      [unknown]

      DocFraggle
      [root@mail2 unbound]# docker-compose exec unbound-mailcow /bin/bash
      36cf36db0b8d:/# dig www.heise.de @192.33.4.12

      ; <<>> DiG 9.18.19 <<>> www.heise.de @192.33.4.12
      ;; global options: +cmd
      ;; Got answer:
      ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28145
      ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 13
      ;; WARNING: recursion requested but not available

      ;; OPT PSEUDOSECTION:
      ; EDNS: version: 0, flags:; udp: 1232
      ; COOKIE: c916abea5dbf9f2f0100000065d61565d0a661decbfb471f (good)
      ;; QUESTION SECTION:
      ;www.heise.de. IN A

      ;; AUTHORITY SECTION:
      de. 172800 IN NS f.nic.de.
      de. 172800 IN NS a.nic.de.
      de. 172800 IN NS z.nic.de.
      de. 172800 IN NS s.de.net.
      de. 172800 IN NS l.de.net.
      de. 172800 IN NS n.de.net.

      ;; ADDITIONAL SECTION:
      z.nic.de. 172800 IN A 194.246.96.1

          Ok. Is there at least an unound process?

          docker compose exec unbound-mailcow /bin/bash 
bb8d9882a129:/# ps axl
PID   USER     TIME  COMMAND
    1 unbound  10:57 /usr/sbin/unbound
497294 root      0:00 /bin/bash
497338 root      0:00 ps axl

            DocFraggle

            Yes:

            36cf36db0b8d:/# ps axl
            PID USER TIME COMMAND
            1 unbound 0:02 /usr/sbin/unbound
            9473 root 0:00 /bin/bash
            9485 root 0:00 ps axl

              What’s the output of netstat inside unbound?

              bb8d9882a129:/# netstat -tulpen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.11:37507        0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:8953          0.0.0.0:*               LISTEN      -
tcp        0      0 :::53                   :::*                    LISTEN      -
udp        0      0 0.0.0.0:53              0.0.0.0:*                           -
udp        0      0 127.0.0.11:39602        0.0.0.0:*                           -
udp        0      0 :::53                   :::*                                -

              DocFraggle
              As far as I understand:
              The unbound DNS service should be running @127.0.0.1
              The docker dns proxy on 127.0.0.11

              I turned on debugging in data/conf/unbound/unbound.conf
              server:
              verbosity: 5

              Then
              nslookup www.heise.de 127.0.0.1

              I can not find any error in the logfile:

              mailcowdockerized-unbound-mailcow-1  | [1708544686] unbound[1:0] debug: udp request from ip4 127.0.0.1 port 56735 (len 16)
mailcowdockerized-unbound-mailcow-1  | [1708544686] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=15530 val=66352
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: timeout udp
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: svcd callbacks start
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: worker svcd callback for qstate 0x7f748a7494f0
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: mesh_run: start
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_noreply
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] info: iterator operate: query . NS IN
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: process_response: new external response event
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: iter_handle processing q with state QUERY RESPONSE STATE
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: query response was timeout
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: iter_handle processing q with state QUERY TARGETS STATE
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] info: processQueryTargets: . NS IN
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: processQueryTargets: targetqueries 0, currentqueries 0 sentcount 15
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] info: DelegationPoint<.>: 13 names (0 missing), 26 addrs (26 result, 0 avail) parentNS
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] info:   A.ROOT-SERVERS.NET. * A AAAA
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] info:   B.ROOT-SERVERS.NET. * A AAAA
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] info:   C.ROOT-SERVERS.NET. * A AAAA
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] info:   D.ROOT-SERVERS.NET. * A AAAA
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] info:   E.ROOT-SERVERS.NET. * A AAAA
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] info:   F.ROOT-SERVERS.NET. * A AAAA
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] info:   G.ROOT-SERVERS.NET. * A AAAA
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] info:   H.ROOT-SERVERS.NET. * A AAAA
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] info:   I.ROOT-SERVERS.NET. * A AAAA
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] info:   J.ROOT-SERVERS.NET. * A AAAA
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] info:   K.ROOT-SERVERS.NET. * A AAAA
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] info:   L.ROOT-SERVERS.NET. * A AAAA
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] info:   M.ROOT-SERVERS.NET. * A AAAA
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    ip4 198.41.0.4 port 53 (len 16)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    ip6 2001:503:ba3e::2:30 port 53 (len 28)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    ip4 170.247.170.2 port 53 (len 16)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    ip6 2801:1b8:10::b port 53 (len 28)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    ip4 192.33.4.12 port 53 (len 16)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    ip6 2001:500:2::c port 53 (len 28)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    ip4 199.7.91.13 port 53 (len 16)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    ip6 2001:500:2d::d port 53 (len 28)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    ip4 192.203.230.10 port 53 (len 16)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    ip6 2001:500:a8::e port 53 (len 28)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    ip4 192.5.5.241 port 53 (len 16)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    ip6 2001:500:2f::f port 53 (len 28)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    ip4 192.112.36.4 port 53 (len 16)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    ip6 2001:500:12::d0d port 53 (len 28)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    ip4 198.97.190.53 port 53 (len 16)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    ip6 2001:500:1::53 port 53 (len 28)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    ip4 192.36.148.17 port 53 (len 16)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    ip6 2001:7fe::53 port 53 (len 28)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    ip4 192.58.128.30 port 53 (len 16)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    ip6 2001:503:c27::2:30 port 53 (len 28)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    ip4 193.0.14.129 port 53 (len 16)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    ip6 2001:7fd::1 port 53 (len 28)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    ip4 199.7.83.42 port 53 (len 16)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    ip6 2001:500:9f::42 port 53 (len 28)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    ip4 202.12.27.33 port 53 (len 16)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    ip6 2001:dc3::35 port 53 (len 28)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: rpz: iterator module callback: have_rpz=0
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: servselect ip4 170.247.170.2 port 53 (len 16)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    rtt=12032
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: servselect ip6 2801:1b8:10::b port 53 (len 28)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    rtt=12032
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: servselect ip4 199.7.91.13 port 53 (len 16)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    rtt=120000
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: servselect ip4 192.203.230.10 port 53 (len 16)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    rtt=12032
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: servselect ip4 192.112.36.4 port 53 (len 16)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    rtt=12032
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: servselect ip6 2001:500:12::d0d port 53 (len 28)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    rtt=12032
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: servselect ip4 198.97.190.53 port 53 (len 16)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    rtt=12032
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: servselect ip6 2001:7fe::53 port 53 (len 28)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    rtt=12032
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: servselect ip4 199.7.83.42 port 53 (len 16)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    rtt=12032
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: servselect ip4 202.12.27.33 port 53 (len 16)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    rtt=12032
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: servselect ip6 2001:500:2d::d port 53 (len 28)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    rtt=24064
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: servselect ip6 2001:500:2f::f port 53 (len 28)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    rtt=24064
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: servselect ip6 2001:500:a8::e port 53 (len 28)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    rtt=24064
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: servselect ip6 2001:503:c27::2:30 port 53 (len 28)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    rtt=24064
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: servselect ip6 2001:500:2::c port 53 (len 28)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    rtt=24064
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: servselect ip4 192.33.4.12 port 53 (len 16)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    rtt=24064
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: servselect ip6 2001:dc3::35 port 53 (len 28)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    rtt=24064
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: servselect ip4 192.58.128.30 port 53 (len 16)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    rtt=24064
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: servselect ip4 198.41.0.4 port 53 (len 16)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    rtt=24064
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: servselect ip6 2001:7fd::1 port 53 (len 28)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    rtt=24064
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: servselect ip4 192.5.5.241 port 53 (len 16)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    rtt=24064
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: servselect ip6 2001:500:9f::42 port 53 (len 28)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    rtt=24064
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: servselect ip6 2001:500:1::53 port 53 (len 28)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    rtt=24064
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: servselect ip4 193.0.14.129 port 53 (len 16)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    rtt=24064
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: servselect ip4 192.36.148.17 port 53 (len 16)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    rtt=24064
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: servselect ip6 2001:503:ba3e::2:30 port 53 (len 28)
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug:    rtt=24064
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: selrtt 12032
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] info: sending query: . NS IN
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: sending to target: <.> 202.12.27.33#53
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: dnssec status: expected
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: mesh_run: iterator module exit state is module_wait_reply
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] info: mesh_run: end 5 recursion states (4 with reply, 0 detached), 24 waiting replies, 57 recursion replies sent, 0 replies dropped, 0 states jostled out
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] info: average recursion processing time 80.502487 sec
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] info: histogram of recursion processing times
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] info: [25%]=26.25 median[50%]=56.7273 [75%]=134.4
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] info: lower(secs) upper(secs) recursions
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] info:    0.262144    0.524288 1
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] info:    2.000000    4.000000 1
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] info:    4.000000    8.000000 2
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] info:   16.000000   32.000000 16
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] info:   32.000000   64.000000 11
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] info:   64.000000  128.000000 11
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] info:  128.000000  256.000000 15
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] info: 0pvCD mod1  . NS IN
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] info: 1RDdc mod1 rep www.heise.de. A IN
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] info: 2RDdc mod1 rep www.spamassassin.heinlein-support.de. A IN
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] info: 3RDdc mod1 rep mailcow.email. A IN
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] info: 4RDdc mod1 rep www.spamassassin.heinlein-support.de. AAAA IN
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: cache memory msg=66072 rrset=66072 infra=15530 val=66352
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: svcd callbacks end
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: serviced_delete
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: close of port 57939
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: comm_point_close of 14: event_del
mailcowdockerized-unbound-mailcow-1  | [1708544687] unbound[1:0] debug: close fd 14

              [unknown]

              7da264423398:/# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.11:36607        0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:8953          0.0.0.0:*               LISTEN      -
tcp        0      0 :::53                   :::*                    LISTEN      -
udp        0      0 0.0.0.0:53              0.0.0.0:*                           -
udp        0      0 127.0.0.11:42495        0.0.0.0:*                           -
udp        0      0 :::53                   :::*                                -

                And you still get a ‘connection refused’? I’m out of ideas… which OS are you using? Is there any local DNS daemon running, maybe because of an OS update? Maybe shutdown mailcow and check the host ports with netstat

                  DocFraggle

                  And you still get a ‘connection refused’?
                  Yes
                  I’m out of ideas…
                  same for me
                  which OS are you using?
                  Fedora39
                  Is there any local DNS daemon running, maybe because of an OS update? Maybe shutdown mailcow and check the host ports with netstat
                  systemd.resolved is running
                  but that should not disturb inside of the container
                  stopped it - no change :-(

                  Nevertheless: many thanks !!!!

                  Any other one with a (good) idea?

                      hansiputz

                      Hi
                      I think I got it fixed (not nice but works for me):

                      • migrated from Fedora 29 to Debian 12 ==> no change
                      • used an other unbound contaier ==> that helped

                      docker-compose.yml :

                      version: '2.1'
services:

    unbound-mailcow:
      image: mvance/unbound:latest  
      # image: mailcow/unbound:1.21
...
                        No one is typing